Ejemplo n.º 1
0
        public ActionResult UpdateStaffAcct(int?user_id, string state)
        {
            if (user_id == null)
            {
                return(HttpNotFound());
            }
            user_id = Convert.ToInt32(user_id);

            User user = db.Users.SingleOrDefault(x => x.User_Id == user_id);

            if (user == null)
            {
                return(HttpNotFound());
            }

            if (string.IsNullOrWhiteSpace(Request.Form["First_Name"]))
            {
                ModelState.AddModelError("First_Name", "กรุณาระบุชื่อ");
            }
            if (string.IsNullOrWhiteSpace(Request.Form["Last_Name"]))
            {
                ModelState.AddModelError("Last_Name", "กรุณาระบุนามสกุล");
            }

            bool can_crud_this_user = Permission.can_update_this_staff(user);

            if (!can_crud_this_user)
            {
                return(HttpNotFound());
            }

            user.First_Name = Request.Form["First_Name"];
            user.Last_Name  = Request.Form["Last_Name"];
            user.Dept_Cd    = Request.Form["Dept_Cd"];
            user.Group_Id   = Convert.ToByte(Request.Form["Group_Id"]);
            user.Status_Cd  = Request.Form["Status_Cd"];

            if (!string.IsNullOrWhiteSpace(Request.Form["PlainPwd"]))
            {
                string pwd = Request.Form["PlainPwd"];
                user.Password = FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "SHA1");
            }

            if (ModelState.IsValid)
            {
                db.Entry(user).State = EntityState.Modified;
                db.SaveChanges();
                FreebieEvent.UserUpdateEvent(Permission.staff_acct_page_id, "A04");
                //init_dropdown(user);
                return(View("ViewStaffAcct", user));
            }
            else
            {
                init_dropdown(user);
                return(View(user));
            }
        }
        public ActionResult UpdateBaseQuota(string state)
        {
            using (var db = new EchoContext())
            {
                IEnumerable <Quota> quotas = db.Quotas.Where(x => x.Quota_Type_Cd.Equals("B"));
                string user_no             = Session["User_No"].ToString();
                foreach (var item in quotas)
                {
                    string fv = Request.Form["Quota_Freq_Val_" + item.Quota_Cd];
                    string dv = Request.Form["Quota_Dur_Val_" + item.Quota_Cd];

                    try
                    {
                        item.Quota_Freq_Val  = Convert.ToByte(fv);
                        item.Quota_Dur_Val   = Convert.ToByte(dv);
                        item.Updated_By      = user_no;
                        item.Updated_Dttm    = DateTime.Now;
                        db.Entry(item).State = EntityState.Modified;
                    }
                    catch
                    {
                        return(View(quotas));
                    }
                }
                db.SaveChanges();
                FreebieEvent.UserUpdateEvent(Permission.base_quota_page_id, "A04");
                return(RedirectToAction("BaseQuota"));
            }
        }
        public static int ValidateOTP(string phone_number, string otp_pwd)
        {
            /* returning value
             *  0 - pass
             *  1 - failed, try again
             *  2 - failed, start over
             *  3 - expired, start over
             */
            long number = Convert.ToInt64(phone_number);

            using (var db = new EchoContext())
            {
                OTP otp = db.OTPs.SingleOrDefault(x => x.PhoneNumber.Equals(phone_number));

                if (otp == null)
                {
                    return(2);
                }
                if (otp.Counter >= 3)
                {
                    return(2);
                }
                int cmp = DateTime.Compare(DateTime.Now, otp.Expired_Dttm);

                if (cmp > 0)
                {
                    return(3);
                }

                string check_otp = GenerateOTP(otp.Secret, number);
                if (check_otp.Equals(otp_pwd))
                {
                    return(0);
                }
                else
                {
                    otp.Counter        += 1;
                    db.Entry(otp).State = EntityState.Modified;
                    db.SaveChanges();
                    if (otp.Counter >= 3)
                    {
                        return(2);
                    }
                    return(1);
                }
            }
        }
        public ActionResult UpdateActivationLimit(ActivationLimit al)
        {
            using (var db = new EchoContext())
            {
                AdminConfiguration ac      = db.AdminConfigurations.SingleOrDefault();
                string             user_no = Session["User_No"].ToString();
                ac.No_Activation_Limit_Total = Convert.ToInt32(al.no_activation_limit_total);
                ac.No_Activation_Limit_Daily = Convert.ToInt32(al.no_activation_limit_daily);
                ac.Updated_By   = user_no;
                ac.Updated_Dttm = DateTime.Now;

