Ejemplo n.º 1
0
        public IActionResult OnPostPromote(string user)
        {
            if (CurrentLogged.getRole() == 1)
            {
                Error = "You are not authorized to promote users";
                return(Page());
            }
            DBHandler       db     = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
            string          query  = "SELECT username FROM user WHERE username='******';";
            MySqlDataReader reader = db.performQuery(query);

            Error = "Unknown error occured";
            if (!reader.HasRows)
            {
                Error = "No user found";
            }
            else
            {
                query  = "UPDATE user SET roleID = '" + CurrentLogged.getRole() + "' WHERE username='******';";
                reader = db.performQuery(query);
                Error  = "Update successful";
            }

            username = CurrentLogged.getUsername();
            return(Page());
        }
Ejemplo n.º 2
0
        public IActionResult OnPostLogin(string user, string pass)
        {
            string          query = "SELECT username, password, userID, roleID FROM user WHERE username='******' AND password='******';";
            DBHandler       db    = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass())); // change to username and password later
            MySqlDataReader reader;

            try
            {
                reader = db.performQuery(query);
                if (reader == null)
                {
                    Error = "Could not Query. reader is null";

                    return(Page());
                }
                else if (!reader.HasRows)
                {
                    Error = "Could not Login. Bad username or password";

                    return(Page());
                }
                else
                {
                    reader.Read();
                    CurrentLogged.login(reader.GetString("username"), reader.GetInt32("userID"), reader.GetInt32("roleID"));
                    return(Redirect("Account"));
                }
            }
            catch (Exception e)
            {
                Error = "Error Querying Database" + db.getError();
                return(Page());
            }
        }
Ejemplo n.º 3
0
 public IActionResult OnGet()
 {
     if (CurrentLogged.isLoggedIn())
     {
         return(Redirect("Account"));
     }
     Error = "Enter your username and password";
     return(null);
 }
Ejemplo n.º 4
0
 public IActionResult OnPostTransaction()
 {
     username = CurrentLogged.getUsername();
     if (CurrentLogged.getRole() != 2 && CurrentLogged.getRole() != 3)
     {
         Error = "You are not authorized to fill out a transaction";
         return(Page());
     }
     return(Redirect("Transactions"));
 }
Ejemplo n.º 5
0
 public IActionResult OnPostReport()
 {
     username = CurrentLogged.getUsername();
     System.Diagnostics.Debug.WriteLine(CurrentLogged.getRole());
     if (CurrentLogged.getRole() != 2 && CurrentLogged.getRole() != 3)
     {
         Error = "You are not authorized to search for reports";
         return(Page());
     }
     return(Redirect("GetReport"));
 }
Ejemplo n.º 6
0
        public IActionResult OnGet()
        {
            if (!CurrentLogged.isLoggedIn())
            {
                return(Redirect("Login"));
            }
            username = CurrentLogged.getUsername();
            Error    = "Select an option below";

            return(Page());
        }
Ejemplo n.º 7
0
        public IActionResult OnPostDonation(string name, string description, string quantity)
        {
            int quantityValue;

            if (!int.TryParse(quantity, out quantityValue))
            {
                Error = "Quantity needs to be a number value";
                return(Page());
            }
            if (name == null || description == null || quantityValue == null)
            {
                Error = "error, no fields can be left blank";
                return(Page());
            }
            else
            {
                DBHandler       db    = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
                string          query = "INSERT INTO transactions(name, description, userID, time, roleID, QUANTITY) VALUES ('" + name + "', '" + description + "', '" + CurrentLogged.getID() + "', '" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "', '" + CurrentLogged.getRole() + "', '" + quantityValue + "');";
                MySqlDataReader reader;

                try
                {
                    reader = db.performQuery(query);
                    if (reader == null)
                    {
                        Error = "can not perform query";
                        return(Page());
                    }
                }
                catch (Exception e)
                {
                    Error = "Could not perform query";
                    return(Page());
                }
            }


            return(Redirect("Account"));
        }
Ejemplo n.º 8
0
 public void OnGet()
 {
     logged = CurrentLogged.isLoggedIn().ToString();
 }
Ejemplo n.º 9
0
 public IActionResult OnPostLogout()
 {
     CurrentLogged.logout();
     return(Redirect("Index"));
 }