Ejemplos de código de FooStringHelper.IsValidAlphanumeric, FooBlog en C# (CSharp)

Ejemplo n.º 1

0

Mostrar archivo

Archivo: admin_merchandise.aspx.cs Proyecto: katiposec/fooblog

        protected void ReviewGrid_Delete(object sender, GridViewDeleteEventArgs e)
        {
            string merchId = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString());

            if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
            {
                errorLabel.Text = "Invalid request.";
                Reset_Page(string.Empty);
                return;
            }

            try
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    using (var conn = new NpgsqlConnection())
                    {
                        conn.ConnectionString =
                            ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                        conn.Open();

                        var cmd = new NpgsqlCommand
                        {
                            CommandText = "DELETE FROM reviews WHERE reviewid= @REVIEWID",
                            CommandType = CommandType.Text,
                            Connection  = conn
                        };

                        var param = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         =
                                FooStringHelper.RemoveInvalidChars(
                                    reviewGrid.DataKeys[e.RowIndex].Values[0].ToString())
                        };
                        cmd.Parameters.Add(param);

                        cmd.ExecuteNonQuery();
                    }
                }

                else
                {
                    errorLabel.Text = "Invalid request.";
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }

            Reset_Page(merchId);
        }

Ejemplo n.º 2

0

Mostrar archivo

        protected void Page_Load(object sender, EventArgs e)
        {
            string catId = Request.QueryString["id"];

            if (FooStringHelper.IsValidAlphanumeric(catId, 16))
            {
                Load_Forms(catId);
            }

            else
            {
                errorLabel.Text = "Invalid category.";
            }
        }

Ejemplo n.º 3

0

Mostrar archivo

Archivo: view_profile.aspx.cs Proyecto: katiposec/fooblog

        protected void Page_Load(object sender, EventArgs e)
        {
            string userId = FooStringHelper.RemoveInvalidChars(Request.QueryString["id"]);

            if (FooStringHelper.IsValidAlphanumeric(userId, 16))
            {
                Load_Forms(userId);
            }

            else
            {
                errorLabel.Text = "Invalid user.";
            }
        }

Ejemplo n.º 4

0

Mostrar archivo

        protected void Load_Forms()
        {
            string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;

            if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
            {
                errorLabel.Text = "Invalid request.";
                return;
            }

            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT userid, useralias, email, address, city, country, profilebody, profileimg FROM users WHERE userid= @USERID",
                            conn);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = FooStringHelper.RemoveInvalidChars(userId)
                    };
                    cmd.Parameters.Add(idParam);

                    using (NpgsqlDataReader dr = cmd.ExecuteReader())
                    {
                        userView.DataSource = dr;
                        userView.DataBind();
                    }
                }

                errorLabel.Text = "";
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }

Ejemplo n.º 5

0

Mostrar archivo

Archivo: do_reset.aspx.cs Proyecto: katiposec/fooblog

        protected void Page_Load(object sender, EventArgs e)
        {
            if (HttpContext.Current.User.Identity.IsAuthenticated)
            {
                formPanel.Visible  = false;
                errorPanel.Visible = true;
                errorLabel.Text    =
                    "Please log out first, or reset your password in the <a href=\"edit_profile.aspx\">profile editor</a>.";
            }

            if (Page.IsPostBack)
            {
                return;
            }

            RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);

            string resetId = Request.QueryString["id"];
            string token   = Request.QueryString["token"];

            if (FooStringHelper.IsValidAlphanumeric(resetId, 16) && FooStringHelper.IsValidAlphanumeric(token, 24))
            {
                string resetAccount = GetAccountForReset(resetId, token);

                if (!String.IsNullOrEmpty(resetAccount))
                {
                    formPanel.Visible = true;
                }

                else
                {
                    errorPanel.Visible = true;
                    errorLabel.Text    = "Invalid request.";
                }
            }

            else
            {
                errorPanel.Visible = true;
                errorLabel.Text    = "Invalid request.";
            }
        }

