public ActionResult RecoverPassword()
{
var passwordResetToken = Request["PasswordResetToken"] ?? "";
using (var context = new SEContext())
{
var user = context.User.Include("SecurityQuestionLookupItem").Where(u => u.PasswordResetToken == passwordResetToken && u.PasswordResetExpiry > DateTime.Now).FirstOrDefault();
if (user == null)
{
HandleErrorInfo error = new HandleErrorInfo(new ArgumentException("INFO: The password recovery token is not valid or has expired"), "Account", "RecoverPassword");
return(View("Error", error));
}
if (user.Enabled == false)
{
HandleErrorInfo error = new HandleErrorInfo(new InvalidOperationException("INFO: Your account is not currently approved or active"), "Account", "Recover");
return(View("Error", error));
}
RecoverPassword recoverPasswordModel = new RecoverPassword()
{
Id = user.Id,
SecurityAnswer = "",
SecurityQuestion = user.SecurityQuestionLookupItem.Description,
PasswordResetToken = passwordResetToken,
UserName = user.UserName
};
return(View("RecoverPassword", recoverPasswordModel));
}
}
public List <string> searchFile(string tokenString)
{
//存储文件ID信息的list
List <string> fileList = null;
using (SEContext context = new SEContext())
{
var IsTokenExisted = from token in context.Token
where token.TokenId == tokenString
select token;
if (IsTokenExisted != null)
{
var fileListInfo = from file in context.Token_File
where file.TokenId == tokenString
select file;
foreach (var item in fileListInfo)
{
fileList.Add(item.FileId);
}
}
}
return(fileList);
}
public ActionResult Recover(Recover model)
{
if (ModelState.IsValid)
{
using (var context = new SEContext())
{
var user = context.User.Where(u => u.UserName == model.UserName && u.Enabled && u.EmailVerified && u.Approved).FirstOrDefault();
var recaptchaSuccess = ValidateRecaptcha();
if (user != null && recaptchaSuccess)
{
user.PasswordResetToken = Guid.NewGuid().ToString().Replace("-", "");
user.PasswordResetExpiry = DateTime.Now.AddMinutes(15);
// Send recovery email with link to recover password form
string emailBody = string.Format("A request has been received to reset your {0} password. You can complete this process any time within the next 15 minutes by clicking <a href='{1}Account/RecoverPassword?PasswordResetToken={2}'>{1}Account/RecoverPassword?PasswordResetToken={2}</a>. If you did not request this then you can ignore this email.", ConfigurationManager.AppSettings["ApplicationName"].ToString(), ConfigurationManager.AppSettings["WebsiteBaseUrl"].ToString(), user.PasswordResetToken);
string emailSubject = string.Format("{0} - Complete the password recovery process", ConfigurationManager.AppSettings["ApplicationName"].ToString());
Services.SendEmail(ConfigurationManager.AppSettings["DefaultFromEmailAddress"].ToString(), new List <string>()
{
user.UserName
}, null, null, emailSubject, emailBody, true);
user.UserLogs.Add(new UserLog()
{
Description = "Password reset link generated and sent"
});
context.SaveChanges();
return(View("RecoverSuccess"));
}
}
}
return(View(model));
}
public async Task <ActionResult> ChangePassword(ChangePassword model)
{
ViewBag.ReturnUrl = Url.Action("ChangePassword");
var userId = Convert.ToInt32(User.Identity.GetUserId());
var result = await UserManager.ChangePasswordAsync(userId, model.OldPassword, model.NewPassword);
if (result.Succeeded)
{
SEContext context = new SEContext();
var user = context.User.Where(u => u.Id == userId).FirstOrDefault();
// Email recipient with password change acknowledgement
string emailBody = string.Format("Just a little note from {0} to say your password has been changed today, if this wasn't done by yourself, please contact the site administrator asap", ConfigurationManager.AppSettings["ApplicationName"].ToString());
string emailSubject = string.Format("{0} - Password change confirmation", ConfigurationManager.AppSettings["ApplicationName"].ToString());
Services.SendEmail(ConfigurationManager.AppSettings["DefaultFromEmailAddress"].ToString(), new List <string>()
{
user.UserName
}, null, null, emailSubject, emailBody, true);
context.SaveChanges();
return(RedirectToAction("ChangePassword", new { Message = ManageMessageId.ChangePasswordSuccess }));
}
else
{
AddErrors(result);
}
return(View(model));
}
public bool addStockExchange(SEContext se)
{
ctx.SEContexts.Add(se);
int b = ctx.SaveChanges();
return(b > 0);
}
public ActionResult OverPostingEdit(int id, FormCollection collection)
{
using (var context = new SEContext())
{
var users = context.User.Where(u => u.Id == id);
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.FirstOrDefault();
