protected void submitButton_Click(object sender, EventArgs e)
{
string alias = aliasText.Text;
string email = emailText.Text;
string address = addressText.Text;
string city = cityText.Text;
string country = countryText.Text;
string username = usernameText.Text;
string pass = passText.Text;
if (!String.IsNullOrEmpty(alias) && FooStringHelper.IsValidEmailAddress(email) &&
!String.IsNullOrEmpty(address) &&
!String.IsNullOrEmpty(city) && !String.IsNullOrEmpty(country) && !String.IsNullOrEmpty(username) &&
!String.IsNullOrEmpty(pass))
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
string userId = FooStringHelper.RandomString(16);
if (!CheckIfUsernameExists(username) && !FooEmailHelper.CheckIfEmailExists(email, username))
{
errorPanel.Visible = false;
formPanel.Visible = false;
successPanel.Visible = true;
string defaultGroup = ConfigurationManager.AppSettings["User Group ID"] ?? "ri3EKpc5Z5gN4FEu";
bool insertedUser = RegisterNewUser(userId, alias, email, address, city, country, username, pass,
defaultGroup);
successLabel.Text = insertedUser
? "Your account has been successfully created. You can proceed to <a href=\"login.aspx\">log on</a>."
: "Failed to create account. The administrator has been notified. Please try again.";
errorPanel.Visible = false;
errorLabel.Text = "";
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Some details already exist in this application.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid request.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Incomplete or invalid details.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}
protected void Reset_Page()
{
userGrid.EditIndex = -1;
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
Load_Forms();
Load_Dropdown();
}
protected void Reset_Page(int postId)
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
categoryGrid.EditIndex = -1;
postView.ChangeMode(DetailsViewMode.ReadOnly);
Load_Forms(postId);
}
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
return;
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}
protected void Page_Load(object sender, EventArgs e)
{
FooSessionHelper.AuthenticationCheck(HttpContext.Current);
if (IsPostBack)
{
return;
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
Load_Forms(-1);
}
protected void Page_Load(object sender, EventArgs e)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
formPanel.Visible = false;
errorPanel.Visible = true;
errorLabel.Text =
"Please log out first, or reset your password in the <a href=\"edit_profile.aspx\">profile editor</a>.";
}
if (Page.IsPostBack)
{
return;
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
string resetId = Request.QueryString["id"];
string token = Request.QueryString["token"];
if (FooStringHelper.IsValidAlphanumeric(resetId, 16) && FooStringHelper.IsValidAlphanumeric(token, 24))
{
string resetAccount = GetAccountForReset(resetId, token);
if (!String.IsNullOrEmpty(resetAccount))
{
formPanel.Visible = true;
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid request.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid request.";
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
return;
}
string merchId = Request.QueryString["id"];
if (FooStringHelper.IsValidAlphanumeric(merchId, 16))
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
Load_Forms(merchId);
}
else
{
errorLabel.Text = "Invalid item.";
}
}
protected void submitButton_Click(object sender, EventArgs e)
{
string reviewBody = reviewText.Text;
string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
string merchId = Request.QueryString["id"];
if (string.IsNullOrEmpty(reviewBody))
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
reviewErrorLabel.Text = "Incomplete input.";
return;
}
if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
reviewErrorLabel.Text = "Invalid input.";
return;
}
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO reviews(reviewid, reviewtime, userid, merchid, reviewbody) VALUES (@REVIEWID, @REVIEWTIME, @USERID, @MERCHID, @REVIEWBODY)",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@REVIEWID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RandomString(16)
};
cmd.Parameters.Add(idParam);
var timeParam = new NpgsqlParameter
{
ParameterName = "@REVIEWTIME",
NpgsqlDbType = NpgsqlDbType.Timestamp,
Size = 32,
Direction = ParameterDirection.Input,
Value = DateTime.Now
};
cmd.Parameters.Add(timeParam);
var userParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(userParam);
var merchParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(merchParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@REVIEWBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = reviewBody
};
cmd.Parameters.Add(bodyParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
reviewErrorLabel.Text = "";
reviewText.Text = "";
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
reviewErrorLabel.Text =
