Example #1
0
        public IActionResult DeleteUser(string id)
        {
            string select = @"SELECT * FROM Users WHERE Username='******'";

            Console.WriteLine(select);
            Console.WriteLine(id);

            DataTable ds = DBUtl.GetTable(select, id);

            if (ds.Rows.Count != 1)
            {
                TempData["Message"] = "User record no longer exists.";
                TempData["MsgType"] = "warning";
            }
            else
            {
                string delete = "DELETE FROM Users WHERE Username='******'";
                int    res    = DBUtl.ExecSQL(delete, id);
                if (res == 1)
                {
                    TempData["Message"] = "User Deleted";
                    TempData["MsgType"] = "success";
                }
                else
                {
                    TempData["Message"] = DBUtl.DB_Message;
                    TempData["MsgType"] = "danger";
                }
            }

            return(RedirectToAction("ListUsers"));
        }
Example #2
0
        private bool AuthenticateUser(string uid, string pw, out ClaimsPrincipal principal)
        {
            principal = null;

            DataTable ds = DBUtl.GetTable(LOGIN_SQL, uid, pw);

            if (ds.Rows.Count == 1)
            {
                principal =
                    new ClaimsPrincipal(
                        new ClaimsIdentity(
                            new Claim[] {
                    new Claim(ClaimTypes.NameIdentifier, uid),
                    new Claim(ClaimTypes.Name, ds.Rows[0][NAME_COL].ToString()),
                    new Claim(ClaimTypes.Role, ds.Rows[0][ROLE_COL].ToString())
                }, "Basic"
                            )
                        );
                if (principal != null)
                {
                    bool d = true;
                    return(d);
                }
                return(false);
            }
            return(false);
        }
        private bool SecureValidUser(string uid,
                                     string pw,
                                     out ClaimsPrincipal principal)
        {
            string sql       = "";
            string returnUrl = ViewData["ReturnUrl"] as string;

            sql = @"SELECT * FROM AppUser WHERE Id='{0}' AND Password = HASHBYTES('SHA1','{1}')";

            DataTable ds = DBUtl.GetTable(sql, uid, pw);

            principal = null;
            if (ds.Rows.Count == 1)
            {
                string uname  = ds.Rows[0]["Name"].ToString();
                string userid = ds.Rows[0]["Id"].ToString();
                string role   = ds.Rows[0]["Role"].ToString();

                principal =
                    new ClaimsPrincipal(
                        new ClaimsIdentity(
                            new Claim[] {
                    new Claim(ClaimTypes.NameIdentifier, userid),
                    new Claim(ClaimTypes.Name, uname),
                    new Claim(ClaimTypes.Role, role)
                },
                            "Basic"));
                return(true);
            }
            else
            {
                return(false);
            }
        }
        public IActionResult Delete(int id)
        {
            string    select = "SELECT * FROM Exercise WHERE Exercise_id = {0}";
            DataTable ds     = DBUtl.GetTable(select, id);

            if (ds.Rows.Count != 1)
            {
                TempData["Message"] = "Exercise does not exist";
                TempData["MsgType"] = "warning";
            }
            else
            {
                string delete = "DELETE FROM Exercise WHERE Exercise_id = {0}";
                int    res    = DBUtl.ExecSQL(delete, id);
                if (res == 1)
                {
                    TempData["Message"] = "Exercise Deleted";
                    TempData["MsgType"] = "success";
                }
                else
                {
                    TempData["Message"] = DBUtl.DB_Message;
                    TempData["MsgType"] = "danger";
                }
            }
            return(RedirectToAction("Index"));
        }
        public IActionResult Delete(string name, string email)
        {
            string    select = @"SELECT * FROM AppUser WHERE UserName='******'";
            DataTable ds     = DBUtl.GetTable(select, name);

            if (ds.Rows.Count != 1)
            {
                TempData["Message"] = "Company Record No Longer Exists.";
                TempData["MsgType"] = "warning";
            }

            else
            {
                string delete  = "DELETE FROM AppUser WHERE UserName='******'";
                string delete1 = "DELETE FROM Email WHERE Email='{0}'";
                int    res     = DBUtl.ExecSQL(delete, name);
                int    res1    = DBUtl.ExecSQL(delete1, email);

