public List <AnAddress> GetAllAddress(NewWebSubContext context)
{
List <AnAddress> list = new List <AnAddress>();
using (MySqlConnection conn = context.GetConnection())
{
try
{
conn.Open();
MySqlCommand cmd = new MySqlCommand("select * from address", conn);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
list.Add(new AnAddress()
{
addresskey = Convert.ToInt32(reader["addresskey"]),
City = reader["City"].ToString(),
State = reader["State"].ToString(),
Zipcode = reader["Zipcode"].ToString()
});
}
}
}
catch (MySqlException ex)
{
Debug.WriteLine(ex.ToString());
}
}
return(list);
}
[HttpPost]//get the login info
public ActionResult Login(UserAccount user)
{
if (ModelState["UserName"].Errors.Any() || ModelState["Password"].Errors.Any())// check the Username and password are entered
{
ModelState.AddModelError("UserName", "UserName and Password are required");
}
else
{
NewWebSubContext context = HttpContext.RequestServices.GetService(typeof(new_websub.NewWebSubContext)) as NewWebSubContext;
using (MySqlConnection conn = context.GetConnection())
{
try
{
conn.Open();
// check username and password
string query = "select * from useraccounts where UserName=@username";
MySqlCommand cmd = new MySqlCommand(query, conn);
MySqlParameter param = new MySqlParameter("@username", user.UserName);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
MySqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
string dbHashedPwd = reader["Password"].ToString();
byte[] tmpPwd = ASCIIEncoding.ASCII.GetBytes(user.Password);
byte[] tmpHash = new MD5CryptoServiceProvider().ComputeHash(tmpPwd);
string newHashedPwd = ByteArrayToString(tmpHash);
if (newHashedPwd.Equals(dbHashedPwd))
{
ViewBag.Message = "Login Successfully";
HttpContext.Session.SetInt32("isLoggedIn", 1);
HttpContext.Session.SetString("User", reader["Email"].ToString());
return(Redirect("/account"));
}
else
{
ViewBag.Message = "Login failed, password is incorrect.";
}
}
else
{
ViewBag.Message = "No account for this User name";
}
}
catch (Exception ex)
{
ViewBag.Message = ex.ToString();
return(View());
}
}
}
return(View());
}
public IActionResult Subscription(CustomerPaymentViewModel payment)
{
string email = HttpContext.Session.GetString("User");
ViewBag.isLoggedIn = 1;
try
{
NewWebSubContext context = HttpContext.RequestServices.GetService(typeof(new_websub.NewWebSubContext)) as NewWebSubContext;
string query = "select * from useraccounts u inner join address a on u.AddressId=a.addresskey where u.Email=@Email";
MySqlConnection conn = context.GetConnection();
conn.Open();
MySqlCommand cmd = new MySqlCommand(query, conn);
MySqlParameter param = new MySqlParameter("@Email", email);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
MySqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
User user = new User();
user.Email = email;
user.Id = reader["UserID"].ToString();
user.FullName = reader["UserName"].ToString();
user.StripeCustomerId = "";
user.AddressLine1 = reader["Address1"].ToString();
user.AddressLine2 = reader["Address2"].ToString();
user.City = reader["City"].ToString();
user.State = reader["State"].ToString();
user.Zip = reader["Zipcode"].ToString();
user.Country = reader["Country"].ToString();
user.HistoryView = true;
StripeConfiguration.SetApiKey(_stripeSettings.Value.SecretKey);
var tokenoptions = new TokenCreateOptions
{
Card = new CreditCardOptions
{
Number = payment.CardNumber,
ExpYear = payment.ExpiryYear,
ExpMonth = payment.ExpiryMonth,
Cvc = payment.Cvc
}
};
var tokenservice = new TokenService();
Token stripeToken = tokenservice.Create(tokenoptions);
payment.cardtoken = stripeToken.Id;
CustomerCreateOptions customerCreateOptions = GetCustomerCreateOptions(payment, user);
var cusservice = new CustomerService();
var customers = cusservice.Create(customerCreateOptions);
Subscription subscription;
var plservice = new PlanService();
