public string userAdmin(string pesel) { string result = ""; RegexClass r = new RegexClass(); Match matchPesel = r.Regex.Match(pesel); if (matchPesel.Success == false) { try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { connection.Open(); SqlCommand cmd = connection.CreateCommand(); SqlParameter sqlPesel = new SqlParameter("@pesel", pesel); cmd.CommandText = "exec UpdateUzyt 2, @pesel, '2'"; cmd.Parameters.Add(sqlPesel); cmd.ExecuteNonQuery(); result += "OK"; } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); result += "Problem with : " + ex.ToString(); } } return result; }
public string createUser(string[] input) { string result = ""; RegexClass r = new RegexClass(); Match mPesel = r.Regex.Match(input[0]); Match mPassword = r.Regex.Match(input[1]); Match mNickname = r.Regex.Match(input[3]); if (mPesel.Success == false && mPassword.Success == false && mNickname.Success == false) { try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { connection.Open(); SqlCommand cmd = connection.CreateCommand(); cmd.CommandText = "exec Zarejestruj @pesel, @password , @idArea, 1, @nickname"; SqlParameter sqlPesel = new SqlParameter("@pesel", input[0]); SqlParameter sqlPassword = new SqlParameter("@password", input[1]); SqlParameter sqlIdArea = new SqlParameter("@idArea", input[2]); SqlParameter sqlNickname = new SqlParameter("@nickname", input[3]); cmd.Parameters.Add(sqlPesel); cmd.Parameters.Add(sqlPassword); cmd.Parameters.Add(sqlIdArea); cmd.Parameters.Add(sqlNickname); cmd.ExecuteNonQuery(); result += "OK"; } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); result += "Problem " + ex.ToString(); } } else { Console.WriteLine("We got problem with PESEL or password (it can be seciurity error !"); result += "Problem with login or password (it can be both!)"; } return result; }
public string addList(string list) { string result = ""; List<int> listIds = new List<int>(); try { using (XmlReader reader = XmlReader.Create(new StringReader(list))) { reader.ReadToFollowing("list"); reader.ReadToFollowing("electionId"); int idWyborow = reader.ReadElementContentAsInt(); reader.ReadToFollowing("comiteeName"); string nazwa = reader.ReadElementContentAsString().Trim(); reader.ReadToFollowing("areaId"); int idOkregu = reader.ReadElementContentAsInt(); using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { RegexClass r = new RegexClass(); Match regexMatch = r.Regex.Match(nazwa); connection.Open(); SqlCommand cmd = connection.CreateCommand(); cmd.CommandText = "exec ZglosListe @name, @idElection , @idArea"; if (regexMatch.Success) { throw new Exception("ERROR : UZYTO SLOWA NIEDOZWOLONEGO SELECT/DELETE"); } //else //{ SqlParameter sqlNazwa = new SqlParameter("@name", nazwa); cmd.Parameters.Add(sqlNazwa); //} SqlParameter sqlIdElection = new SqlParameter("@idElection", idWyborow); SqlParameter sqlIdArea = new SqlParameter("@idArea", idOkregu); cmd.Parameters.Add(sqlIdElection); cmd.Parameters.Add(sqlIdArea); cmd.ExecuteNonQuery(); connection.Close(); connection.Open(); SqlCommand cmd2 = connection.CreateCommand(); cmd2.CommandText = "select dbo.DajID(@name,@idElection,@idArea)"; SqlParameter sqlNazwa2 = new SqlParameter("@name", nazwa); SqlParameter sqlIdElection2 = new SqlParameter("@idElection", idWyborow); SqlParameter sqlIdArea2 = new SqlParameter("@idArea", idOkregu); cmd2.Parameters.Add(sqlNazwa2); cmd2.Parameters.Add(sqlIdElection2); cmd2.Parameters.Add(sqlIdArea2); // DAJID PROCEDURE. NAJBARDZIEJ ZACHŁANNY ALGORYTM NA ŚWIECE ! SqlDataReader sreader = cmd2.ExecuteReader(); // DRŻYJCIE NIEWIERNI ! while (sreader.Read()) { listIds.Add(sreader.GetInt32(0)); } connection.Close(); reader.ReadToFollowing("candidates"); while (reader.ReadToFollowing("candidate")) { foreach (int idListy in listIds) { SqlParameter sqlIdList = new SqlParameter("@idList", idListy); string kandydat = reader.ReadElementContentAsString().Trim(); Match regexMatch2 = r.Regex.Match(kandydat); if (regexMatch2.Success) { throw new Exception("ERROR : UZYTO SLOWA NIEDOZWOLONEGO SELECT/DELETE"); } else { } connection.Open(); SqlCommand cmd3 = connection.CreateCommand(); cmd3.CommandText = "exec ZglosKand @candidate , @idList"; SqlParameter sqlCandidate = new SqlParameter("@candidate", kandydat); cmd3.Parameters.Add(sqlCandidate); cmd3.Parameters.Add(sqlIdList); cmd3.ExecuteNonQuery(); connection.Close(); result = "OK"; } } } } } catch (Exception e) { return e.ToString(); } return result; }
