public ActionResult Dashboard()
{
if (Session["UserID"] == null)
{
return(RedirectToAction("Login", "Authentication", new { ReturnUrl = "/RegisteredUser/Dashboard" }));
}
//Check if Admin
string[] roles = new NotesMarketPlaceRoleManager().GetRolesForUser(User.Identity.Name);
if (roles.Contains("SuperAdmin") || roles.Contains("SubAdmin"))
{
return(RedirectToAction("AdminDashBoard", "Admin"));
}
int UserID = Convert.ToInt32(User.Identity.Name);
var Stats = DownloadRepository.GetUserStats(UserID);
DashboardModel DM = new DashboardModel()
{
NotesSold = Stats.Item1,
MoneyEarned = Stats.Item2,
Downloads = Stats.Item3,
Rejecteds = Stats.Item4,
BuyerRequests = Stats.Item5,
InProgressNotes = NotesRepository.GetInProgressNotes(UserID),
PublishedNotes = NotesRepository.GetPublishedNotes(UserID)
};
ViewBag.Title = "Dashboard";
ViewBag.Authorized = true;
return(View(DM));
}
public ActionResult Login()
{
//If already login redirect to user dashboard
if (Request.IsAuthenticated)
{
Session["UserID"] = User.Identity.Name;
UserProfileModel userProfile = UserRepository.GetUserData(Convert.ToInt32(Session["UserID"]));
if (!String.IsNullOrEmpty(userProfile.ProfilePicture))
{
Session["UserProfile"] = userProfile.ProfilePicture;
}
else
{
Session["UserProfile"] = "/Content/SystemConfig/DefaultUserProfile.png";
}
Session["FullName"] = userProfile.User.FirstName + " " + userProfile.User.LastName;
Session["Email"] = userProfile.User.Email;
//Check if Admin
string[] roles = new NotesMarketPlaceRoleManager().GetRolesForUser(User.Identity.Name);
if (roles.Contains("SuperAdmin") || roles.Contains("SubAdmin"))
{
return(RedirectToAction("AdminDashBoard", "Admin"));
}
return(RedirectToAction("Dashboard", "RegisteredUser"));
}
if (TempData["EmailVerified"] != null)
{
ViewBag.EmailVerificationMsg = TempData["EmailVerifiedMsg"].ToString();
ViewBag.EmailVerified = (bool)TempData["EmailVerified"];
}
return(View());
}
public ActionResult GetProfilePicture(string MemberId, string UserProfile)
{
/* Here Member ID is id of members whose assests we are trying to access i.e. images and notes,
* so if member id and current userid matches we need not to check if user should have access to member ID's
* assets. But in other case if we are trying to access notes we first needs to check if user should have access to data,
* and then proceed accordingly.
*/
/* here we store file name as imagename$jpg in database and we split path in imagename and
* extension jpg. this way we can stop server from treating request as request for static file.
* without this we need to configure web.config and add http handler.
*/
string[] FileAndExtention = UserProfile.Split('$');
string FileName = FileAndExtention[0] + '.' + FileAndExtention[1];
var asset = Server.MapPath("~/Members/" + MemberId + @"/" + FileName);
Boolean IsAccessible = true;
//If they anonymous user want to access note attachment directly we need to send unauthorized access result.
if (!Request.IsAuthenticated)
{
return(new HttpUnauthorizedResult());
}
NotesMarketPlaceRoleManager NMPRoles = new NotesMarketPlaceRoleManager();
/* check if user requesting access to other user's Display Picture via note details page, if so then we need to check
* weather user should have access to that via session variable ReviewerList.
*/
if (MimeMapping.GetMimeMapping(FileName).Contains("image"))
{
if (Session["ReviewerList"] == null)
{
IsAccessible = false;
}
else
{
List <string> ReviewerList = (List <string>)Session["ReviewerList"];
if (ReviewerList.Contains(@"/Assets/" + MemberId + @"/" + UserProfile))
{
ReviewerList.Remove(@"/Assets/" + MemberId + @"/" + UserProfile);
}
else
{
IsAccessible = false;
}
}
}
//here we are providing current user, super admin and sub admin access to data requested. (current user will only have access to it's own data).
if (MemberId == User.Identity.Name || NMPRoles.IsUserInRole(User.Identity.Name, "SuperAdmin") || NMPRoles.IsUserInRole(User.Identity.Name, "SubAdmin"))
{
IsAccessible = true;
}
else if (!System.IO.File.Exists(asset))
{
return(new HttpStatusCodeResult(HttpStatusCode.NotFound));
}
if (!IsAccessible)
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized, "You are not authorized to access this file"));
}
return(File(new FileStream(asset, FileMode.Open, FileAccess.Read), MimeMapping.GetMimeMapping(FileName), FileName));
}
public ActionResult Login(Login Client)
{
if (ModelState.IsValid)
{
/* authenticate user return 0 when it finds wrong credentials and UserID when it's successfully authenticate user */
int AuthResult = UserRepository.AuthenticateUser(Client);
if (AuthResult != 0)
{
if (Client.RememberMe == true)
{
FormsAuthentication.SetAuthCookie(AuthResult.ToString(), true);
}
else
{
FormsAuthentication.SetAuthCookie(AuthResult.ToString(), false);
}
//saving it in session to use it somewhere
Session["UserID"] = AuthResult;
UserProfileModel userProfile = UserRepository.GetUserData(AuthResult);
//if email is not verified redirect to login with verify email message
if (!userProfile.User.IsEmailVerified)
{
FormsAuthentication.SignOut();
TempData["EmailVerified"] = false;
TempData["EmailVerifiedMsg"] = "Please Verify Email Address Via Mail We Have Sent You.";
return(RedirectToAction("Login", "Authentication"));
}
if (!String.IsNullOrEmpty(userProfile.ProfilePicture))
{
Session["UserProfile"] = userProfile.ProfilePicture;
}
else
{
Session["UserProfile"] = "/Content/SystemConfig/DefaultUserProfile.png";
}
Session["FullName"] = userProfile.User.FirstName + " " + userProfile.User.LastName;
Session["Email"] = userProfile.User.Email;
//if not entered user profile data redirect to user profile
if (userProfile.Country == null)
{
return(RedirectToAction("UserProfile", "RegisteredUser"));
}
else
{
//Check if Admin
string[] roles = new NotesMarketPlaceRoleManager().GetRolesForUser(AuthResult.ToString());
if (roles.Contains("SuperAdmin") | roles.Contains("SubAdmin"))
{
return(RedirectToAction("AdminDashBoard", "Admin"));
}
return(RedirectToAction("Dashboard", "RegisteredUser"));
}
}
else
{
ViewBag.Success = false;
return(View());
}
}
else
{
return(View());
}
}