var currentUser = Convert.ToInt32(User.Identity.GetUserId());
var propertiesToUpdate = new List <string>()
//{
// "FirstName", "LastName", "TelNoHome", "TelNoMobile", "TelNoWork", "Title",
// "Town","Postcode", "SkypeName"
//}
;
if (TryUpdateModel(user, "User", propertiesToUpdate.ToArray(), collection))
{
context.SaveChanges();
ViewBag.Notification = "Details updated";
return(View("OverPostingEdit"));
}
return(View(new UserViewModel(currentUser, User.IsInRole("Admin"), user)));
}
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AuthConfig.RegisterAuth();
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
// SECURE: Remove automatic XFrame option header so we can add it in filters to entire site
System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
// SECURE: Remove server information disclosure
MvcHandler.DisableMvcResponseHeader = true;
using (var context = new SEContext())
{
context.Database.Initialize(true);
}
Log.Logger = new LoggerConfiguration()
.WriteTo.MSSqlServer(ConfigurationManager.ConnectionStrings["DefaultConnection"].ToString(), "Logs")
.MinimumLevel.Debug()
.CreateLogger();
Log.Information("Application started");
}
public ActionResult InformationDisclosure()
{
SEContext context = new SEContext();
var user = context.User.Where(u => u.Id == 38).FirstOrDefault();
user.LastName = "Bill";
return(View(user)); // Will never get here
}
public async Task <ActionResult> Register(FormCollection collection)
{
var user = new User();
var password = collection["Password"].ToString();
var confirmPassword = collection["ConfirmPassword"].ToString();
using (var context = new SEContext())
{
if (ModelState.IsValid)
{
var propertiesToUpdate = new[]
{
"FirstName", "LastName", "UserName", "SecurityQuestionLookupItemId", "SecurityAnswer"
};
if (TryUpdateModel(user, "User", propertiesToUpdate, collection))
{
var recaptchaSuccess = ValidateRecaptcha();
if (recaptchaSuccess)
{
var result = await UserManager.CreateAsync(user.UserName, user.FirstName, user.LastName, password, confirmPassword,
user.SecurityQuestionLookupItemId, user.SecurityAnswer);
if (result.Succeeded || result.Errors.Any(e => e == "Username already registered"))
{
user = context.User.Where(u => u.UserName == user.UserName).FirstOrDefault();
// Email the user to complete the email verification process or inform them of a duplicate registration and would they like to change their password
string emailBody = "";
string emailSubject = "";
if (result.Succeeded)
{
emailSubject = string.Format("{0} - Complete your registration", ConfigurationManager.AppSettings["ApplicationName"].ToString());
emailBody = string.Format("Welcome to {0}, to complete your registration we just need to confirm your email address by clicking <a href='{1}Account/EmailVerify?EmailVerficationToken={2}'>{1}Account/EmailVerify?EmailVerficationToken={2}</a>. If you did not request this registration then you can ignore this email and do not need to take any further action", ConfigurationManager.AppSettings["ApplicationName"].ToString(), ConfigurationManager.AppSettings["WebsiteBaseUrl"].ToString(), user.EmailConfirmationToken);
}
else
{
emailSubject = string.Format("{0} - Duplicate Registration", ConfigurationManager.AppSettings["ApplicationName"].ToString());
emailBody = string.Format("You already have an account on {0}. You (or possibly someone else) just attempted to register on {0} with this email address. However you are registered and cannot re-register with the same address. If you'd like to login you can do so by clicking here: <a href='{1}Account/LogOn'>{1}Account/LogOn</a>. If you have forgotten your password you can answer some security questions here to reset your password:<a href='{1}Account/LogOn'>{1}Account/Recover</a>. If it wasn't you who attempted to register with this email address or you did it by mistake, you can safely ignore this email", ConfigurationManager.AppSettings["ApplicationName"].ToString(), ConfigurationManager.AppSettings["WebsiteBaseUrl"].ToString());
}
Services.SendEmail(ConfigurationManager.AppSettings["DefaultFromEmailAddress"].ToString(), new List <string>()
{
user.UserName
}, null, null, emailSubject, emailBody, true);
return(View("RegisterSuccess"));
}
else
{
AddErrors(result);
}
}
}
}
var securityQuestions = context.LookupItem.Where(l => l.LookupTypeId == CONSTS.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList();
var registerViewModel = new RegisterViewModel(confirmPassword, password, user, securityQuestions);
return(View(registerViewModel));
}
}
public ActionResult Register()