try
{
var plplan = plservice.Get(payment.subsctype);
var items = new List <SubscriptionItemOption> {
new SubscriptionItemOption {
PlanId = plplan.Id
}
};
var suboptions = new SubscriptionCreateOptions
{
CustomerId = customers.Id,
Items = items
};
var subservice = new SubscriptionService();
subscription = subservice.Create(suboptions);
}
catch
{
var options = new PlanCreateOptions
{
Product = new PlanProductCreateOptions
{
Id = payment.subsctype,
Name = payment.subsctype
},
Amount = payment.Amount,
Currency = payment.Currency,
Interval = payment.subsctype,
Id = payment.subsctype
};
var service = new PlanService();
Plan plan = service.Create(options);
var items = new List <SubscriptionItemOption> {
new SubscriptionItemOption {
PlanId = plan.Id
}
};
var suboptions = new SubscriptionCreateOptions
{
CustomerId = customers.Id,
Items = items
};
var subservice = new SubscriptionService();
subscription = subservice.Create(suboptions);
}
reader.Close();
// insert into subscriptions table
query = "insert into subscriptions(Email, CustomerId, SubscriptionId, Subscription_Started, Subscription_Ended) values(@Email," +
"@CustomerId, @SubscriptionId, @Subscription_Started, @Subscription_Ended)";
MySqlCommand cmd1 = new MySqlCommand(query, conn);
MySqlParameter param1 = new MySqlParameter("@Email", user.Email);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@CustomerId", subscription.CustomerId);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@SubscriptionId", subscription.Id);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@Subscription_Started", subscription.StartDate);
param1.MySqlDbType = MySqlDbType.DateTime;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@Subscription_Ended", subscription.EndedAt);
param1.MySqlDbType = MySqlDbType.DateTime;
cmd1.Parameters.Add(param1);
cmd1.ExecuteNonQuery();
HttpContext.Session.SetInt32("isLoggedIn", 1);
payment.massage = "Payment created successfully";
//return View("Success"); // render Success.cshtml
return(View(payment));
}
else
{
return(RedirectToAction(nameof(Login)));
}
}
catch (Exception ex)
{
MailMessage mail = new MailMessage();
mail.From = new MailAddress(_emailSettings.Value.PrimaryEmail);
mail.Subject = "Subscription Fail";
mail.IsBodyHtml = true;
mail.Body = ex.Message;
mail.Sender = new MailAddress(_emailSettings.Value.PrimaryEmail);
mail.To.Add(email);
SmtpClient smtp = new SmtpClient();
smtp.Host = _emailSettings.Value.PrimaryDomain; //Or Your SMTP Server Address
smtp.Port = _emailSettings.Value.PrimaryPort;
smtp.UseDefaultCredentials = false;
smtp.DeliveryMethod = SmtpDeliveryMethod.Network;
smtp.Credentials = new System.Net.NetworkCredential(_emailSettings.Value.PrimaryEmail, _emailSettings.Value.PrimaryPassword);
//Or your Smtp Email ID and Password
smtp.EnableSsl = _emailSettings.Value.EnableSsl;
smtp.Send(mail);
payment.massage = ex.Message;
return(View(payment));
}
}
// my account page
public ActionResult Index()
{
ViewBag.isLoggedIn = HttpContext.Session.GetInt32("isLoggedIn");
string email = HttpContext.Session.GetString("User");
if (ViewBag.isLoggedIn != 1)
{
return(RedirectToAction(nameof(Login)));
}
StripeConfiguration.SetApiKey(_stripeSettings.Value.SecretKey);
var service = new SubscriptionService();
StripeList <Subscription> response = service.List(new SubscriptionListOptions
{
Limit = 50,
Status = "all"
});
List <SubscriptionList> subscriptionLists = new List <SubscriptionList>();
SubscriptionList subscriptionList = new SubscriptionList();
string userEmail = HttpContext.Session.GetString("User");
NewWebSubContext context = HttpContext.RequestServices.GetService(typeof(new_websub.NewWebSubContext)) as NewWebSubContext;
MySqlConnection conn = context.GetConnection();
conn.Open();
string query = "select * from subscriptions where Email=@Email";
MySqlCommand cmd = new MySqlCommand(query, conn);
