public ActionResult Add([Bind(Include = "student_ID,GrantDescription,GrantValue,DateOfIssue,KuhaFunds,grant_type_id")] StudentVoucher studentVoucher)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//lets make sure student exists
if (this.studentExists(studentVoucher.student_ID) == false)
{
ModelState.AddModelError("Student_ID", "Student ID Does Not Exist");
//return View(StudentRegistration);
}
//check the required grant requirements have been meet
GrantType GrantType = db.GrantTypes.Find(studentVoucher.grant_type_id);
if (GrantType.grant_description == true && (String.IsNullOrEmpty(studentVoucher.GrantDescription)))
ModelState.AddModelError("GrantDescription", "Grant description must contain details it is required");
if (GrantType.grant_value == true && studentVoucher.GrantValue <= 0)
ModelState.AddModelError("GrantValue", "GrantValue needs to be greater than 0");
if (ModelState.IsValid)
{
db.StudentVouchers.Add(studentVoucher);
db.SaveChanges();
return RedirectToAction("Index");
}
//pass back our data
ViewBag.grant_type_id = db.GrantTypes;
ViewBag.student_ID = (studentVoucher.student_ID != null) ? studentVoucher.student_ID : String.Empty;
return View(studentVoucher);
}
public bool GetUserRoles(string username, string access_level)
{
if (username == null || access_level == null) return false;
//get users roles
try {
StudentRegistrationsModel db = new StudentRegistrationsModel();
var adminRoles = from theAdmin in db.Administrators
where theAdmin.Email == username
//join theRoles in db.Roles on theAdmin.UserId equals theRoles.UserId
join theAdminRoles in db.RoleTypes on theAdmin.role_type_id equals theAdminRoles.role_type_id
select new
{
role_name = theAdminRoles.role_name
};
foreach (var role in adminRoles){
if (role.role_name == access_level) return true;
}
return false;
}
catch (Exception e) {
return false;
}
}
public ActionResult Create([Bind(Include =
"Student_ID,FirstName,LastName,Gender,DOB,Address1,Accomodition_Type,Phone,Mobile,Email,Marital_Status,Contact,Main_Ethnicity,id_faculty,id_courses,Detailed_Ethnicity,id_campus")] StudentRegistration studentRegistration)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//error checking goes here
//lets make sure we don't already have this Student_ID
if (this.studentExists(studentRegistration.Student_ID))
{
ModelState.AddModelError("Student_ID", "Student ID Already Exists");
//return View(StudentRegistration);
}
if (studentRegistration.Student_ID == null || studentRegistration.Student_ID.ToString().Trim() == String.Empty)
{
ModelState.AddModelError("Student_ID", "Can not be blank or empty");
//return View(StudentRegistration);
}
if (ModelState.IsValid)
{
//administrator.UserType = "Admin";
// db.Administrators.Add(administrator);
db.StudentRegistrations.Add(studentRegistration);
db.SaveChanges();
/*
try
{
// Could also be before try if you know the exception occurs in SaveChanges
}
catch (DbEntityValidationException e)
{
foreach (var eve in e.EntityValidationErrors)
{
System.Diagnostics.Debug.WriteLine("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:",
eve.Entry.Entity.GetType().Name, eve.Entry.State);
foreach (var ve in eve.ValidationErrors)
{
System.Diagnostics.Debug.WriteLine("- Property: \"{0}\", Value: \"{1}\", Error: \"{2}\"",
ve.PropertyName,
eve.Entry.CurrentValues.GetValue<object>(ve.PropertyName),
ve.ErrorMessage);
}
}
throw;
}
*/
return RedirectToAction("Index");
}
ViewBag.id_courses = new SelectList(db.Courses, "id_courses", "course_name");
ViewBag.id_faculty = new SelectList(db.Faculties, "id_faculty", "faculty_name");
ViewBag.id_campus = new SelectList(db.Campus, "id_campus", "campus_name");
return View(studentRegistration);
}
//StudentRegistration/Create
public ActionResult Create()
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