                db.Entry(ac).State = EntityState.Modified;
                db.SaveChanges();
                FreebieEvent.UserUpdateEvent(Permission.activation_page_id, "A04");
                return(RedirectToAction("ActivationLimit"));
            }
        }
        public ActionResult UpdateFreeTrialQuota(TrialQuota tq)
        {
            using (var db = new EchoContext())
            {
                AdminConfiguration ac      = db.AdminConfigurations.SingleOrDefault();
                string             user_no = Session["User_No"].ToString();
                ac.Trial_Limit_Total = Convert.ToInt32(tq.trial_limit_total);
                ac.Trial_Dur_Val     = Convert.ToInt32(tq.trial_dur_val);
                ac.Trial_Enable_Flag = Convert.ToBoolean(tq.trial_enable_flag);
                ac.Updated_By        = user_no;
                ac.Updated_Dttm      = DateTime.Now;

                db.Entry(ac).State = EntityState.Modified;
                db.SaveChanges();
                FreebieEvent.UserUpdateEvent(Permission.free_trial_page_id, "A04");
                return(RedirectToAction("FreeTrialQuota"));
            }
        }
        public ActionResult AddNumber(string phoneNumber)
        {
            string password = Request.Form["Password"];

            phoneNumber = GetCookie("Acct", "phone_number");
            bool flag = true;

            if (string.IsNullOrEmpty(phoneNumber))
            {
                ViewBag.ValidNumber = false;
                ViewBag.PhoneNumber = "";
                flag = false;
            }

            ViewBag.PhoneNumber = phoneNumber;

            string otp = Request.Form["Password"];

            if (flag && (string.IsNullOrEmpty(otp) || otp.Length < 4))
            {
                ViewBag.ValidNumber  = true;
                ViewBag.Error        = true;
                ViewBag.ErrorMessage = System.Configuration.ConfigurationManager.AppSettings["Validate010"];
                flag = false;
            }

            if (flag)
            {
                int result = OTPHandler.ValidateOTP(phoneNumber, otp);
                switch (result)
                {
                case 0:
                    int account_id = Convert.ToInt32(Session["Account_Id"].ToString());
                    var account    = db.Accounts.SingleOrDefault(x => x.Account_Id == account_id);
                    if (account == null)
                    {
                        return(HttpNotFound());
                    }
                    AccountMobile am           = db.AccountMobiles.Where(x => x.Account_Id.Equals(account.Account_Id)).Where(x => x.Mobile_Number.Equals(phoneNumber)).SingleOrDefault();
                    bool          first_create = false;

                    if (am == null)
                    {
                        am               = new AccountMobile();
                        am.Account_Id    = account.Account_Id;
                        am.Status_Cd     = FreebieStatus.MobileActive();
                        am.Mobile_Number = phoneNumber;
                        am.Primary_Flag  = false;
                        am.Created_Dttm  = DateTime.Now;
                        am.Updated_Dttm  = DateTime.Now;
                        first_create     = true;
                    }

                    if (first_create)
                    {
                        db.AccountMobiles.Add(am);
                    }
                    else
                    {
                        am.Status_Cd       = FreebieStatus.MobileActive();
                        am.Created_Dttm    = DateTime.Now;
                        am.Updated_Dttm    = DateTime.Now;
                        db.Entry(am).State = EntityState.Modified;
                    }