Ejemplo n.º 6

0

Mostrar archivo

        protected void Page_Load(object sender, EventArgs e)
        {
            if (IsPostBack)
            {
                return;
            }

            string merchId = Request.QueryString["id"];

            if (FooStringHelper.IsValidAlphanumeric(merchId, 16))
            {
                RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
                Load_Forms(merchId);
            }

            else
            {
                errorLabel.Text = "Invalid item.";
            }
        }

Ejemplo n.º 7

0

Mostrar archivo

Archivo: FooSessionHelper.cs Proyecto: katiposec/fooblog

        public static bool IsValidRequest(HttpContext context, string formValue)
        {
            string     cookieName = ConfigurationManager.AppSettings["CSRF Cookie Name"];
            HttpCookie httpCookie = context.Request.Cookies[cookieName];

            if (httpCookie != null)
            {
                string userToken = FooCryptHelper.MachineDecrypt(httpCookie.Value);

                if (!FooStringHelper.IsValidAlphanumeric(userToken, 24) ||
                    !FooStringHelper.IsValidAlphanumeric(formValue, 24))
                {
                    return(false);
                }

                return(userToken == formValue);
            }

            return(false);
        }

Ejemplo n.º 8

0

Mostrar archivo

Archivo: admin_merchandise.aspx.cs Proyecto: katiposec/fooblog

        protected void MerchGrid_SelectedIndexChanged(object sender, EventArgs e)
        {
            try
            {
                string merchId = merchGrid.Rows[merchGrid.SelectedIndex].Cells[0].Text;

                if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
                {
                    errorLabel.Text = "Invalid request.";
                    Reset_Page(string.Empty);
                    return;
                }

                Load_Forms(merchId);
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }

Ejemplo n.º 9

0

Mostrar archivo

        protected void submitButton_Click(object sender, EventArgs e)
        {
            string reviewBody = reviewText.Text;
            string userId     = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
            string merchId    = Request.QueryString["id"];

            if (string.IsNullOrEmpty(reviewBody))
            {
                RequestToken.Value    = FooSessionHelper.SetToken(HttpContext.Current);
                reviewErrorLabel.Text = "Incomplete input.";
                return;
            }

            if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
            {
                RequestToken.Value    = FooSessionHelper.SetToken(HttpContext.Current);
                reviewErrorLabel.Text = "Invalid input.";
                return;
            }

            try
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    using (var conn = new NpgsqlConnection())
                    {
                        conn.ConnectionString =
                            ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                        conn.Open();

                        var cmd = new NpgsqlCommand
                        {
                            CommandText =
                                "INSERT INTO reviews(reviewid, reviewtime, userid, merchid, reviewbody) VALUES (@REVIEWID, @REVIEWTIME, @USERID, @MERCHID, @REVIEWBODY)",
                            CommandType = CommandType.Text,
                            Connection  = conn
                        };

                        var idParam = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         = FooStringHelper.RandomString(16)
                        };
                        cmd.Parameters.Add(idParam);

                        var timeParam = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWTIME",
                            NpgsqlDbType  = NpgsqlDbType.Timestamp,
                            Size          = 32,
                            Direction     = ParameterDirection.Input,
                            Value         = DateTime.Now
                        };
                        cmd.Parameters.Add(timeParam);

                        var userParam = new NpgsqlParameter
                        {
                            ParameterName = "@USERID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         = FooStringHelper.RemoveInvalidChars(userId)
                        };
                        cmd.Parameters.Add(userParam);

                        var merchParam = new NpgsqlParameter
                        {
                            ParameterName = "@MERCHID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         = merchId
                        };
                        cmd.Parameters.Add(merchParam);

                        var bodyParam = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWBODY",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 1024,
                            Direction     = ParameterDirection.Input,
                            Value         = reviewBody
                        };
                        cmd.Parameters.Add(bodyParam);

                        cmd.ExecuteNonQuery();
                        cmd.Dispose();

                        reviewErrorLabel.Text = "";
                        reviewText.Text       = "";
                    }
                }

                else
                {
                    errorLabel.Text = "Invalid request.";
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                reviewErrorLabel.Text =
                    "Something has gone wrong. A log has been forwarded to the site administrator.";
            }

            RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
            Load_Forms(merchId);
        }

Ejemplo n.º 10

0

Mostrar archivo

        protected void UserView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
        {
            UserObject userObj  = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current);
            string     userId   = userObj.UserId;
            string     userName = userObj.Username;

            if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
            {
                errorLabel.Text = "Invalid request.";
                Reset_Page();
                return;
            }

            var txtUserAlias    = (TextBox)userView.FindControl("txtUserAlias");
            var txtUserEmail    = (TextBox)userView.FindControl("txtUserEmail");
            var txtUserAddress  = (TextBox)userView.FindControl("txtUserAddress");
            var txtUserCity     = (TextBox)userView.FindControl("txtUserCity");
            var txtUserCountry  = (TextBox)userView.FindControl("txtUserCountry");
            var txtUserBody     = (TextBox)userView.FindControl("txtUserBody");
            var imageUploadForm = (FileUpload)userView.FindControl("imageUploadForm");

            if (!string.IsNullOrEmpty(txtUserAlias.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) &&
                !string.IsNullOrEmpty(txtUserAddress.Text) && !string.IsNullOrEmpty(txtUserCity.Text) &&
                !string.IsNullOrEmpty(txtUserCountry.Text) && !string.IsNullOrEmpty(txtUserBody.Text) &&
                !string.IsNullOrEmpty(txtUserEmail.Text) && FooStringHelper.IsValidEmailAddress(txtUserEmail.Text) &&
                !FooEmailHelper.CheckIfEmailExists(txtUserEmail.Text, userName))
            {
                try
                {
                    if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                    {
                        using (var conn = new NpgsqlConnection())
                        {
                            conn.ConnectionString =
                                ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                            conn.Open();

                            var cmd = new NpgsqlCommand
                            {
                                CommandText =
                                    "UPDATE users SET (useralias, email, address, city, country, profilebody) = (@USERALIAS, @EMAIL, @ADDRESS, @CITY, @COUNTRY, @PROFILEBODY) WHERE userid= @USERID",
                                CommandType = CommandType.Text,
                                Connection  = conn
                            };

                            var idParam = new NpgsqlParameter
                            {
                                ParameterName = "@USERID",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 16,
                                Direction     = ParameterDirection.Input,
                                Value         = FooStringHelper.RemoveInvalidChars(userId)
                            };
                            cmd.Parameters.Add(idParam);

                            var aliasParam = new NpgsqlParameter
                            {
                                ParameterName = "@USERALIAS",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserAlias.Text
                            };
                            cmd.Parameters.Add(aliasParam);

                            var emailParam = new NpgsqlParameter
                            {
                                ParameterName = "@EMAIL",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 64,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserEmail.Text
                            };
                            cmd.Parameters.Add(emailParam);

                            var addressParam = new NpgsqlParameter
                            {
                                ParameterName = "@ADDRESS",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 128,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserAddress.Text
                            };
                            cmd.Parameters.Add(addressParam);

                            var cityParam = new NpgsqlParameter
                            {
                                ParameterName = "@CITY",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserCity.Text
                            };
                            cmd.Parameters.Add(cityParam);

                            var countryParam = new NpgsqlParameter
                            {
                                ParameterName = "@COUNTRY",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserCountry.Text
                            };
                            cmd.Parameters.Add(countryParam);

                            var bodyParam = new NpgsqlParameter
                            {
                                ParameterName = "@PROFILEBODY",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 1024,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserBody.Text
                            };
                            cmd.Parameters.Add(bodyParam);

                            cmd.ExecuteNonQuery();
                            cmd.Dispose();
                        }

                        if (imageUploadForm.HasFile)
                        {
                            string path = HttpContext.Current.Server.MapPath("~/uploads");

                            if (!Directory.Exists(path))
                            {
                                Directory.CreateDirectory(path);
                            }

                            HttpPostedFile file = HttpContext.Current.Request.Files[0];