ViewBag.id_courses = new SelectList(String.Empty, "id_courses", "course_name");
ViewBag.id_faculty = new SelectList(db.Faculties, "id_faculty", "faculty_name");
ViewBag.id_campus = new SelectList(db.Campus, "id_campus", "campus_name");
return View();
}
public ActionResult Add()
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
Administrator theAdmins = new Administrator();
//theAdmins = db.Administrators();
//var role_list = db.RoleTypes;
//var model = new Administrator();
//model.Roles = new SelectList(db.RoleTypes, "role_type_id", "role_name");
ViewBag.role_type_id = new SelectList(db.RoleTypes, "role_type_id", "role_description");
ViewBag.password_match = String.Empty;
return View(theAdmins);
}
public ActionResult Add(Administrator newAdmin)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//newAdmin.Roles = Request.Form["admin_roles"];
ViewBag.role_type_id = new SelectList(db.RoleTypes, "role_type_id", "role_description");
//ViewBag.Roles = Request.Form["admin_roles"];
ViewBag.password_match = Request.Form["password_match"];
//check for unique email address
//if (ModelState.ContainsKey("Roles"))
// ModelState["Roles"].Errors.Clear();
if (db.Administrators.Any(m => m.Email.ToLower() == newAdmin.Email.ToLower()))
{
ModelState.AddModelError("Email", "Admin email already exists!");
}
//check password match
if (newAdmin.Password != Request.Form["password_match"])
{
//clear the viewbag password so they re-type
ViewBag.password_match = String.Empty;
ModelState.AddModelError("Password", "Passwords don't match");
}
//check mobile phone number if added
if (!ModelState.IsValid)
{
return View(newAdmin);
}
//PasswordHashing passwordHash = new PasswordHashing();
newAdmin.Password = PasswordHashing.Encrypt(newAdmin.Password);
//add the admin
db.Administrators.Add(newAdmin);
db.SaveChanges();
//we will now have admin id if saved
//int theAdmin_id = newAdmin.UserId;
//check roles that need to be added
//store roles into a string array
//this.addRoles(newAdmin, Request.Form["roles"]);
return RedirectToAction("Admins");
}
// GET: StudentVouchers/Add
public ActionResult Add(String id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
StudentVoucher studentVoucher = new StudentVoucher();
//voucher.GrantType = db.GrantTypes.ToList();
//parsing to the view
//ViewBag.GrantType = Helpers.Helpers.GrantTypes();
ViewBag.grant_type_id = db.GrantTypes;
// new SelectList(db.GrantTypes, "grant_type_id", "grant_name");
//ViewBag.grant_type_id = new SelectList(db.GrantTypes, "grant_type_id", "grant_name");
ViewBag.student_ID = (id != null) ? id : String.Empty;
studentVoucher.grant_type_id = 0;
return View(studentVoucher);
}
public ActionResult byStudentID(string id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
var theVouchers = (from a in db.StudentVouchers
where a.student_ID == id
select a.id_student_vouchers
).FirstOrDefault();
if (theVouchers == null)
return RedirectToAction("Error", new { message = "Invalid student details." });
//var other_grants = db.StudentVouchers.Where(a => a.student_ID == studentVoucher.student_ID);
//studentVoucher.student_ID
return RedirectToAction("Details", new { id = theVouchers });
}
/// <summary>
/// IsValid checks a email and password against the database
/// @todo encrypt or salt password
/// </summary>
/// <param name="AdministratorLogin">by ref pass AdministratorLogin details</param>
/// <returns>returns true or false</returns>
private bool IsValid(ref AdministratorLogin administrator)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
bool IsValid = false;
string admin_email = administrator.Email;
//grab the user
var user = db.Administrators.FirstOrDefault(theUser => theUser.Email == admin_email);
if (user != null)
{
if (PasswordHashing.passwordValid(administrator.Password, user.Password))
{
//account is valid we need to update our admin account with the ID
