internal String ListOfLanguages()
{
Jezyki[] languages = GetLanguagesFromSQL("SELECT * FROM Jezyki;", SQLConnector.GetSQLConnection());
String HTMLTable = "<table>";
int i = 0;
while (i < languages.Length)
{
HTMLTable += "<tr><td>" + languages[i].JezykID + "</td><td>" + languages[i].Nazwa + "</td><td><a href=\"?content=EditLanguage&ID=" + languages[i].JezykID + "\">edycja</a></td><td><a href=\"?content=DeleteLanguage&ID=" + languages[i].JezykID + "\">usuń</a></td></tr>";
i++;
}
return(HTMLTable + "</table>");
}
public int?GetUserID(HttpCookie username, System.Web.SessionState.HttpSessionState Session)
{
if ((username == null) && (((Session["userLogin"] == null) && (Session["userPassHash"] == null))))
{
return(null);
}
else
{
String login = (username != null) ? username.Values["login"] : (((Session["userLogin"] != null) && (Session["userPassHash"] != null)) ? Session["userLogin"].ToString() : null);
String query = "SELECT UserID FROM Users WHERE Login = '******';";
return(GetRightsFromSQL(query, SQLConnector.GetSQLConnection()));
}
}
public AdminRightsChecker(HttpCookie username, System.Web.SessionState.HttpSessionState Session)
{
if ((username == null) && (((Session["userLogin"] == null) && (Session["userPassHash"] == null))))
{
this.rights = 4; // brak zalogowania - na pewno nie jest adminem :)
}
else
{
String login = (username != null) ? username.Values["login"] : (((Session["userLogin"] != null) && (Session["userPassHash"] != null)) ? Session["userLogin"].ToString() : null);
String query = "SELECT CzyAdmin FROM Users WHERE Login = '******';";
this.rights = GetRightsFromSQL(query, SQLConnector.GetSQLConnection());
}
}
internal String ManageCourses(bool CzyAdmin)
{
String query = "SELECT k.KursID AS [IDkursu], k.Typ AS [TypKursu], j.Nazwa AS [Jezyk], p.Nazwa AS [Poziom], u.Imie AS [ImieProwadzacego], u.Nazwisko AS [NazwiskoProwadzacego], u.\"E-mail\" AS [E-mail prowadzacego] FROM Kursy k JOIN Users u ON (u.UserID = k.IDprowadzacego) JOIN Jezyki j ON (j.JezykID = k.Jezyk) JOIN Poziomy p ON (p.PoziomID = k.Poziom);";
Courses[] cours = GetCoursesFromSQL(query, SQLConnector.GetSQLConnection());
String result = "<h2>Lista kursów w bazie:</h2><table>";
result += "<tr><td>ID kursu</td><td>Typ kursu</td><td>Język</td><td>Poziom</td><td>Imię Prowadzącego</td><td>Nazwisko Prowadzącego</td><td>E-mail Prowadzącego</td></tr>";
int i = 0;
while (i < cours.Length)
{
result += "<tr><td>" + cours[i].IDkursu + "</td><td>" + cours[i].TypKursu + "</td><td>" + cours[i].Jezyk + "</td><td>" + cours[i].Poziom + "</td><td>" + cours[i].ImieProwadzacego + "</td><td>" + cours[i].NazwiskoProwadzacego + "</td><td>" + cours[i].EmailProwadzacego + "</td>";
AdminRightsChecker rights = new AdminRightsChecker(Request.Cookies["user"], Session);
if (rights.CzySek())
{
result += "<td><a href=\"?content=ManageMaterials&ID=" + cours[i].IDkursu + "\">Zarządzaj materiałami do kursu</a></td><td><a href=\"?content=EditCourses&ID=" + cours[i].IDkursu + "\">edycja</a>" + "</td></tr>";
}
/*
* if (rights.CzyAdmin())
* {
* result += "<td><a href=\"?content=EditCourses&ID=" + cours[i].IDkursu + "\">edycja</a>" + "</td></tr>";
* }
*/
else
{
result += "</tr>";
}
i++;
}
result += "</table>";
// Dodaj nowy kurs:
if (CzyAdmin)
{
result += "<p><a href=\"?content=AddCourse\" class=\"blackHyperlink\">Dodaj nowy kurs</a></p>";
result += "<p><a href=\"?content=\">Powrót</a></p>";
}
return(result);
}
public AdminRightsChecker(int userID)
{
String query = "SELECT CzyAdmin FROM Users WHERE UserID = '" + userID + "';";
this.rights = GetRightsFromSQL(query, SQLConnector.GetSQLConnection());
}
private static bool LoginValidate(String login)
{
if (login.Length <= 0) // pusty
{
return(false);
}
else
{
SQLResTable[] SQLResults = GetLoginsFromSQL("SELECT Login FROM Users WHERE Login = '******'", SQLConnector.GetSQLConnection());
if ((SQLResults != null) && (SQLResults.Length > 0))
{
return(false); // login zajęty
}
else
{
return(true);
}
}
}
public String CheckPass(String login, String password)
{ // Zwraca hash hasła, jeśli prawidłowe lub null, jeśli nieprawidłowe
LoginRes[] SQLResults = GetLoginsFromSQL("SELECT Login, PasswordSalt, PasswordHash FROM Users WHERE Login = '******'", SQLConnector.GetSQLConnection());
// zakładamy, że może być tylko jedna osoba z danym loginem
if ((SQLResults != null) && (SQLResults.Length == 1))
{
String PasswordSalt = SQLResults[0].PasswordSalt;
String PasswordHash = SQLResults[0].PasswordHash;
if (HashGen.CreateSHAHash(password, PasswordSalt).Equals(PasswordHash))
{
return(PasswordHash);
}
else
{
return(null);
}
}
else
{
return(null); // W zasadzie wyłapujemy tu przypadek braku loginu w bazie.
}
}