                if (res == 1)
                {
                    TempData["Message"] = "Company Deleted.";
                    TempData["MsgType"] = "success";
                }

                else
                {
                    TempData["Message"] = DBUtl.DB_Message;
                    TempData["MsgType"] = "danger";
                }
            }
            return(RedirectToAction("List"));
        }
Example #6
0
        public IActionResult CancelMaint(string id)
        {
            string    select = @"SELECT * FROM Equipment 
                              WHERE Serial_no='{0}'";
            DataTable ds     = DBUtl.GetTable(select, id);

            if (ds.Rows.Count != 1)
            {
                TempData["Message"] = "Equipment record no longer exists.";
                TempData["MsgType"] = "warning";
            }
            else
            {
                string update = "UPDATE Equipment SET Status = 'Available' WHERE Serial_no = '{0}' AND Status = 'Maintenance'";
                int    res    = DBUtl.ExecSQL(update, id);
                if (res == 1)
                {
                    TempData["Message"] = "Maintenance Notice Cancelled";
                    TempData["MsgType"] = "success";
                }
                else
                {
                    TempData["Message"] = "Something went wrong.";
                    TempData["MsgType"] = "danger";
                }
            }
            return(RedirectToAction("EquipmentMaintCancel"));
        }
Example #7
0
        public IActionResult Delete(string id)
        {
            string    select = @"SELECT * FROM Event WHERE Id={0}";
            DataTable ds     = DBUtl.GetTable(select, id);

            if (ds.Rows.Count != 1)
            {
                TempData["Message"] = "Event does not exist";
                TempData["MsgType"] = "warning";
            }
            else
            {
                string docFile  = ds.Rows[0]["fileName"].ToString();
                string fullpath = Path.Combine(_env.WebRootPath, "files/" + docFile);
                System.IO.File.Delete(fullpath);

                string delete = "DELETE FROM Event WHERE Id={0}";
                int    res    = DBUtl.ExecSQL(delete, id);
                if (res == 1)
                {
                    TempData["Message"] = "Event Deleted";
                    TempData["MsgType"] = "success";
                }
                else
                {
                    TempData["Message"] = DBUtl.DB_Message;
                    TempData["MsgType"] = "danger";
                }
            }
            return(RedirectToAction("Events"));
        }
        public IActionResult DeleteAccessory(string id)
        {
            string    select = @"SELECT * FROM Equipment_accessories 
                              WHERE Equipment_accessories_id='{0}'";
            DataTable ds     = DBUtl.GetTable(select, id);

            if (ds.Rows.Count != 1)
            {
                TempData["Message"] = "Accessory record no longer exists.";
                TempData["MsgType"] = "warning";
            }
            else
            {
                string delete = "DELETE FROM Equipment_accessories WHERE Equipment_accessories_id='{0}'";
                int    res    = DBUtl.ExecSQL(delete, id);
                if (res == 1)
                {
                    TempData["Message"] = "Accessory Deleted";
                    TempData["MsgType"] = "success";
                }
                else
                {
                    TempData["Message"] = "Please delete related records before deleting this record!";
                    TempData["MsgType"] = "danger";
                }
            }
            return(RedirectToAction("Index"));
        }
        public IActionResult ToggleMaint(string id)
        {
            string    select = @"SELECT * FROM Users WHERE role !='Admin'";
            DataTable ds     = DBUtl.GetTable(select, id);

            if (ds.Rows.Count < 0)
            {
                TempData["Message"] = "Toggle failed";
                TempData["MsgType"] = "warning";
            }
            else
            {
                string set = "UPDATE Users SET Maintenance_status = 'True' WHERE role != 'Admin'";
                int    res = DBUtl.ExecSQL(set, id);
                if (res > 0)
                {
                    TempData["Message"] = "Maintenance Toggle successful";
                    TempData["MsgType"] = "success";
                }
                else
                {
                    TempData["Message"] = "Toggle maintenance unsuccessful";
                    TempData["MsgType"] = "danger";
                }
            }
            return(RedirectToAction("Index"));
        }
        public IActionResult Create(Company company)
        {
            if (!ModelState.IsValid)
            {
                ViewData["Message"] = "Invalid Input";
                ViewData["MsgType"] = "warning";
                return(View("Create"));
            }