MySqlParameter param = new MySqlParameter("@Email", userEmail);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
MySqlDataReader reader = cmd.ExecuteReader();
List <string> customerIds = new List <string>();
while (reader.Read())
{
customerIds.Add(reader["CustomerId"].ToString());
}
reader.Close();
foreach (var item in response)
{
if (customerIds.IndexOf(item.CustomerId) < 0)
{
continue;
}
subscriptionList = new SubscriptionList();
subscriptionList.CustomerId = item.CustomerId;
subscriptionList.DefaultTaxRates = item.DefaultTaxRates;
subscriptionList.Discount = item.Discount;
subscriptionList.EndedAt = item.EndedAt;
subscriptionList.Items = item.Items;
subscriptionList.LatestInvoiceId = item.LatestInvoiceId;
subscriptionList.LatestInvoice = item.LatestInvoice;
subscriptionList.Livemode = item.Livemode;
subscriptionList.Metadata = item.Metadata;
subscriptionList.Plan = item.Plan;
subscriptionList.Quantity = item.Quantity;
subscriptionList.StartDate = item.StartDate;
subscriptionList.Status = item.Status;
subscriptionList.TransferData = item.TransferData;
subscriptionList.DefaultSource = item.DefaultSource;
subscriptionList.TrialEnd = item.TrialEnd;
subscriptionList.DefaultSourceId = item.DefaultSourceId;
subscriptionList.DefaultPaymentMethodId = item.DefaultPaymentMethodId;
subscriptionList.Id = item.Id;
subscriptionList.Object = item.Object;
subscriptionList.ApplicationFeePercent = item.ApplicationFeePercent;
subscriptionList.Billing = item.Billing;
subscriptionList.BillingCycleAnchor = item.BillingCycleAnchor;
subscriptionList.BillingThresholds = item.BillingThresholds;
subscriptionList.CancelAt = item.CancelAt;
subscriptionList.CancelAtPeriodEnd = item.CancelAtPeriodEnd;
subscriptionList.CanceledAt = item.CanceledAt;
subscriptionList.Created = item.Created;
subscriptionList.CurrentPeriodEnd = item.CurrentPeriodEnd;
subscriptionList.CurrentPeriodStart = item.CurrentPeriodStart;
subscriptionList.CustomerId = item.CustomerId;
subscriptionList.Customer = item.Customer;
subscriptionList.DaysUntilDue = item.DaysUntilDue;
subscriptionList.DefaultPaymentMethod = item.DefaultPaymentMethod;
subscriptionList.TrialStart = item.TrialStart;
subscriptionLists.Add(subscriptionList);
}
return(View(subscriptionLists));
}
public ActionResult ResetPassword(ResetpasswordForm model)
{
if (model.NewPassword == null)
{
ViewBag.message = "Password is required";
return(View());
}
if (!model.NewPassword.Equals(model.NewPasswordConfirm))
{
ViewBag.message = "Password is mismatch.";
return(View());
}
string email = model.Email;
NewWebSubContext context = HttpContext.RequestServices.GetService(typeof(new_websub.NewWebSubContext)) as NewWebSubContext;
using (MySqlConnection conn = context.GetConnection())
{
try
{
conn.Open();
string query = "select * from useraccounts where Email=@Email";
MySqlCommand cmd = new MySqlCommand(query, conn);
MySqlParameter param = new MySqlParameter("@Email", email);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
MySqlDataReader reader = cmd.ExecuteReader();
if (!reader.Read())
{
ViewBag.message = "This email is not valid.";
return(View());
}
string hashedToken = reader["Hashed_Token"].ToString();
reader.Close();
byte[] tmpToken = ASCIIEncoding.ASCII.GetBytes(model.token);
byte[] tmpHash = new MD5CryptoServiceProvider().ComputeHash(tmpToken);
string newHashedToken = ByteArrayToString(tmpHash);
if (!newHashedToken.Equals(hashedToken))
{
ViewBag.message = "Token is not valid";
return(View());
}
// reset new password
try
{
byte[] tmpPwd = ASCIIEncoding.ASCII.GetBytes(model.NewPassword);
byte[] tmpPwdHash = new MD5CryptoServiceProvider().ComputeHash(tmpPwd);
string newHashedPwd = ByteArrayToString(tmpPwdHash);
query = "update useraccounts set Password=@Password where Email=@Email";
cmd = new MySqlCommand(query, conn);
param = new MySqlParameter("@Password", newHashedPwd);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