administrator.UserId = user.UserId;
IsValid = true;
}
}
return IsValid;
}
public ActionResult Edit([Bind(Include = "UserId,Email,Password,FirstName,LastName,mobile,role_type_id")] Administrator administrator)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
if (ModelState.IsValid)
{
db.Entry(administrator).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Admins");
}
ViewBag.role_type_id = new SelectList(db.RoleTypes, "role_type_id", "role_name", administrator.role_type_id);
return View(administrator);
}
public ActionResult Edit(int? id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
Administrator administrator = db.Administrators.Find(id);
if (administrator == null)
{
return HttpNotFound();
}
ViewBag.role_type_id = new SelectList(db.RoleTypes, "role_type_id", "role_name", administrator.role_type_id);
return View(administrator);
}
public ActionResult Details(int? id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
Administrator administrator = db.Administrators.Find(id);
if (administrator == null)
{
return HttpNotFound();
}
return View(administrator);
}
public ActionResult DeleteConfirmed(int id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
Administrator administrator = db.Administrators.Find(id);
db.Administrators.Remove(administrator);
db.SaveChanges();
return RedirectToAction("Admins");
}
public ActionResult ChangePassword(AdministratorLogin theAdmin)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//passing back from session so no injection of userID or email can happen we also need to clear the model state and re-validate
ModelState.Clear();
theAdmin.Email = this.AdminSession().Email;
theAdmin.UserId = this.AdminSession().UserId;
TryValidateModel(theAdmin);
//ModelState.Clear();
//check password match
if (theAdmin.Password != Request.Form["password_match"])
{
//clear the viewbag password so they re-type
ViewBag.password_match = String.Empty;
ModelState.AddModelError("Password", "Passwords don't match");
}
if (!ModelState.IsValid)
{
foreach (ModelState modelState in ViewData.ModelState.Values)
{
foreach (ModelError error in modelState.Errors)
{
Console.Write(error);
}
}
return View(theAdmin);
}
//grab the current admin session and update password
//process the update
AdministratorLogin thisUser = this.AdminSession();
var change = (from a in db.Administrators
where a.UserId == thisUser.UserId
select a).SingleOrDefault();
//rehash password
change.Password = PasswordHashing.Encrypt(theAdmin.Password);
//clean up from recovery
if (Session["AdministratorRecovery"] != null)
{
Session.Remove("AdministratorRecovery");
//remove any recovery options that are set
var recovery = (from b in db.Recoveries where b.UserId == change.UserId select b);
foreach (var entry in recovery)
db.Recoveries.Remove(entry);
}
db.Entry(change).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Index");
}
/// <summary>
/// Checks if a student exists
/// </summary>
/// <param name="theStudentID">ID Of student</param>
/// <returns>true or false if exists</returns>
public bool studentExists(string theStudentID)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//lets make sure we don't already have this Student_ID .Any(). will return a boolean if the entity was found
return (db.StudentRegistrations.Any(m => m.Student_ID.ToLower() == theStudentID.ToLower()));
}
// GET: StudentVouchers/Details/5
//_student_vouchers
public ActionResult StudentVouchersAll(string id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
IEnumerable<StudentVoucher> studentVouchers = db.StudentVouchers.Where(a => a.student_ID == id).ToList();
if (studentVouchers == null)
return RedirectToAction("Error", new { message = "Invalid student details." });
return View(studentVouchers);
}