                            if (file.ContentLength < 2097152)
                            {
                                string fileName;

                                if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE")
                                {
                                    string[] files = file.FileName.Split(new[] { '\\' });
                                    fileName = files[files.Length - 1];
                                }
                                else
                                {
                                    fileName = file.FileName;
                                }

                                fileName = FooStringHelper.RandomFileName(fileName);
                                string filePath = Path.Combine(path, fileName);

                                try
                                {
                                    file.SaveAs(filePath);

                                    Insert_NewImage(fileName, userId);

                                    Reset_Page();
                                }
                                catch (Exception ex)
                                {
                                    FooLogging.WriteLog(ex.ToString());
                                    errorLabel.Text = "Upload failed.";
                                }
                            }

                            else
                            {
                                errorLabel.Text = "Invalid file.";
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    FooLogging.WriteLog(ex.ToString());
                    errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
                }
            }

            else
            {
                errorLabel.Text = "Incomplete or invalid input.";
            }

            Reset_Page();
        }

Ejemplo n.º 11

0

Mostrar archivo

Archivo: admin_merchandise.aspx.cs Proyecto: katiposec/fooblog

        protected void MerchView_Databound(object sender, EventArgs e)
        {
            if (merchView.CurrentMode == DetailsViewMode.ReadOnly && merchView.Rows.Count > 1)
            {
                var merchEnabledLabel = (Label)merchView.FindControl("merchEnabledLabel");

                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID",
                            conn);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@MERCHID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString())
                    };
                    cmd.Parameters.Add(idParam);

                    bool postEnabled = Convert.ToBoolean(cmd.ExecuteScalar());

                    merchEnabledLabel.Text = postEnabled ? "Yes" : "No";
                }
            }

            else
            {
                var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox");

                try
                {
                    if (merchView.CurrentMode == DetailsViewMode.Edit)
                    {
                        using (var conn = new NpgsqlConnection())
                        {
                            conn.ConnectionString =
                                ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                            conn.Open();

                            var cmd =
                                new NpgsqlCommand(
                                    "SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID",
                                    conn);

                            var idParam = new NpgsqlParameter
                            {
                                ParameterName = "@MERCHID",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 16,
                                Direction     = ParameterDirection.Input,
                                Value         = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString())
                            };
                            cmd.Parameters.Add(idParam);

                            NpgsqlDataReader dr = cmd.ExecuteReader();

                            while (dr.Read())
                            {
                                merchEnabledCheckbox.Checked = Convert.ToBoolean(dr["merchenabled"]);
                            }

                            dr.Close();
                        }
                    }
                }

                catch (Exception ex)
                {
                    FooLogging.WriteLog(ex.ToString());

                    string merchId = merchView.SelectedValue.ToString();

                    if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
                    {
                        errorLabel.Text = "Invalid request.";
                        Reset_Page(string.Empty);
                        return;
                    }

                    Reset_Page(merchId);
                    errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
                }
            }
        }

Ejemplo n.º 12

0

Mostrar archivo

Archivo: admin_merchandise.aspx.cs Proyecto: katiposec/fooblog

        protected void Load_Forms(string merchId)
        {
            if (merchId != string.Empty && !FooStringHelper.IsValidAlphanumeric(merchId, 16))
            {
                errorLabel.Text = "Invalid request.";
                return;
            }

            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd = new NpgsqlCommand();

                    if (String.IsNullOrEmpty(merchId))
                    {
                        cmd.CommandText =
                            "SELECT merchid, merchname, merchbrief, merchbody, merchprice, merchimg, merchenabled FROM merchandise ORDER BY merchid DESC LIMIT 1";
                        cmd.Connection = conn;
                    }

                    else
                    {
                        cmd.CommandText =
                            "SELECT merchid, merchname, merchbrief, merchbody, merchprice, merchimg, merchenabled FROM merchandise WHERE merchid= @MERCHID";
                        cmd.Connection = conn;

                        var idParam = new NpgsqlParameter
                        {
                            ParameterName = "@MERCHID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         = merchId
                        };
                        cmd.Parameters.Add(idParam);
                    }