param = new MySqlParameter("@Email", email);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
cmd.ExecuteNonQuery();
return(RedirectToAction(nameof(Login)));
}
catch (Exception ex2)
{
ViewBag.message = ex2.Message;
return(View());
}
}
catch (Exception ex)
{
ViewBag.message = ex.Message;
return(View());
}
}
}
[HttpPost]// post type of method follows this
public async Task <ActionResult> ForgotPassword(EmailFormVM emailFormVM)
{
try
{
HttpRequest request = HttpContext.Request;
string token = this.RandomString(10);
byte[] tmpToken = ASCIIEncoding.ASCII.GetBytes(token);
byte[] tmpHash = new MD5CryptoServiceProvider().ComputeHash(tmpToken);
string newHashedToken = ByteArrayToString(tmpHash);
NewWebSubContext context = HttpContext.RequestServices.GetService(typeof(new_websub.NewWebSubContext)) as NewWebSubContext;
using (MySqlConnection conn = context.GetConnection())
{
conn.Open();
string query = "select * from useraccounts where Email=@Email";
MySqlCommand cmd = new MySqlCommand(query, conn);
MySqlParameter param = new MySqlParameter("@Email", emailFormVM.toEmail);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
MySqlDataReader reader = cmd.ExecuteReader();
if (!reader.Read())
{
ViewBag.message = "This email is not exist.";
return(View());
}
reader.Close();
// insert hashed_token inside the database
try
{
query = "Update useraccounts set Hashed_Token=@token WHERE Email=@Email";
cmd = new MySqlCommand(query, conn);
param = new MySqlParameter("@token", newHashedToken);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
param = new MySqlParameter("@Email", emailFormVM.toEmail);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
cmd.ExecuteNonQuery();
// mail sent
string redirectLinnk = request.Host.ToString() + "/Account/ResetPassword?email=" + emailFormVM.toEmail + "&token=" + token;
MailMessage mail = new MailMessage();
mail.From = new MailAddress(_emailSettings.Value.PrimaryEmail);
mail.Subject = "Reset password";
mail.IsBodyHtml = true;
mail.Body = "<p>Please click following url to reset your password <a href='" + redirectLinnk + "'>" + redirectLinnk + "</a></p>";
mail.Sender = new MailAddress(_emailSettings.Value.PrimaryEmail);
mail.IsBodyHtml = true;
mail.To.Add(emailFormVM.toEmail);
SmtpClient smtp = new SmtpClient();
smtp.Host = _emailSettings.Value.PrimaryDomain; //Or Your SMTP Server Address
smtp.Port = _emailSettings.Value.PrimaryPort;
smtp.UseDefaultCredentials = false;
smtp.DeliveryMethod = SmtpDeliveryMethod.Network;
smtp.Credentials = new System.Net.NetworkCredential(_emailSettings.Value.PrimaryEmail, _emailSettings.Value.PrimaryPassword);
//Or your Smtp Email ID and Password
smtp.EnableSsl = _emailSettings.Value.EnableSsl;
smtp.Send(mail); // should be removed for local testing
ViewBag.message = "Recovery Email has been sent, please check your mail box.";
// ViewBag.message = redirectLinnk; // for only testing in local
}
catch (Exception ex1)
{
ViewBag.message = ex1.Message;
}
}
}
catch (Exception ex)
{
ViewBag.message = ex.Message;
}
return(View());
}
[HttpPost]// take the info from the page and puts it in the database
public ActionResult Register(RegisterFormVM registerFormVM)
{
UserAccount account = registerFormVM.userAccount;
AnAddress address = registerFormVM.address;
Debug.Write(account.toString());
MySqlParameter param;
ViewBag.Success = false;
NewWebSubContext context = HttpContext.RequestServices.GetService(typeof(new_websub.NewWebSubContext)) as NewWebSubContext;
using (MySqlConnection conn = context.GetConnection())
{
try
{
conn.Open();
// check if the email and username is unique
string query = "select * from useraccounts where UserName=@username or Email=@email";
MySqlCommand cmd = new MySqlCommand(query, conn);
// username
param = new MySqlParameter("@username", account.UserName);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
