public ActionResult Dashboard() { if (Session["UserID"] == null) { return(RedirectToAction("Login", "Authentication", new { ReturnUrl = "/RegisteredUser/Dashboard" })); } //Check if Admin string[] roles = new NotesMarketPlaceRoleManager().GetRolesForUser(User.Identity.Name); if (roles.Contains("SuperAdmin") || roles.Contains("SubAdmin")) { return(RedirectToAction("AdminDashBoard", "Admin")); } int UserID = Convert.ToInt32(User.Identity.Name); var Stats = DownloadRepository.GetUserStats(UserID); DashboardModel DM = new DashboardModel() { NotesSold = Stats.Item1, MoneyEarned = Stats.Item2, Downloads = Stats.Item3, Rejecteds = Stats.Item4, BuyerRequests = Stats.Item5, InProgressNotes = NotesRepository.GetInProgressNotes(UserID), PublishedNotes = NotesRepository.GetPublishedNotes(UserID) }; ViewBag.Title = "Dashboard"; ViewBag.Authorized = true; return(View(DM)); }
public ActionResult Login() { //If already login redirect to user dashboard if (Request.IsAuthenticated) { Session["UserID"] = User.Identity.Name; UserProfileModel userProfile = UserRepository.GetUserData(Convert.ToInt32(Session["UserID"])); if (!String.IsNullOrEmpty(userProfile.ProfilePicture)) { Session["UserProfile"] = userProfile.ProfilePicture; } else { Session["UserProfile"] = "/Content/SystemConfig/DefaultUserProfile.png"; } Session["FullName"] = userProfile.User.FirstName + " " + userProfile.User.LastName; Session["Email"] = userProfile.User.Email; //Check if Admin string[] roles = new NotesMarketPlaceRoleManager().GetRolesForUser(User.Identity.Name); if (roles.Contains("SuperAdmin") || roles.Contains("SubAdmin")) { return(RedirectToAction("AdminDashBoard", "Admin")); } return(RedirectToAction("Dashboard", "RegisteredUser")); } if (TempData["EmailVerified"] != null) { ViewBag.EmailVerificationMsg = TempData["EmailVerifiedMsg"].ToString(); ViewBag.EmailVerified = (bool)TempData["EmailVerified"]; } return(View()); }
public ActionResult GetProfilePicture(string MemberId, string UserProfile) { /* Here Member ID is id of members whose assests we are trying to access i.e. images and notes, * so if member id and current userid matches we need not to check if user should have access to member ID's * assets. But in other case if we are trying to access notes we first needs to check if user should have access to data, * and then proceed accordingly. */ /* here we store file name as imagename$jpg in database and we split path in imagename and * extension jpg. this way we can stop server from treating request as request for static file. * without this we need to configure web.config and add http handler. */ string[] FileAndExtention = UserProfile.Split('$'); string FileName = FileAndExtention[0] + '.' + FileAndExtention[1]; var asset = Server.MapPath("~/Members/" + MemberId + @"/" + FileName); Boolean IsAccessible = true; //If they anonymous user want to access note attachment directly we need to send unauthorized access result. if (!Request.IsAuthenticated) { return(new HttpUnauthorizedResult()); } NotesMarketPlaceRoleManager NMPRoles = new NotesMarketPlaceRoleManager(); /* check if user requesting access to other user's Display Picture via note details page, if so then we need to check * weather user should have access to that via session variable ReviewerList. */ if (MimeMapping.GetMimeMapping(FileName).Contains("image")) { if (Session["ReviewerList"] == null) { IsAccessible = false; } else { List <string> ReviewerList = (List <string>)Session["ReviewerList"]; if (ReviewerList.Contains(@"/Assets/" + MemberId + @"/" + UserProfile)) { ReviewerList.Remove(@"/Assets/" + MemberId + @"/" + UserProfile); } else { IsAccessible = false; } } } //here we are providing current user, super admin and sub admin access to data requested. (current user will only have access to it's own data). if (MemberId == User.Identity.Name || NMPRoles.IsUserInRole(User.Identity.Name, "SuperAdmin") || NMPRoles.IsUserInRole(User.Identity.Name, "SubAdmin")) { IsAccessible = true; } else if (!System.IO.File.Exists(asset)) { return(new HttpStatusCodeResult(HttpStatusCode.NotFound)); } if (!IsAccessible) { return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized, "You are not authorized to access this file")); } return(File(new FileStream(asset, FileMode.Open, FileAccess.Read), MimeMapping.GetMimeMapping(FileName), FileName)); }
public ActionResult Login(Login Client) { if (ModelState.IsValid) { /* authenticate user return 0 when it finds wrong credentials and UserID when it's successfully authenticate user */ int AuthResult = UserRepository.AuthenticateUser(Client); if (AuthResult != 0) { if (Client.RememberMe == true) { FormsAuthentication.SetAuthCookie(AuthResult.ToString(), true); } else { FormsAuthentication.SetAuthCookie(AuthResult.ToString(), false); } //saving it in session to use it somewhere Session["UserID"] = AuthResult; UserProfileModel userProfile = UserRepository.GetUserData(AuthResult); //if email is not verified redirect to login with verify email message if (!userProfile.User.IsEmailVerified) { FormsAuthentication.SignOut(); TempData["EmailVerified"] = false; TempData["EmailVerifiedMsg"] = "Please Verify Email Address Via Mail We Have Sent You."; return(RedirectToAction("Login", "Authentication")); } if (!String.IsNullOrEmpty(userProfile.ProfilePicture)) { Session["UserProfile"] = userProfile.ProfilePicture; } else { Session["UserProfile"] = "/Content/SystemConfig/DefaultUserProfile.png"; } Session["FullName"] = userProfile.User.FirstName + " " + userProfile.User.LastName; Session["Email"] = userProfile.User.Email; //if not entered user profile data redirect to user profile if (userProfile.Country == null) { return(RedirectToAction("UserProfile", "RegisteredUser")); } else { //Check if Admin string[] roles = new NotesMarketPlaceRoleManager().GetRolesForUser(AuthResult.ToString()); if (roles.Contains("SuperAdmin") | roles.Contains("SubAdmin")) { return(RedirectToAction("AdminDashBoard", "Admin")); } return(RedirectToAction("Dashboard", "RegisteredUser")); } } else { ViewBag.Success = false; return(View()); } } else { return(View()); } }