            else
            {
                string insert  = @"INSERT INTO Email(Email, EmailStatus) VALUES('{0}',0)";
                string insert1 = @"INSERT INTO AppUser(UserName, User_PW, RepName, Contact_Num, CompanyName, CompanyWebsite, CompanyIndustry, CompanySize, CompanyType, Email) VALUES('{0}', HASHBYTES('SHA1', '{1}'), '{2}', {3}, '{4}', '{5}', '{6}', '{7}', 2, '{8}')";

                int result  = DBUtl.ExecSQL(insert, company.Email);
                int result1 = DBUtl.ExecSQL(insert1, company.UserName, company.User_PW, company.RepName, company.Contact_Num, company.CompanyName, company.CompanyWebsite, company.CompanyIndustry, company.CompanySize, company.Email);


                if (result == 1 && result1 == 1)
                {
                    TempData["Mesage"]  = "Account Created";
                    TempData["MsgType"] = "success";

                    string    email  = company.Email.ToString();
                    string    select = "SELECT * FROM AppUser WHERE Email='{0}'";
                    DataTable dt     = DBUtl.GetTable(select, email);

                    foreach (DataRow row in dt.Rows)
                    {
                        string RepName  = row.Field <string>("RepName");
                        string Email    = row.Field <string>("Email");
                        string UserName = row.Field <string>("UserName");

                        string template = @"Hi {0}, <br></br> Welcome to Tribe Accelerator! Your username is {1}. To activate your account, click here <button><a href='" + Url.Action("Activate", "Company", new { un = Email }, "http") + "'>Activate</a></button><br></br>" + "Regards,<br></br> The Tribe Accelerator team";
                        string title    = "Account Activation";
                        string message  = string.Format(template, RepName, UserName);
                        string rs;
                        if (EmailUtl.SendEmail(email, title, message, out rs))
                        {
                            ViewData["Message"] = "Email successfully sent";
                            ViewData["MsgType"] = "success";
                        }
                        else
                        {
                            ViewData["Message"] = result;
                            ViewData["MsgType"] = "warning";
                        }
                        return(View("Confirmation"));
                    }
                }
                else
                {
                    TempData["Message"] = DBUtl.DB_Message;
                    TempData["MsgType"] = "danger";
                }
                return(Redirect("~/Home/Index"));
            }
        }
Example #11
0
        public IActionResult VerifyUserID(string userId)
        {
            string select = $"SELECT * FROM UserRegister WHERE UserId='{userId}'";

            if (DBUtl.GetTable(select).Rows.Count > 0)
            {
                return(Json($"[{userId}] already in use"));
            }
            return(Json(true));
        }
Example #12
0
        public IActionResult VerifyUserName(String UserName)
        {
            string select = $"SELECT * FROM Account WHERE UserName='******'";

            if (DBUtl.GetTable(select).Rows.Count > 0)
            {
                return(Json($"[{UserName}] already in use"));
            }
            return(Json(true));
        }
Example #13
0
        public bool VerifyEmail(String Email)
        {
            string    select = @"SELECT * FROM AppUser WHERE Email='{0}'";
            DataTable ds     = DBUtl.GetTable(select, Email);

            if (ds.Rows.Count == 1)
            {
                return(true);
            }
            return(false);
        }
Example #14
0
        public IActionResult Create(User newUser)
        {
            if (!ModelState.IsValid)
            {
                ViewData["Message"] = "Invalid Input";
                ViewData["MsgType"] = "warning";
                return(View("Create"));
            }
            else
            {
                string insert =
                    @"INSERT INTO Users(Username, FullName, Email, Password, UserRole, CompanyName, ContactNo) 
                VALUES('{0}', '{1}', '{2}', HASHBYTES('SHA1', '{3}'), '{4}', '{5}', '{6}')";

                int result = DBUtl.ExecSQL(insert, newUser.Username, newUser.FullName, newUser.Email, newUser.Password, newUser.UserRole, newUser.CompanyName, newUser.ContactNo);