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    merchView.DataSource = ds;
                    merchView.DataBind();
                }

                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT merchid, merchname FROM merchandise",
                            conn);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    merchGrid.DataSource = ds;
                    merchGrid.DataBind();
                }

                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT T1.reviewid, T1.reviewtime, T1.userid, T1.merchid, T1.reviewbody, T2.userid, T2.useralias, T3.merchid, T3.merchname FROM reviews AS T1 LEFT OUTER JOIN users AS T2 ON T1.userid = T2.userid LEFT OUTER JOIN merchandise AS T3 ON T1.merchid = T3.merchid",
                            conn);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    reviewGrid.DataSource = ds;
                    reviewGrid.DataBind();
                }


                errorLabel.Text = "";
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }

Ejemplo n.º 13

0

Mostrar archivo

Archivo: admin_merchandise.aspx.cs Proyecto: katiposec/fooblog

        protected void MerchView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
        {
            string merchId = merchView.SelectedValue.ToString();

            if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
            {
                errorLabel.Text = "Invalid request.";
                Reset_Page(string.Empty);
                return;
            }

            var txtMerchName         = (TextBox)merchView.FindControl("txtMerchName");
            var txtMerchPrice        = (TextBox)merchView.FindControl("txtMerchPrice");
            var txtMerchBrief        = (TextBox)merchView.FindControl("txtMerchBrief");
            var txtMerchBody         = (TextBox)merchView.FindControl("txtMerchBody");
            var imageUploadForm      = (FileUpload)merchView.FindControl("imageUploadForm");
            var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox");

            if (!string.IsNullOrEmpty(txtMerchName.Text) && !string.IsNullOrEmpty(txtMerchPrice.Text) &&
                FooStringHelper.IsValidPrice(txtMerchPrice.Text) && !string.IsNullOrEmpty(txtMerchBrief.Text) &&
                !string.IsNullOrEmpty(txtMerchBody.Text))
            {
                try
                {
                    if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                    {
                        using (var conn = new NpgsqlConnection())
                        {
                            conn.ConnectionString =
                                ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                            conn.Open();

                            var cmd = new NpgsqlCommand
                            {
                                CommandText =
                                    "UPDATE merchandise SET (merchname, merchprice, merchbrief, merchbody, merchenabled) = (@MERCHNAME, @MERCHPRICE, @MERCHBRIEF, @MERCHBODY, @MERCHENABLED) WHERE merchid= @MERCHID",
                                CommandType = CommandType.Text,
                                Connection  = conn
                            };

                            var idParam = new NpgsqlParameter
                            {
                                ParameterName = "@MERCHID",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 16,
                                Direction     = ParameterDirection.Input,
                                Value         = merchId
                            };
                            cmd.Parameters.Add(idParam);

                            var nameParam = new NpgsqlParameter
                            {
                                ParameterName = "@MERCHNAME",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 64,
                                Direction     = ParameterDirection.Input,
                                Value         = txtMerchName.Text
                            };
                            cmd.Parameters.Add(nameParam);

                            var priceParam = new NpgsqlParameter
                            {
                                ParameterName = "@MERCHPRICE",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 8,
                                Direction     = ParameterDirection.Input,
                                Value         = txtMerchPrice.Text
                            };
                            cmd.Parameters.Add(priceParam);

                            var briefParam = new NpgsqlParameter
                            {
                                ParameterName = "@MERCHBRIEF",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 1024,
                                Direction     = ParameterDirection.Input,
                                Value         = txtMerchBrief.Text
                            };
                            cmd.Parameters.Add(briefParam);

                            var bodyParam = new NpgsqlParameter
                            {
                                ParameterName = "@MERCHBODY",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Direction     = ParameterDirection.Input,
                                Value         = txtMerchBody.Text
                            };
                            cmd.Parameters.Add(bodyParam);

