/// <summary> /// File constructor /// </summary> /// <param name="str">GUID string</param> public File(string str) { Guid guid; if (!Guid.TryParse(str, out guid)) throw new ArgumentException(); _guid = str.ToUpper(); var si = new SqlIntegrate(Utility.ConnStr); si.AddParameter("@GUID", SqlIntegrate.DataType.VarChar, str.ToUpper()); var fileInfo = si.Reader("SELECT * FROM [File] WHERE [GUID] = @GUID"); _name = fileInfo["name"].ToString(); _info = fileInfo["info"].ToString(); _extension = fileInfo["extension"].ToString(); _size = Convert.ToInt32(fileInfo["size"]); _uploader = new User(Guid.Parse(fileInfo["uploader"].ToString())); _downloadCount = Convert.ToInt32(fileInfo["downloadCount"]); _uploadTime = Convert.ToDateTime(fileInfo["uploadTime"]); _savePath = StoragePath + str.ToUpper(); _permission = (PermissionLevel)Convert.ToInt32(fileInfo["permission"]); _mediaId = fileInfo["media_id"].ToString(); Tag = new List<string>(); si.ResetParameter(); si.AddParameter("@FUID", SqlIntegrate.DataType.VarChar, str.ToUpper()); var tagList = si.Adapter("SELECT [name] FROM [Filetag] WHERE FUID = @FUID"); for (var i = 0; i < tagList.Rows.Count; i++) Tag.Add(tagList.Rows[i]["name"].ToString()); }
/// <summary> /// Notification constructor (obtain a current one) /// </summary> /// <param name="id">Notification ID in database</param> public Notification(int id) { var si = new SqlIntegrate(Utility.ConnStr); si.AddParameter("@ID", SqlIntegrate.DataType.Int, id); var dr = si.Reader("SELECT * FROM Notification WHERE ID = @ID"); Content = dr["content"].ToString(); Title = dr["title"].ToString(); Id = id; Type = (PermissionType)int.Parse(dr["type"].ToString()); _group = -1; if (Type == PermissionType.SelfGroupOnly) _group = new User(Guid.Parse(dr["UUID"].ToString())).Group; NotifyTime = Convert.ToDateTime(dr["notifyTime"].ToString()); }
public override void Process(System.Web.HttpContext context) { if (context.Request["action"] == null) return; if (context.Request["action"] == "login") { if (context.Request.Form["username"] == null || context.Request.Form["password"] == null || SAAO.User.IsLogin) return; if (SAAO.User.Exist(context.Request.Form["username"].ToLower())) { var user = new SAAO.User(context.Request.Form["username"].ToLower()); if (!user.Login(context.Request.Form["password"])) R.Flag = 2; if (user.Wechat == "" && context.Session["wechat"] != null) user.Wechat = context.Session["wechat"].ToString(); } else R.Flag = 2; } if (!SAAO.User.IsLogin) return; if (context.Request["action"] == "password") { if (SAAO.User.Current.Verify(context.Request.Form["password"])) SAAO.User.Current.PasswordRaw = context.Request.Form["newpassword"]; else R.Flag = 2; } else if (context.Request["action"] == "logout") { SAAO.User.Current.Logout(); } else if (context.Request["action"] == "info") { R.Flag = 2; if (context.Request.Form["phone"] == null || !Regex.IsMatch(context.Request.Form["phone"], "\\d{11}")) return; if (context.Request.Form["mail"] == null || !Regex.IsMatch(context.Request.Form["mail"], "\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*")) return; if (context.Request.Form["classnum"] == null || !Regex.IsMatch(context.Request.Form["classnum"], "\\d{2}|\\d{1}")) return; R.Flag = 0; SAAO.User.Current.Phone = context.Request.Form["phone"]; SAAO.User.Current.Mail = context.Request.Form["mail"]; SAAO.User.Current.Class = int.Parse(context.Request.Form["classnum"]); } else if (context.Request["action"] == "unbind") { SAAO.User.Current.Wechat = ""; } }
/// <summary> /// Wechat Login /// </summary> /// <param name="wechatId">Wechat ID(username)</param> /// <returns>Whether the wechat ID has been bound</returns> public static bool WechatLogin(string wechatId) { var si = new SqlIntegrate(Utility.ConnStr); si.AddParameter("@wechat", SqlIntegrate.DataType.VarChar, wechatId); var r = si.Query( "SELECT [username] FROM [User] WHERE [wechat] = @wechat"); if (r == null) return false; Current = new User(r.ToString()); // TODO: no raw password raw storage! return true; }
/// <summary> /// Check whether a user has the permission to the file /// </summary> /// <param name="user">User</param> /// <returns>whether a user has the permission to the file</returns> public bool Visible(User user) { return Visible(_permission, _uploader.UUID, _uploader.Group, user); }
/// <summary> /// Check whether a user has the permission to a file (static function) /// </summary> /// <param name="permission">Permission setting</param> /// <param name="uuid">UUID (of uploader)</param> /// <param name="group">Group (of uploader)</param> /// <param name="user">User (current one most possibly)</param> /// <returns>whether a user has the permission to a file</returns> public static bool Visible(PermissionLevel permission, string uuid, int group, User user) { if (uuid == user.UUID) return true; switch (permission) { case PermissionLevel.All: return true; case PermissionLevel.SelfGroupOnly: if (group == user.Group) return true; break; case PermissionLevel.SeniorTwoOnly: if (user.Senior == 2) return true; break; case PermissionLevel.ImptMembOnly: if (user.IsExecutive) return true; break; default: return false; } return false; }