                if (result == 1)
                {
                    TempData["Message"] = "User Created";
                    TempData["MsgType"] = "success";
                    string    email  = newUser.Email.ToString();
                    string    select = "SELECT * FROM Users WHERE Email='{0}'";
                    DataTable dt     = DBUtl.GetTable(select, email);
                    foreach (DataRow row in dt.Rows)
                    {
                        string fullname = row.Field <string>("FullName");
                        string Email    = row.Field <string>("Email");
                        string template = @"Hi {0}, <br></br>
                                            Please press this link to activate your Accelerator Account. <br></br>
                                            <button><a href='" + Url.Action("Activation", "Account", new { un = fullname }, "http") + "'>Activate</a></button><br></br>" + "Cheers, <br></br>" + "<i>Accelerator</i>";
                        string title    = "Activating Accelerator Account";
                        string message  = String.Format(template, fullname);
                        string rs;
                        if (EmailUtl.SendEmail(email, title, message, out rs))
                        {
                            ViewData["Message"] = "Email Successfully Sent";
                            ViewData["MsgType"] = "success";
                        }
                        else
                        {
                            ViewData["Message"] = result;
                            ViewData["MsgType"] = "warning";
                        }
                        return(View("Activate"));
                    }
                }
                else
                {
                    TempData["Message"] = DBUtl.DB_Message;
                    TempData["MsgType"] = "danger";
                }
                return(RedirectToAction("ListUsers"));
            }
        }
Example #15
0
        private bool AuthenticateUser(string uid, string pw, out ClaimsPrincipal principal)
        {
            principal = null;

            //If email is confirmed
            var       dsconfirm = new DataTable();
            string    sql       = $"SELECT Email FROM AppUser WHERE UserName = '******' AND User_PW = HASHBYTES('SHA1','{pw}') ";
            DataTable dsemail   = DBUtl.GetTable(sql, uid, pw);

            if (dsemail.Rows.Count > 0)
            {
                string select = $"SELECT * FROM Email WHERE Email = '{dsemail.Rows[0]["Email"]}'";
                dsconfirm = DBUtl.GetTable(select);
            }

            DataTable ds = DBUtl.GetTable(LOGIN_SQL, uid, pw);

            if (ds.Rows.Count == 1)
            {
                var a = dsconfirm.Rows[0]["EmailStatus"].ToString();
                if (a.Equals("1"))
                {
                    string r  = "";
                    int    ro = int.Parse(ds.Rows[0][ROLE_COL].ToString());
                    if (ro == 1)
                    {
                        r = "Admin";
                    }
                    else if (ro == 2)
                    {
                        r = "Current";
                    }
                    else if (ro == 3)
                    {
                        r = "Alumni";
                    }

                    principal = new ClaimsPrincipal(
                        new ClaimsIdentity(
                            new Claim[]
                    {
                        new Claim(ClaimTypes.NameIdentifier, uid),
                        new Claim(ClaimTypes.Name, ds.Rows[0] [NAME_COL].ToString()),
                        new Claim(ClaimTypes.Role, r)
                    }, "Basic"
                            )
                        );
                    return(true);
                }
            }
            return(false);
        }
        public IActionResult ViewArchive()
        {
            updatearchive();
            DataTable dt = DBUtl.GetTable(@"SELECT Exercise_id, E.Package_id, U.nric AS [SAF11B], E.company AS [Company], 
                                            E.unit AS [Unit], P.Name AS [Weapon Package], E.start_date AS [Start Date], E.end_date AS [End Date], 
                                            E.description AS [Description], E.status AS [Status]
                                            FROM Exercise E 
                                            INNER JOIN Users U ON E.nric = U.nric 
                                            INNER JOIN Package P ON E.Package_id = P.Package_id
                                            WHERE E.archive = 1");