// email
param = new MySqlParameter("@email", account.Email);
param.MySqlDbType = MySqlDbType.VarChar;
cmd.Parameters.Add(param);
MySqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
ViewBag.Message = account.UserName + " or " + account.Email + " is already exist.";
}
else
{
// success
ViewBag.Success = true;
}
reader.Close();
if (ViewBag.Success)
{
// insert into address
string query1 = "Insert into address(Address1, Address2, City, State, " +
"Zipcode, Country, Address_Created, Address_Modified) values(@Address1, @Address2, @City, @State, " +
"@Zipcode, @Country, @Address_Created, @Address_Modified)";
MySqlCommand cmd1 = new MySqlCommand(query1, conn);
MySqlParameter param1;
// First name
param1 = new MySqlParameter("@Address1", address.Address1);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@Address2", address.Address2);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
// Last name
param1 = new MySqlParameter("@City", address.City);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
// User name
param1 = new MySqlParameter("@State", address.State);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
// Email
param1 = new MySqlParameter("@Zipcode", address.Zipcode);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@Country", address.Country);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@Address_Created", DateTime.Now);
param1.MySqlDbType = MySqlDbType.DateTime;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@Address_Modified", DateTime.Now);
param1.MySqlDbType = MySqlDbType.DateTime;
cmd1.Parameters.Add(param1);
cmd1.ExecuteNonQuery();
query1 = "select * from address";
cmd1 = new MySqlCommand(query1, conn);
reader = cmd1.ExecuteReader();
int addressKey = 0;
while (reader.Read())
{
addressKey = Convert.ToInt32(reader["addresskey"]);
}
// get address id
reader.Close();
// insert into useraccounts;
query1 = "Insert into useraccounts(FirstName, LastName, UserName, " +
"Email, Password, CompanyName, PhoneNumber, Account_Created, Account_Modified, AddressId) values(@FirstName, @lname, @uname, " +
"@email, @pwd, @company, @phone, @account_created, @account_modified, @AddressId)";
cmd1 = new MySqlCommand(query1, conn);
// First name
param1 = new MySqlParameter("@FirstName", account.FirstName);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
// Last name
param1 = new MySqlParameter("@lname", account.LastName);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
// User name
param1 = new MySqlParameter("@uname", account.UserName);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
// Email
param1 = new MySqlParameter("@email", account.Email);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
byte[] tmpPwd = ASCIIEncoding.ASCII.GetBytes(account.Password);
byte[] tmpHash = new MD5CryptoServiceProvider().ComputeHash(tmpPwd);
param1 = new MySqlParameter("@pwd", ByteArrayToString(tmpHash));
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@company", account.CompanyName);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@phone", account.PhoneNumber);
param1.MySqlDbType = MySqlDbType.VarChar;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@account_created", DateTime.Now);
param1.MySqlDbType = MySqlDbType.DateTime;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@account_modified", DateTime.Now);
param1.MySqlDbType = MySqlDbType.DateTime;
cmd1.Parameters.Add(param1);
param1 = new MySqlParameter("@AddressId", addressKey);
param1.MySqlDbType = MySqlDbType.Int32;
cmd1.Parameters.Add(param1);
cmd1.ExecuteNonQuery();
ViewBag.Message = "A new member " + account.FirstName + " is added successfully";
HttpContext.Session.SetInt32("isLoggedIn", 1);
HttpContext.Session.SetString("User", account.Email);
return(RedirectToAction(nameof(Index)));
}
}
catch (Exception ex)
{
ViewBag.Message = ex.ToString();
}
}
return(View());
}