{
using (var context = new SEContext())
{
var securityQuestions = context.LookupItem.Where(l => l.LookupTypeId == CONSTS.LookupTypeId.SecurityQuestion && l.IsHidden == false).OrderBy(o => o.Ordinal).ToList();
var registerViewModel = new RegisterViewModel("", "", new User(), securityQuestions);
return(View(registerViewModel));
}
}
public ActionResult OverPostingEdit(int id)
{
using (var context = new SEContext())
{
var users = context.User.Where(u => u.Id == id);
var currentUser = Convert.ToInt32(User.Identity.GetUserId());
var user = users.FirstOrDefault();
return(View(new UserViewModel(currentUser, User.IsInRole("Admin"), user)));
}
}
protected virtual void Dispose(bool disposing)
{
if (disposing)
{
// free managed resources
if (this.dbContext != null)
{
this.dbContext.Dispose();
this.dbContext = null;
}
}
}
public async Task <ActionResult> RecoverPassword(RecoverPassword recoverPasswordModel)
{
using (var context = new SEContext())
{
var user = context.User.Where(u => u.Id == recoverPasswordModel.Id).FirstOrDefault();
if (user == null)
{
HandleErrorInfo error = new HandleErrorInfo(new Exception("INFO: The user is not valid"), "Account", "RecoverPassword");
return(View("Error", error));
}
if (!(user.Enabled))
{
HandleErrorInfo error = new HandleErrorInfo(new Exception("INFO: Your account is not currently approved or active"), "Account", "Recover");
return(View("Error", error));
}
if (user.SecurityAnswer != recoverPasswordModel.SecurityAnswer)
{
ModelState.AddModelError("SecurityAnswer", "The security answer is incorrect");
return(View("RecoverPassword", recoverPasswordModel));
}
if (recoverPasswordModel.Password != recoverPasswordModel.ConfirmPassword)
{
ModelState.AddModelError("ConfirmPassword", "The passwords do not match");
return(View("RecoverPassword", recoverPasswordModel));
}
var recaptchaSuccess = ValidateRecaptcha();
if (ModelState.IsValid && recaptchaSuccess)
{
var result = await UserManager.ChangePasswordFromTokenAsync(user.Id, recoverPasswordModel.PasswordResetToken, recoverPasswordModel.Password);
if (result.Succeeded)
{
context.SaveChanges();
await UserManager.SignInAsync(user.UserName, false);
return(View("RecoverPasswordSuccess"));
}
else
{
AddErrors(result);
return(View("RecoverPassword", recoverPasswordModel));
}
}
else
{
ModelState.AddModelError("", "Password change was not successful");
return(View("RecoverPassword", recoverPasswordModel));
}
}
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AuthConfig.RegisterAuth();
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
using (var context = new SEContext())
{
context.Database.Initialize(true);
}
}
public IActionResult addSEdata(SEContext obj)
{
if (ModelState.IsValid == false)
{
return(BadRequest(ModelState));
}
var result = repo.addStockExchange(obj);
if (!result)
{
return(BadRequest("Error saving products"));
}
return(Created("No Url", new { message = "company added" }));
}
public void Initialize()
{
IConfiguration ObjConfiguration = new ConfigurationBuilder()
.SetBasePath(AppDomain.CurrentDomain.BaseDirectory)
.AddJsonFile("appsettings.json")
.Build();
string str = ObjConfiguration.GetConnectionString("Constr");
DbContextOptions <DBContext> options = new DbContextOptionsBuilder <DBContext>().UseSqlServer(str).Options;
DBContext ObjContext = new DBContext(options);
IRepository5 rp = new Repository5(ObjContext);
se = new StockExchangeController(rp);
se_data = new SEContext()
{
name = "demo", brief = "demo", address = "demo", remarks = "demo"
};
}
public ActionResult Edit(int id, FormCollection collection)
{
using (var context = new SEContext())
{
var users = context.User.Where(u => u.Id == id);
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.FirstOrDefault();
var currentUser = Convert.ToInt32(User.Identity.GetUserId());
// SECURE: Check user should have access to this account
if (!User.IsInRole("Admin") && currentUser != user.Id)
{
return(new HttpNotFoundResult());
}
var propertiesToUpdate = new List <string>()
{
"FirstName", "LastName", "TelNoHome", "TelNoMobile", "TelNoWork", "Title",
"Town", "Postcode", "SkypeName"
};
if (User.IsInRole("Admin"))
{
propertiesToUpdate.Add("Approved");
propertiesToUpdate.Add("Enabled");
propertiesToUpdate.Add("UserName");
}
if (TryUpdateModel(user, "User", propertiesToUpdate.ToArray(), collection))
{
if (user.Id == currentUser && user.Enabled == false)
{
ModelState.AddModelError("", "You cannot disable your own user account");
}
else
{
context.SaveChanges();
return(RedirectToAction("Index", "User"));
}
}