"Something has gone wrong. A log has been forwarded to the site administrator.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
Load_Forms(merchId);
}
protected void submitButton_Click(object sender, EventArgs e)
{
string email = emailText.Text.Trim();
if (!String.IsNullOrEmpty(email) || !FooStringHelper.IsValidEmailAddress(email))
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
if (FooEmailHelper.CheckIfEmailExists(email, null))
{
UserObject user = GetUserObjByEmail(email);
if (user != null)
{
string resetToken = FooStringHelper.RandomString(24);
string resetId = MakeResetRequest(user.UserId, resetToken);
string resetUrl = FooStringHelper.MakeResetUrl(resetId, resetToken);
string emailBody =
String.Format(
"Hi {0},<br/><br/>Your FooBlog password for account '{1}' can be reset by visiting the following link:<br/><br/><a href=\"{2}\">{3}</a><br/><br/>The link is valid for 24 hours. If you did not request this reset, simply do not visit the link - your current password will remain unchanged.<br/><br/>Cheers,<br/>The FooBlog Team.",
user.UserAlias, user.Username, resetUrl, resetUrl);
const string emailSubject = "FooBlog Password Reset";
var mailObj = new EmailObject {
Body = emailBody, Subject = emailSubject, ToAddress = email
};
bool sendMail = FooEmailHelper.SendEmail(mailObj);
if (sendMail)
{
errorPanel.Visible = false;
formPanel.Visible = false;
successPanel.Visible = true;
successLabel.Text = "A reset link has been sent to your registered email account.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid details.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid request.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid details.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Incomplete or invalid details.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}
protected void Reset_Page()
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
userView.ChangeMode(DetailsViewMode.ReadOnly);
Load_Forms();
}
protected void submitButton_Click(object sender, EventArgs e)
{
string password = passText.Text.Trim();
string confirmation = confirmText.Text.Trim();
if (password != confirmation)
{
errorLabel.Text = "The password and confirmation do not match.";
return;
}
string resetId = Request.QueryString["id"];
string token = Request.QueryString["token"];
if (!String.IsNullOrEmpty(resetId) && !String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(password))
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
string userId = GetAccountForReset(resetId, token);
if (!String.IsNullOrEmpty(userId))
{
bool doReset = UpdatePassword(userId, password);
if (doReset)
{
errorPanel.Visible = false;
formPanel.Visible = false;
successPanel.Visible = true;
string email = FooEmailHelper.GetEmailForAccount(userId);
var emailObj = new EmailObject
{
Body =
"Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account",
Subject = "FooBlog Password Reset",
ToAddress = email
};
FooEmailHelper.SendEmail(emailObj);
successLabel.Text =
"Your password has been reset. You can proceed to <a href=\"login.aspx\">login</a> again.";
errorPanel.Visible = false;
errorLabel.Text = "";
}
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Invalid request.";
}
}
else
{
errorPanel.Visible = true;
errorLabel.Text = "Passwords do not match.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}
protected void submitButton_Click(object sender, EventArgs e)
{
string commentBody = commentText.Text;
string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
string postId = Request.QueryString["id"];
if (!string.IsNullOrEmpty(commentBody))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO comments(commentid, commenttime, userid, postid, commentbody) VALUES (@COMMENTID, @COMMENTTIME, @USERID, @POSTID, @COMMENTBODY)",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@COMMENTID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RandomString(16)
};
cmd.Parameters.Add(idParam);
var timeParam = new NpgsqlParameter
{
ParameterName = "@COMMENTTIME",
NpgsqlDbType = NpgsqlDbType.Timestamp,
Size = 32,
Direction = ParameterDirection.Input,
Value = DateTime.Now
};
cmd.Parameters.Add(timeParam);
var userParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(userParam);
var postParam = new NpgsqlParameter
{
ParameterName = "@POSTID",
NpgsqlDbType = NpgsqlDbType.Integer,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(postId)
};
cmd.Parameters.Add(postParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@COMMENTBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = commentBody
};
cmd.Parameters.Add(bodyParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
commentText.Text = "";
commentErrorLabel.Text = "";
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
commentErrorLabel.Text =
"Something has gone wrong. A log has been forwarded to the site administrator.";
}
Load_Forms();
}
else
{
commentErrorLabel.Text = "Incomplete input.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}