            return(View("ViewArchive", dt.Rows));
        }
Example #17
0
 public IActionResult ResetPassword(ResetPassword rp)
 {
     if (!ModelState.IsValid)
     {
         ViewData["Message"] = "Invalid Input";
         ViewData["MsgType"] = "warning";
         return(View("RPwd"));
     }
     else
     {
         string    email    = rp.Email.ToString();
         string    password = rp.UserPw.ToString();
         string    select   = @"SELECT * FROM Users WHERE Email='{0}'";
         DataTable dt       = DBUtl.GetTable(select, email);
         if (dt.Rows.Count == 1)
         {
             string uname    = dt.Rows[0]["Username"].ToString();
             string cfmEmail = dt.Rows[0]["Email"].ToString();
             if (email.Equals(cfmEmail))
             {
                 string update = @"UPDATE Users SET Password=HASHBYTES('SHA1','{1}') WHERE Username='******'";
                 int    res    = DBUtl.ExecSQL(update, uname, password, cfmEmail);
                 if (res == 1)
                 {
                     ViewData["Message"] = "Password has been reset successfully.";
                     ViewData["MsgType"] = "success";
                     return(View("RPwdCfm"));
                 }
                 else
                 {
                     ViewData["Message"] = "Password reset unsuccessful.";
                     ViewData["MsgType"] = "warning";
                     return(View("RPwd"));
                 }
             }
             else
             {
                 ViewData["Message"] = "Email cannot be verified.";
                 ViewData["MsgType"] = "danger";
                 return(View("RPwd"));
             }
         }
         else
         {
             return(View("RPwd"));
         }
     }
 }
        private bool SecureValidUser(string uid,
                                     string pw,
                                     out ClaimsPrincipal principal)
        {
            string sql       = "";
            string returnUrl = ViewData["ReturnUrl"] as string;

            if (returnUrl.Contains("SingRoom"))
            {
                sql = @"SELECT * FROM SRUser 
                         WHERE Email='{0}' 
                           AND Password = HASHBYTES('SHA1','{1}')";
            }
            else
            {
                sql = @"SELECT * FROM PHUser 
                         WHERE Email='{0}' 
                           AND Password = HASHBYTES('SHA1','{1}')";
            }

            DataTable ds = DBUtl.GetTable(sql, uid, pw);

            principal = null;
            if (ds.Rows.Count == 1)
            {
                string uname  = ds.Rows[0]["Name"].ToString();
                string userid = ds.Rows[0]["Id"].ToString();
                string role   = ds.Rows[0]["Role"].ToString();

                // TODO P06 Task 1a: Add the role of user from database as a claim under Role claim type
                principal =
                    new ClaimsPrincipal(
                        new ClaimsIdentity(
                            new Claim[] {
                    new Claim(ClaimTypes.NameIdentifier, userid),
                    new Claim(ClaimTypes.Name, uname),
                    new Claim(ClaimTypes.Role, role)
                },
                            "Basic"));
                return(true);
            }
            else
            {
                return(false);
            }
        }
Example #19
0
        public IActionResult ResetPW(ResetPW reset)
        {
            if (!ModelState.IsValid)
            {
                ViewData["Message"] = "Invalid Input";
                ViewData["MsgType"] = "warning";
                return(View("ResetPW"));
            }

            else
            {
                //string UserName = reset.UserName.ToString();
                string UserName    = TempData["un"].ToString();
                string password    = reset.User_PW_New.ToString();
                string cfmpassword = reset.ConfirmPasswordNew.ToString();

                string    sql    = @"SELECT * FROM AppUser WHERE UserName='******'";
                string    select = String.Format(sql, UserName);
                DataTable dt     = DBUtl.GetTable(select);

                if (password.Equals(cfmpassword))
                {
                    string update = @"UPDATE AppUser SET User_PW = HASHBYTES('SHA1','{1}') WHERE UserName = '******'";
                    int    res    = DBUtl.ExecSQL(update, UserName, password);
                    if (res == 1)
                    {
                        ViewData["Message"] = "Password reset successful!";
                        ViewData["MsgType"] = "success";
                        return(View("ResetPWActivate"));
                    }
                    else
                    {
                        ViewData["Message"] = "Password reset unsuccessful.";
                        ViewData["MsgType"] = "warning";
                        return(View("ResetPW"));
                    }
                }
                else
                {
                    ViewData["Message"] = "Username cannot be verified.";
                    ViewData["MsgType"] = "danger";
                }

                return(View("ResetPW"));
            }
        }
        public JsonResult VerifyNewUsername(string NewUsername)
        {
            DbSet <MesahUser> dbs = _dbContext.MesahUser;
            //var userid = User.FindFirst(ClaimTypes.NameIdentifier).Value;

            //MesahUser user = dbs.FromSqlInterpolated($"SELECT * FROM MesahUser WHERE UserId = {NewUsername}").FirstOrDefault();