return(View(new UserViewModel(currentUser, User.IsInRole("Admin"), user)));
}
}
//存储token和fileId对应信息
public int SaveToken(string tokenString, FileInfo file)
{
using (SEContext context = new SEContext())
{
var IsTokenExisted = from token in context.Token
where token.TokenId == tokenString
select token;
if (IsTokenExisted == null)
{
context.Token.Add(
new Token {
TokenId = tokenString
});
context.SaveChanges();
}
var IsFileExisted = from fileInfo in context.FileInfo
where fileInfo.FileInfoId == file.FileInfoId
select fileInfo;
if (IsFileExisted == null)
{
context.FileInfo.Add(file);
context.SaveChanges();
}
var IsRecordExisted = from item in context.Token_File
where item.TokenId == tokenString
where item.FileId == file.FileInfoId
select item;
if (IsRecordExisted == null)
{
context.Token_File.Add(
new Token_File
{
FileId = file.FileInfoId,
TokenId = tokenString
}
);
context.SaveChanges();
}
}
return(0);
}
/// <summary>
///
/// </summary>
/// <param name="id">Unique identifier for the user</param>
/// <returns></returns>
public ActionResult ChangeEmailAddress(int id)
{
using (var context = new SEContext())
{
var users = context.User.Where(u => u.Id == id);
var currentUser = Convert.ToInt32(User.Identity.GetUserId());
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.FirstOrDefault();
// SECURE: Check user should have access to this account
if (!User.IsInRole("Admin") && currentUser != user.Id)
{
return(new HttpNotFoundResult());
}
return(View(new UserViewModel(currentUser, User.IsInRole("Admin"), user)));
}
}
//保存文件信息
public int SaveFileId(FileInfo fileInfo)
{
using (SEContext context = new SEContext())
{
string fileId = fileInfo.FileInfoId;
var info = from file in context.FileInfo
where file.FileInfoId == fileId
select file;
if (info != null)
{
return(-1);
}
else
{
context.FileInfo.Add(fileInfo);
}
context.SaveChanges();
}
return(0);
}
/// <summary>
///
/// </summary>
/// <param name="id">Unique identifier for the user</param>
/// <returns></returns>
public ActionResult Log(int id)
{
using (var context = new SEContext())
{
var users = context.User.Where(u => u.Id == id);
var currentUser = Convert.ToInt32(User.Identity.GetUserId());
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.FirstOrDefault();
// SECURE: Check user should have access to this account
if (!User.IsInRole("Admin") && currentUser != user.Id)
{
return(new HttpNotFoundResult());
}
ViewBag.UserName = user.UserName;
return(View(user.UserLogs.OrderByDescending(ul => ul.DateCreated).Take(10).ToList()));
}
}
public ActionResult Landing()
{
var currentUserId = Convert.ToInt32(User.Identity.GetUserId());
using (var context = new SEContext())
{
var users = context.User.Where(u => u.Id == currentUserId);
if (users.ToList().Count == 0)
{
return(new HttpNotFoundResult());
}
var user = users.FirstOrDefault();
var activityLogs = user.UserLogs.OrderByDescending(d => d.DateCreated);
UserLog lastAccountActivity = null;
if (activityLogs.ToList().Count > 1)
{
lastAccountActivity = activityLogs.Skip(1).FirstOrDefault();
}
return(View(new LandingViewModel(user.FirstName, lastAccountActivity, currentUserId)));
}
}
public void SignOut()
{
try
{
var userName = AuthenticationManager.User.Identity.Name;
using (var context = new SEContext())
{
var user = context.User.Where(u => u.UserName == userName).FirstOrDefault();
user.UserLogs.Add(new UserLog()
{
Description = "User Logged Off"
});
context.SaveChanges();
}
}
catch {
}
finally
{
AuthenticationManager.SignOut();
}
}
public ActionResult EmailVerify()
{
var emailVerificationToken = Request["EmailVerficationToken"] ?? "";
using (var context = new SEContext())
{
var user = context.User.Where(u => u.EmailConfirmationToken == emailVerificationToken).FirstOrDefault();
if (user == null)
{
HandleErrorInfo error = new HandleErrorInfo(new ArgumentException("INFO: The email verification token is not valid or has expired"), "Account", "EmailVerify");
return(View("Error", error));
}
user.EmailVerified = true;
user.EmailConfirmationToken = null;
user.UserLogs.Add(new UserLog()
{
Description = "User Confirmed Email Address"
});
context.SaveChanges();
return(View("EmailVerificationSuccess"));
}
}
public UserStore(SEContext dbContext)
{
this.dbContext = dbContext;
}
public UserRepository(SEContext context) : base(context)
{
}
public MyUserManager()
{
Context = new SEContext();
UserStore = new UserStore <User>(Context);
}
public UserController()
{
context = new SEContext();
}
public UnitOfWork(SEContext context)
{
_context = context;
}
public BaseRepository(SEContext context)
{
Context = context;
}