public JsonResult getCourses(string faculty)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
int faculty_id = -1;
//lets convert to int
int.TryParse(faculty, out faculty_id);
//if someone modified our ajax request call :)
if (String.IsNullOrEmpty(faculty) || faculty_id == 0)
return Json("Error wrong data passed!", JsonRequestBehavior.AllowGet);
//Get list of courses for a faculty
var result = (
from course in db.Courses
where course.id_faculty == faculty_id
select new
{
id_course = course.id_courses,
course_name = course.course_name
}
);
/*
var result = db.Courses.Where(x => x.id_faculty == faculty).Select(x => new
{
id_course = x.id_courses,
course_name = x.course_name
});
*/
return Json(result, JsonRequestBehavior.AllowGet);
}
//StudentRegistration/Edit
/// <summary>
/// Allowes editing of a StudentRegistration
/// </summary>
/// <param name="id">Student ID</param>
/// <returns>View</returns>
public ActionResult Edit(String id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//if id == return
//StudentRegistration theStudent = (StudentRegistration)db.StudentRegistrations.Where(m => m.Student_ID == id);
StudentRegistration theStudent = db.StudentRegistrations.Find(id);
ViewBag.id_courses = new SelectList(db.Courses, "id_courses", "course_name");
ViewBag.id_faculty = new SelectList(db.Faculties, "id_faculty", "faculty_name");
ViewBag.id_campus = new SelectList(db.Campus, "id_campus", "campus_name");
return View(theStudent);
}
public ActionResult Code(String recovery_key)
{
if (String.IsNullOrEmpty(recovery_key))
{
return Json(new
{
success = false,
message = "Please eter a recovery key"
}, JsonRequestBehavior.AllowGet);
}
StudentRegistrationsModel db = new StudentRegistrationsModel();
/*var theAdmin = (from a in db.Administrators
join b in db.Recoveries on a.UserId equals b.UserId
where b.recovery_key == theRecoverCodey
select a).SingleOrDefault();*/
var theAdmin = (from a in db.Recoveries
where a.recovery_key == recovery_key
join b in db.Administrators on a.UserId equals b.UserId
//where b.recovery_key == theRecoverCodey
select a).SingleOrDefault();
if (theAdmin == null)
{
return Json(new
{
success = false,
message = "Incorrect Recovery KEY Details"
}, JsonRequestBehavior.AllowGet);
}
else
{
//set session the sesion
Session["AdministratorRecovery"] = (Recovery)theAdmin;
return Json(new
{
success = true,
message = "<b>Success</b> Redirecting you now...",
url = "/Administrators/ChangePassword"
}, JsonRequestBehavior.AllowGet);
}
//secure to only pass some details in session
}
public override bool IsUserInRole(string username, string roleName)
{
using (var db = new StudentRegistrationsModel())
{
var adminRoles = from theAdmin in db.Administrators
where theAdmin.Email == username
join theRoles in db.RoleTypes on theAdmin.role_type_id equals theRoles.role_type_id
//join theAdminRoles in db.RoleTypes on theRoles.role_type_id equals theAdminRoles.role_type_id
where theRoles.role_name == roleName
select theAdmin;
return (adminRoles != null) ? true : false;
}
}
public override string[] GetRolesForUser(string username)
{
using (var db = new StudentRegistrationsModel())
{
var user = db.Administrators.FirstOrDefault(u => u.Email.Equals(username, StringComparison.CurrentCultureIgnoreCase));
var adminRoles = from theAdmin in db.Administrators
where theAdmin.Email == username
join theRoles in db.RoleTypes on theAdmin.role_type_id equals theRoles.role_type_id
//join theAdminRoles in db.RoleTypes on theRoles.role_type_id equals theAdminRoles.role_type_id
select theRoles.role_name;
return adminRoles.ToArray();
}
}
public JsonResult studentSearch(string query)
{
//search for a student by name or id & last name
if (String.IsNullOrWhiteSpace(query))
{
return Json("", JsonRequestBehavior.AllowGet);
}
StudentRegistrationsModel db = new StudentRegistrationsModel();
var result = from student in db.StudentRegistrations