            //if (user != null)
            //return Json(false);
            //else
            //return Json(true);
            string select = $"SELECT * FROM MesahUser WHERE UserId='{NewUsername}'";

            if (DBUtl.GetTable(select).Rows.Count > 0)
            {
                return(Json($"[{NewUsername}] already in use"));
            }
            return(Json(true));
        }
Example #21
0
        public IActionResult ResetPWEmail(ResetPWEmail Reset)
        {
            var output = VerifyEmail(Reset.Email);

            if (output == true)
            {
                string    email  = Reset.Email.ToString();
                string    select = "SELECT * FROM AppUser WHERE Email='{0}'";
                DataTable dt     = DBUtl.GetTable(select, email);

                foreach (DataRow row in dt.Rows)
                {
                    string Username = row.Field <string>("UserName");
                    string Email    = row.Field <string>("Email");

                    string template = @"Hi {0}, <br></br> To reset your password, click the link here : <br></br><a href='" + Url.Action("ResetPW", "Account", new { un = Username }, "http") + "'>Set your new password</a></button><br></br>" + "If you did not a request a password change, you can delete this email.<br></br>" + "Regards,<br></br>" + "<i>Tribe Accelerator</i>";

                    string title   = "Password Change";
                    string message = String.Format(template, Username);

                    if (EmailUtl.SendEmail(email, title, message, out string result))
                    {
                        ViewData["Message"] = "Email Successfully Sent";
                        ViewData["MsgType"] = "success";
                        return(View("ResetPWConfirm"));
                    }

                    else
                    {
                        ViewData["Message"] = result;
                        ViewData["MsgType"] = "warning";
                    }
                }
            }
            else
            {
                ViewData["Message"] = "No such email exists.";
                ViewData["MsgType"] = "warning";
                return(View("ResetPWEmail"));
            }
            return(View());
        }
Example #22
0
        public IActionResult ForgotPwd(ForgotPwd forgotPwd)
        {
            string    email  = forgotPwd.Email.ToString();
            string    select = "SELECT * FROM Users WHERE Email='{0}'";
            DataTable dt     = DBUtl.GetTable(select, email);

            foreach (DataRow row in dt.Rows)
            {
                string fname = row.Field <string>("FullName");
                string Email = row.Field <string>("Email");

                string template = @"Hi {0}, <br></br>
                                  We received a request to reset your password for your Accelerator Account. We're here to help!<br></br>
                                   Simply click on the button to set a new password:<br></br>
                                   <button><a href='" + Url.Action("ResetPassword", "Account", new { un = fname }, "http") + "'>Set a New Password</a></button><br></br>" +
                                  "If you didn't ask to change your password, don't worry! Your password is still safe and you can delete this email.<br></br>" +
                                  "Cheers,<br></br>" +
                                  "<i>Accelerator</i>";
                string title   = "Reset Password";
                string message = String.Format(template, fname);
                string result;

                if (EmailUtl.SendEmail(email, title, message, out result))
                {
                    ViewData["Message"] = "Email Successfully Sent";
                    ViewData["MsgType"] = "success";
                }
                else
                {
                    ViewData["Message"] = result;
                    ViewData["MsgType"] = "warning";
                }

                return(View("ForgotPwdCfm"));
            }

            //Create necessary database to store user info if required
            // To code for forgot password to send user email for the password reset link //


            return(View()); //TO remove or edit this line of code//
        }
        public JsonResult VerifyCurrentPassword(string CurrentPassword)
        {
            DbSet <MesahUser> dbs = _dbContext.MesahUser;
            var userid            = User.FindFirst(ClaimTypes.NameIdentifier).Value;

            //var pw_bytes = System.Text.Encoding.ASCII.GetBytes(CurrentPassword);

            //if (user != null)
            //  return Json(true);
            //else
            //  return Json(false);

            string select = $"SELECT * FROM MesahUser WHERE UserId='{userid}' AND UserPw = HASHBYTES('SHA1', '{CurrentPassword}')";

            if (DBUtl.GetTable(select).Rows.Count > 0)
            {
                return(Json(true));;
            }
            return(Json(false));
        }
Example #24
0
 public IActionResult Events()
 {
     if (User.IsInRole("Alumni"))
     {
         string    sql = "SELECT * FROM Event WHERE Type='Alumni'";
         DataTable dt  = DBUtl.GetTable(sql);
         return(View(dt.Rows));
     }
     else if (User.IsInRole("Startup"))
     {
         string    sql = "SELECT * FROM Event WHERE Type='Startup'";
         DataTable dt  = DBUtl.GetTable(sql);
         return(View(dt.Rows));
     }
     else
     {
         string    sql = "SELECT * FROM Event";
         DataTable dt  = DBUtl.GetTable(sql);
         return(View(dt.Rows));
     }
 }
        private bool AuthenticateUserFace(string personId, out ClaimsPrincipal principal)
        {
            principal = null;