public String startElection(int idElection, string data) { string result = ""; RegexClass r = new RegexClass(); try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { Match regexMatch = r.Regex.Match(data); connection.Open(); Console.WriteLine("MySQL version : {0}", connection.ServerVersion); SqlCommand cmd = connection.CreateCommand(); if (regexMatch.Success) { throw new Exception("ERROR : UZYTO SLOWA NIEDOZWOLONEGO SELECT/DELETE"); } else { SqlParameter sqlData = new SqlParameter("@data", data); cmd.Parameters.Add(sqlData); } SqlParameter sqlIdElection = new SqlParameter("@idElection", idElection); cmd.Parameters.Add(sqlIdElection); cmd.CommandText = "exec RozpocznijWybory @idElection , @data"; cmd.ExecuteNonQuery(); result += "OK"; } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); result += "Problem " + ex.ToString(); } return result; }
public int checkPrivliges(string pesel) { int isAdmin = 0; try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { connection.Open(); Console.WriteLine("MySQL version : {0}", connection.ServerVersion); RegexClass r = new RegexClass(); Match regexMatch = r.Regex.Match(pesel); SqlCommand cmd = new SqlCommand("select dbo.SprUpr(@pesel)", connection); if (regexMatch.Success) { throw new Exception("ERROR : UZYTO SLOWA NIEDOZWOLONEGO SELECT/DELETE"); } else { SqlParameter sqlPesel = new SqlParameter("@pesel", pesel); cmd.Parameters.Add(sqlPesel); } int ret = Convert.ToInt32(cmd.ExecuteScalar()); if(ret == 2) { isAdmin = 1; } } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); return 0; } return isAdmin; }
public int userVoteCheck(string pesel, int electionID) { int funcionReturn = 0; RegexClass r = new RegexClass(); Match matchPesel = r.Regex.Match(pesel); if (matchPesel.Success == false) { try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { connection.Open(); SqlParameter sqlPesel = new SqlParameter("@pesel", pesel); SqlParameter sqlElectionId = new SqlParameter("@electionId", electionID); SqlCommand cmd = new SqlCommand("select dbo.SprCzyGlosowal(@pesel, @electionId)", connection); cmd.Parameters.Add(sqlPesel); cmd.Parameters.Add(sqlElectionId); int ret = Convert.ToInt32(cmd.ExecuteScalar()); funcionReturn = ret; } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); funcionReturn = 0; } } return funcionReturn; // return 1 if user got comfirmed vote }
public string userVote(string[] input) { string result = ""; RegexClass r = new RegexClass(); Match matchPeselCandidate = r.Regex.Match(input[0]); Match matchPeselUser = r.Regex.Match(input[1]); if (matchPeselCandidate.Success == false && matchPeselUser.Success == false) { try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { connection.Open(); SqlCommand cmd = connection.CreateCommand(); SqlParameter sqlPeselCandidate = new SqlParameter("@peselC", input[0]); SqlParameter sqlPeselUser = new SqlParameter("@peselU", input[1]); SqlParameter sqlElectionId = new SqlParameter("@electionId", input[2]); cmd.CommandText = "exec Zaglosuj @peselC, @peselU, @electionId"; cmd.Parameters.Add(sqlPeselCandidate); cmd.Parameters.Add(sqlPeselUser); cmd.Parameters.Add(sqlElectionId); cmd.ExecuteNonQuery(); result += "OK"; } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); result += "Problem with : " + ex.ToString(); } } return result; }
public int userLoginCheckUser(string pesel, string password) { int isUserExist = 0; RegexClass r = new RegexClass(); Match mPesel = r.Regex.Match(pesel); Match mPassword = r.Regex.Match(password); if (mPesel.Success == false && mPassword.Success == false) { try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { connection.Open(); SqlCommand cmd = new SqlCommand("select dbo.SprIst(@pesel, @password)", connection); SqlParameter sqlNickname = new SqlParameter("@pesel", pesel); SqlParameter sqlPassword = new SqlParameter("@password", password); cmd.Parameters.Add(sqlNickname); cmd.Parameters.Add(sqlPassword); //SqlDataReader reader = cmd.ExecuteReader(); isUserExist = Convert.ToInt32(cmd.ExecuteScalar()); } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); isUserExist = 0; } } return isUserExist; }
public int userLoginCheck(string nickname, string password) { int equal = 0; RegexClass r = new RegexClass(); Match mPesel = r.Regex.Match(nickname); Match mPassword = r.Regex.Match(password); if (mPesel.Success == false && mPassword.Success == false) { try { using (SqlConnection connection = new SqlConnection(ConfigurationManager.AppSettings["connection"])) { connection.Open(); SqlCommand cmd = new SqlCommand("select dbo.SprIst2(@nickname,@password)", connection); SqlParameter sqlNickname = new SqlParameter("@nickname", nickname); SqlParameter sqlPassword = new SqlParameter("@password", password); cmd.Parameters.Add(sqlNickname); cmd.Parameters.Add(sqlPassword); int ret = Convert.ToInt32(cmd.ExecuteScalar()); equal = ret; } } catch (Exception ex) { Console.WriteLine("Error: {0}", ex.ToString()); equal = 0; } } return equal; }