where
student.Student_ID.StartsWith(query) ||
student.FirstName.Contains(query) ||
student.LastName.Contains(query)
select new
{
student_id = student.Student_ID,
student_name = student.FirstName + " " + student.LastName
};
//only show 10 results max
return Json(result.Take(10), JsonRequestBehavior.AllowGet);
}
/// <summary>
/// Sends the recovery code to the user via email or sms
/// </summary>
/// <param name="theRecovery">Recovery details</param>
/// <returns>JSON if has passed Recovery checks</returns>
public JsonResult sendRecoveryCode(Recovery theRecovery)
{
//session has been removed
if (Session["AdministratorRecovery"] == null)
{
return Json(new
{
success = false,
message = "Invalid Session please refresh the browser"
}, JsonRequestBehavior.AllowGet);
}
Recovery sessRecovery = (Recovery)Session["AdministratorRecovery"];
theRecovery.Administrator.FirstName = sessRecovery.Administrator.FirstName;
theRecovery.Administrator.Password = sessRecovery.Administrator.Password;
theRecovery.UserId = sessRecovery.Administrator.UserId;
//ModelState.Clear();
StudentRegistrationsModel db = new StudentRegistrationsModel();
if (theRecovery.recovery_option == "email")
{
RecoveryComms theComms = new RecoveryComms();
if (theComms.sendEmail(ref sessRecovery) == true)
{
//success lets tell the user and save
var email = sessRecovery.Administrator.Email;
sessRecovery.Administrator = null;
db.Recoveries.Add(sessRecovery);
db.SaveChanges();
return Json(new
{
success = true,
message = String.Format("<b>Great!</b>, we have emailed you your recovery code to <b>{0}</b>", email)
}, JsonRequestBehavior.AllowGet);
}
else
{
return Json(new
{
success = false,
message = "Something bad happend"
}, JsonRequestBehavior.AllowGet);
}
}
//requesting for recovery code
if (theRecovery.recovery_option == "mobile")
{
string attemptGuess = theRecovery.Administrator.mobile;
//int.TryParse(theRecovery.Administrator.mobile,out guessNumber);
string correctAttempt = new String(sessRecovery.Administrator.mobile.
Where(x => Char.IsDigit(x)).Reverse().Take(4).Reverse().ToArray());
//success here if correct number
if (theRecovery.Administrator.mobile == correctAttempt)
{
//passover the correct mobile details
RecoveryComms theComms = new RecoveryComms();
if (theComms.sendSMS(ref sessRecovery) == true)
{
var mobile_number = sessRecovery.Administrator.mobile;
sessRecovery.Administrator = null;
db.Recoveries.Add(sessRecovery);
db.SaveChanges();
return Json(new
{
success = true,
message = String.Format("<b>Great!</b>, we have sent you a TEXT message with your recovery code to <b>{0}</b>", mobile_number)
}, JsonRequestBehavior.AllowGet);
}
else
{
return Json(new
{
success = false,
message = "Something bad happend"
}, JsonRequestBehavior.AllowGet);
}
}
else
{
return Json(new
{
success = false,
message = "Failed incorrect last digits"
}, JsonRequestBehavior.AllowGet);
}
}
return Json("", JsonRequestBehavior.AllowGet);
}
// GET: StudentVouchers/Delete/5
public ActionResult Delete(int id)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
StudentVoucher studentVoucher = db.StudentVouchers.Find(id);
if (studentVoucher == null)
{
return HttpNotFound();
}
return View(studentVoucher);
}
public ActionResult Edit(StudentRegistration theStudent)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//if id == return
//StudentRegistration theStudent = (StudentRegistration)db.StudentRegistrations.Where(m => m.Student_ID == id);
ViewBag.id_courses = new SelectList(db.Courses, "id_courses", "course_name");
ViewBag.id_faculty = new SelectList(db.Faculties, "id_faculty", "faculty_name");
ViewBag.id_campus = new SelectList(db.Campus, "id_campus", "campus_name");
if (theStudent.Student_ID == null || theStudent.Student_ID.ToString().Trim() == String.Empty)
{