                            var enabledParam = new NpgsqlParameter
                            {
                                ParameterName = "@MERCHENABLED",
                                NpgsqlDbType  = NpgsqlDbType.Boolean,
                                Direction     = ParameterDirection.Input,
                                Value         = merchEnabledCheckbox.Checked
                            };
                            cmd.Parameters.Add(enabledParam);

                            cmd.ExecuteNonQuery();
                            cmd.Dispose();
                        }

                        if (imageUploadForm.HasFile)
                        {
                            HttpPostedFile file = HttpContext.Current.Request.Files[0];
                            Insert_NewImage(merchId, file);
                        }
                    }
                }
                catch (Exception ex)
                {
                    FooLogging.WriteLog(ex.ToString());
                    errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
                }
            }

            else
            {
                errorLabel.Text = "Incomplete or invalid input.";
            }

            Reset_Page(merchId);
        }

Ejemplo n.º 14

0

Mostrar archivo

        protected void GridView_Update(object sender, GridViewUpdateEventArgs e)
        {
            string userId = userGrid.DataKeys[e.RowIndex].Values[0].ToString();

            if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
            {
                errorLabel.Text = "Invalid request.";
                Reset_Page();
                return;
            }

            var txtUserName   = (TextBox)userGrid.Rows[e.RowIndex].FindControl("txtUserName");
            var txtUserAlias  = (TextBox)userGrid.Rows[e.RowIndex].FindControl("txtUserAlias");
            var txtEmail      = (TextBox)userGrid.Rows[e.RowIndex].FindControl("txtEmail");
            var groupDropdown = (DropDownList)userGrid.Rows[e.RowIndex].FindControl("groupDropdown");

            if (!string.IsNullOrEmpty(txtUserName.Text) && !string.IsNullOrEmpty(txtUserAlias.Text) &&
                !string.IsNullOrEmpty(txtEmail.Text) && FooStringHelper.IsValidEmailAddress(txtEmail.Text))
            {
                try
                {
                    if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                    {
                        using (var conn = new NpgsqlConnection())
                        {
                            conn.ConnectionString =
                                ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                            conn.Open();

                            var cmd = new NpgsqlCommand
                            {
                                CommandText =
                                    "UPDATE users SET (username, useralias, groupid, email) = (@NAME, @USERALIAS, @GROUP, @EMAIL) WHERE userID= @USERID",
                                CommandType = CommandType.Text,
                                Connection  = conn
                            };

                            var param = new NpgsqlParameter
                            {
                                ParameterName = "@USERID",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 16,
                                Direction     = ParameterDirection.Input,
                                Value         = userId
                            };
                            cmd.Parameters.Add(param);

                            var nameParam = new NpgsqlParameter
                            {
                                ParameterName = "@USERNAME",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserName.Text
                            };
                            cmd.Parameters.Add(nameParam);

                            var dispParam = new NpgsqlParameter
                            {
                                ParameterName = "@USERALIAS",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 32,
                                Direction     = ParameterDirection.Input,
                                Value         = txtUserAlias.Text
                            };
                            cmd.Parameters.Add(dispParam);

                            var emailParam = new NpgsqlParameter
                            {
                                ParameterName = "@EMAIL",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 64,
                                Direction     = ParameterDirection.Input,
                                Value         = txtEmail.Text
                            };
                            cmd.Parameters.Add(emailParam);

                            var groupParam = new NpgsqlParameter
                            {
                                ParameterName = "@GROUP",
                                NpgsqlDbType  = NpgsqlDbType.Varchar,
                                Size          = 16,
                                Direction     = ParameterDirection.Input,
                                Value         = groupDropdown.SelectedValue
                            };
                            cmd.Parameters.Add(groupParam);

                            cmd.ExecuteNonQuery();
                        }
                    }

                    else
                    {
                        errorLabel.Text = "Invalid request.";
                    }
                }
                catch (Exception ex)
                {
                    FooLogging.WriteLog(ex.ToString());
                    errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
                }
            }
            else
            {
                errorLabel.Text = "Incomplete or invalid input.";
            }

            Reset_Page();
        }

Ejemplos de FooBlog FooStringHelper.IsValidAlphanumeric en C# (CSharp)