                    OTP otp_request = db.OTPs.SingleOrDefault(x => x.PhoneNumber.Equals(phoneNumber));
                    if (otp_request != null)
                    {
                        db.OTPs.Remove(otp_request);
                    }
                    db.SaveChanges();
                    FreebieEvent.UpdateMobile(account, phoneNumber, "A03", Permission.f_update_number_page_id);
                    RemoveCoookie("Acct");
                    return(RedirectToAction("ViewNumber", "AccInfo"));

                case 1:
                    ViewBag.Error        = true;
                    ViewBag.ValidNumber  = true;
                    ViewBag.ErrorMessage = System.Configuration.ConfigurationManager.AppSettings["Validate007"];
                    ViewBag.ShowPwd      = true;
                    break;

                case 2:
                    ViewBag.ValidNumber = false;
                    ViewBag.PhoneNumber = "";
                    ViewBag.ResetOTP    = System.Configuration.ConfigurationManager.AppSettings["Otp03"];
                    RemoveCoookie("Acct");
                    break;

                case 3:
                    ViewBag.ValidNumber = false;
                    ViewBag.PhoneNumber = "";
                    ViewBag.ResetOTP    = System.Configuration.ConfigurationManager.AppSettings["Otp04"];
                    RemoveCoookie("Acct");
                    break;

                default:
                    break;
                }
            }
            ViewBag.ShowPwd = true;
            return(View());
        }
        public static string RequestOTP(string phone_number)
        {
            var today       = DateTime.Now;
            int limit_daily = Convert.ToInt32(System.Configuration.ConfigurationManager.AppSettings["OTP_ALLOW_PER_DAY_PER_NUMBER"]);
            int interval    = Convert.ToInt32(System.Configuration.ConfigurationManager.AppSettings["INTERVAL_PERIOD_BETWEEN_OTP"]);

            using (var db = new EchoContext()) {
                phone_number = phone_number.Replace("-", "");
                long number = Convert.ToInt64(phone_number);

                OTPRequest otp_request  = db.OTPRequests.Where(x => x.Date.Equals(today.Date)).Where(x => x.PhoneNumber.Equals(phone_number)).SingleOrDefault();
                var        request_time = DateTime.Now;
                if (otp_request == null)
                {
                    bool flag = true;
                    otp_request             = new OTPRequest();
                    otp_request.PhoneNumber = phone_number;
                    otp_request.Count       = 0;

                    OTP    otp        = db.OTPs.SingleOrDefault(x => x.PhoneNumber.Equals(phone_number));
                    string secret_str = Secret();
                    if (otp == null)
                    {
                        otp  = new OTP();
                        flag = false;
                    }

                    otp.Secret       = secret_str;
                    otp.PhoneNumber  = phone_number;
                    otp.Counter      = 0;
                    otp.Expired_Dttm = request_time.AddMinutes(Convert.ToInt32(System.Configuration.ConfigurationManager.AppSettings["OTPPwdExpired"]));

                    if (flag)
                    {
                        db.Entry(otp).State = EntityState.Modified;
                    }
                    else
                    {
                        db.OTPs.Add(otp);
                    }

                    otp_request.Last_Request_At = request_time;
                    otp_request.PhoneNumber     = phone_number;
                    otp_request.Date            = request_time.Date;
                    otp_request.Count           = 1;

                    db.OTPRequests.Add(otp_request);

                    db.SaveChanges();
                    return(GenerateOTP(secret_str, number));
                }
                else
                {
                    TimeSpan diff = request_time.Subtract(Convert.ToDateTime(otp_request.Last_Request_At));
                    if (diff.TotalMinutes > interval && otp_request.Count < limit_daily)
                    {
                        bool   flag       = true;
                        OTP    otp        = db.OTPs.SingleOrDefault(x => x.PhoneNumber.Equals(phone_number));
                        string secret_str = Secret();
                        if (otp == null)
                        {
                            otp  = new OTP();
                            flag = false;
                        }
                        otp.Secret       = secret_str;
                        otp.PhoneNumber  = phone_number;
                        otp.Counter      = 0;
                        otp.Expired_Dttm = request_time.AddMinutes(Convert.ToInt32(System.Configuration.ConfigurationManager.AppSettings["OTPPwdExpired"]));

                        if (flag)
                        {
                            db.Entry(otp).State = EntityState.Modified;
                        }
                        else
                        {
                            db.OTPs.Add(otp);
                        }

                        otp_request.Last_Request_At = request_time;
                        otp_request.Count          += 1;

                        db.Entry(otp_request).State = EntityState.Modified;

                        db.SaveChanges();
                        return(GenerateOTP(secret_str, number));
                    }
                    else
                    {
                        if (otp_request.Count >= limit_daily)
                        {
                            return("limit_daily");
                        }

                        return("limit_interval");
                    }
                }
            }
        }