ModelState.AddModelError("Student_ID", "Can not be blank or empty");
//return View(StudentRegistration);
}
if (ModelState.IsValid)
{
//administrator.UserType = "Admin";
// db.Administrators.Add(administrator);
db.Entry(theStudent).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Index");
}
return View(theStudent);
}
/// <summary>
/// Admin details returns back some of the details to the front end for the user to verify there account
/// </summary>
/// <param name="theRecovery"></param>
/// <returns></returns>
public JsonResult adminDetails(Recovery theRecovery)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
Administrator AdminAccount;
List<string> skipKeys = new List<string>();
skipKeys.Add("Administrator.FirstName");
skipKeys.Add("Administrator.Password");
skipKeys.Add("recovery_key");
clearErrorStates(skipKeys);
//only check if model state is okay
if (ModelState.IsValid)
{
AdminAccount = (from a in db.Administrators where a.Email == theRecovery.Administrator.Email select a).FirstOrDefault();
if (AdminAccount == null)
ModelState.AddModelError("Administrator.Email", "Account does not exist.");
else
theRecovery.Administrator = AdminAccount;
}
//dispose as no longer needed
db.Dispose();
theRecovery.UserId = theRecovery.Administrator.UserId;
//check the rest of the model state and send back the errors to client
if (!ModelState.IsValid)
{
var errorList = ModelState.ToDictionary(
kvp => kvp.Key,
kvp => kvp.Value.Errors.Select(e => e.ErrorMessage).ToArray()
);
return Json(new
{
success = false,
errors = errorList
}, JsonRequestBehavior.AllowGet);
}
Session["AdministratorRecovery"] = theRecovery;
if (theRecovery.recovery_option == "mobile")
{
if (theRecovery.Administrator.mobile == null)
{
return Json(new
{
success = false,
mobile_guess = "Sorry no mobile with this account please use email"
}, JsonRequestBehavior.AllowGet);
}
string mobile = "Enter last 4 digits of this number " + theRecovery.Administrator.mobile.Remove(theRecovery.Administrator.mobile.Length - 4, 4) + "****";
return Json(new
{
success = true,
mobile_guess = mobile
}, JsonRequestBehavior.AllowGet);
}
return Json(new
{
success = true,
message = "You can now request a reset a recovery code.."
}, JsonRequestBehavior.AllowGet);
//return sendRecoveryCode(theRecovery);
}
// GET: StudentRegistration/List
public ActionResult List()
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
return View(db.StudentRegistrations.ToList());
}
public ActionResult Admins()
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
return View(db.Administrators.ToList());
}
// [HttpPost]
public ActionResult ChangePassword()
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
//@important don't pass the administor model for modifying ONLY the AdministratorLogin model for security as this is public
//check if we are coming from a recovery
if (Session["AdministratorRecovery"] != null)
{
//remove any logged in session
Session.Remove("AdministratorLogin");
Recovery theRecovery = (Recovery)Session["AdministratorRecovery"];
var theAdmin = (from a in db.Administrators
join b in db.Recoveries on a.UserId equals b.UserId
where b.recovery_key == theRecovery.recovery_key
select a).SingleOrDefault();
//clear the password field
theAdmin.Password = String.Empty;
Session["AdministratorLogin"] = theAdmin.loginDetails();
return View(theAdmin.loginDetails());
}
AdministratorLogin CurrentAdmin = this.AdminSession();
//check if we are logged in
if (CurrentAdmin == null)
{
return RedirectToAction("Login");
}
CurrentAdmin.Password = "";
return View(CurrentAdmin);
}
// GET: StudentVouchers
public ActionResult Index(string message)
{
StudentRegistrationsModel db = new StudentRegistrationsModel();
var studentVouchers = db.StudentVouchers.Include(s => s.StudentRegistration);
ViewBag.message = message;
return View(studentVouchers.ToList());
}