            DataTable ds = DBUtl.GetTable(login_face, personId);

            if (ds.Rows.Count == 1)
            {
                principal =
                    new ClaimsPrincipal(
                        new ClaimsIdentity(
                            new Claim[] {
                    new Claim(ClaimTypes.NameIdentifier, personId),
                    new Claim(ClaimTypes.Name, ds.Rows[0][NAME_COL].ToString()),
                    new Claim(ClaimTypes.Role, ds.Rows[0][ROLE_COL].ToString())
                }, "Basic"
                            )
                        );
                return(true);
            }
            return(false);
        }
        public JsonResult VerifyNewPassword(string NewPassword)
        {
            DbSet <MesahUser> dbs = _dbContext.MesahUser;
            var userid            = User.FindFirst(ClaimTypes.NameIdentifier).Value;

            //var npw_bytes = System.Text.Encoding.ASCII.GetBytes(NewPassword);

            //MesahUser user = dbs.FromSqlInterpolated($"SELECT * FROM MesahUser WHERE UserId = {userid} AND UserPw = HASHBYTES('SHA1', {npw_bytes})").FirstOrDefault();

            //if (user != null)
            //  return Json(false);
            //else
            //  return Json(true);

            string select = $"SELECT * FROM MesahUser WHERE UserId='{userid}' AND UserPw = HASHBYTES('SHA1', '{NewPassword}')";

            if (DBUtl.GetTable(select).Rows.Count > 0)
            {
                return(Json(false));;
            }
            return(Json(true));
        }
Example #27
0
        public IActionResult DeleteProducts(int id)
        {
            string sql = @"SELECT * FROM Product 
                              WHERE ProductID={0}";

            string select = String.Format(sql, id);

            DataTable ds = DBUtl.GetTable(select);

            if (ds.Rows.Count != 1)
            {
                TempData["Message"] = "Product record no longer exists.";
                TempData["MsgType"] = "warning";
            }
            else
            {
                string photoFile = ds.Rows[0]["picture"].ToString();
                string fullpath  = Path.Combine(_env.WebRootPath, "FoodPics/" + photoFile);
                System.IO.File.Delete(fullpath);

                string delete = @"DELETE FROM Product WHERE ProductID={0}";
                int    res    = DBUtl.ExecSQL(delete, id);

                if (res == 1)
                {
                    TempData["Message"] = "Product Deleted";
                    TempData["MsgType"] = "success";
                }
                else
                {
                    TempData["Message"] = DBUtl.DB_Message;
                    TempData["MsgType"] = "danger";
                }
            }
            return(RedirectToAction("ListOfProducts"));
        }
Example #28
0
        public IActionResult ProductEdit(String id)
        {
            string    sql    = "SELECT * FROM Product WHERE ProductId={0}";
            string    select = String.Format(sql, id);
            DataTable dt     = DBUtl.GetTable(select);

            if (dt.Rows.Count == 1)
            {
                Product product = new Product
                {
                    ProductId   = (int)dt.Rows[0]["ProductId"],
                    ProductName = dt.Rows[0]["ProductName"].ToString(),
                    Price       = (double)dt.Rows[0]["Price"],
                    Photo       = (IFormFile)dt.Rows[0]["Photo"],
                };
                return(View(product));
            }
            else
            {
                TempData["Message"] = "Product Not Found";
                TempData["MsgType"] = "warning";
                return(RedirectToAction("ListOfProducts"));
            }
        }
        public IActionResult Index()
        {
            DataTable dt = DBUtl.GetTable("SELECT * FROM Equipment_accessories");

            return(View("Index", dt.Rows));
        }
        public IActionResult Index()
        {
            DataTable dt = DBUtl.GetTable("SELECT * FROM Announcement");

            return(View("Index", dt.Rows));
        }