public static CreateStudentStatus CreateStudent(int studentID, string password)
{
try {
using (WBDbContext db = new WBDbContext()) {
if (db.Students.Any(s => s.StudentID == studentID))
return CreateStudentStatus.IDTaken;
byte[] salt = Utils.CreateSalt();
Student student = new Student {
StudentID = studentID,
Salt = Convert.ToBase64String(salt),
Password = Utils.HashStringSHA256(password, salt)
};
db.Students.Add(student);
db.SaveChanges();
}
} catch (Exception) {
// I don't care what exception we catch, I just don't want the page to break.
return CreateStudentStatus.Failure;
}
return CreateStudentStatus.Success;
}
public IHttpActionResult GetInstruments()
{
using (WBDbContext db = new WBDbContext()) {
return Ok(new {
MarchingInstruments = db.MarchingInstruments.ToList(),
ConcertInstruments = db.ConcertInstruments.ToList()
});
}
}
public JsonResult Committee()
{
using (WBDbContext db = new WBDbContext()) {
db.Configuration.ProxyCreationEnabled = false;
return Json(db.Committees
.OrderBy(c => c.Order)
.ToList(), JsonRequestBehavior.AllowGet);
}
}
public IHttpActionResult GetHadgeAlerts()
{
using (WBDbContext db = new WBDbContext()) {
return Ok(db.HadgeAlerts
.Include("Author")
.OrderByDescending(ha => ha.TimeStamp)
.ToList());
}
}
public JsonResult APIHadgeAlerts()
{
using (WBDbContext db = new WBDbContext()) {
db.Configuration.ProxyCreationEnabled = false;
return Json(db.HadgeAlerts
.Include("Author")
.OrderByDescending(ha => ha.TimeStamp)
.ToList(), JsonRequestBehavior.AllowGet);
}
}
public JsonResult Instruments()
{
using (WBDbContext db = new WBDbContext()) {
db.Configuration.ProxyCreationEnabled = false;
return Json(new {
MarchingInstruments = db.MarchingInstruments.ToList(),
ConcertInstruments = db.ConcertInstruments.ToList()
}, JsonRequestBehavior.AllowGet);
}
}
public static Student GetStudent(int studentID)
{
using (WBDbContext db = new WBDbContext()) {
return db.Students
.Include("MarchingInstrument")
.Include("ConcertInstrument")
.Include("MeasurementSet")
.Include("Guardians")
.Where(s => s.StudentID == studentID)
.FirstOrDefault();
}
}
public static ValidateStudentStatus ValidateStudent(int studentID, string password)
{
using (WBDbContext db = new WBDbContext()) {
var student = db.Students.Find(studentID);
if (student == null)
return ValidateStudentStatus.NotFound;
byte[] salt = Convert.FromBase64String(student.Salt);
if (Utils.HashStringSHA256(password, salt) == student.Password)
return ValidateStudentStatus.Success;
else
return ValidateStudentStatus.Failure;
}
}
public static ValidateUserStatus ValidateUser(this User passedUser, string password)
{
if (passedUser.UserID < 1)
return ValidateUserStatus.UserIdInvalid;
if (String.IsNullOrWhiteSpace(password))
return ValidateUserStatus.PassInvalid;
using (WBDbContext db = new WBDbContext()) {
User user = db.Users
.Where(u => u.UserID == passedUser.UserID)
.FirstOrDefault();
if (user == null)
return ValidateUserStatus.NotFound;
byte[] salt = Convert.FromBase64String(user.Salt);
if (Utils.HashStringSHA256(password, salt) == user.Password)
return ValidateUserStatus.Success;
else
return ValidateUserStatus.Failure;
}
}
public static ChangePasswordStatus ChangePassword(this User passedUser, string oldPassword, string newPassword)
{
if (passedUser.ValidateUser(oldPassword) < 0)
return ChangePasswordStatus.IncorrectPassword;
if (passedUser.ValidateUser(newPassword) > 0)
return ChangePasswordStatus.InvalidPassword;
using (WBDbContext db = new WBDbContext()) {
var user = db.Users
.Where(u => u.UserID == passedUser.UserID)
.FirstOrDefault();
if (user == null)
return ChangePasswordStatus.UserNotFound;
byte[] salt = Utils.CreateSalt();
user.Salt = Convert.ToBase64String(salt);
user.Password = Utils.HashStringSHA256(newPassword, salt);
db.SaveChanges();
return ChangePasswordStatus.Success;
}
}
public static ChangePasswordStatus ChangePassword(string username, string oldPassword, string newPassword)
{
if (ValidateUser(username, oldPassword) < 0)
return ChangePasswordStatus.IncorrectPassword;
if (ValidateUser(username, newPassword) > 0)
return ChangePasswordStatus.InvalidPassword;
using (WBDbContext db = new WBDbContext()) {
int? userId = db.Users
.Where(u => u.Username.ToLower() == username.ToLower())
.Select(u => u.UserID)
.FirstOrDefault();
if (userId == null)
return ChangePasswordStatus.UserNotFound;
return ChangePassword(userId.Value, oldPassword, newPassword);
}
}
public static int? GetUserId(string username)
{
using (WBDbContext db = new WBDbContext()) {
return db.Users
.Where(u => u.Username.ToLower() == username.ToLower())
.Select(u => u.UserID)
.FirstOrDefault();
}
}
public static string GetUsername(int userId)
{
using (WBDbContext db = new WBDbContext()) {
User user = db.Users
.Where(u => u.UserID == userId)
.FirstOrDefault();
if (user != null) {
return user.Username;
} else {
return null;
}
}
}
public static SetLoginStatus SetLogin(string username, string password)
{
using (WBDbContext db = new WBDbContext()) {
int? userId = db.Users
.Where(u => u.Username.ToLower() == username.ToLower())
.Select(u => u.UserID)
.FirstOrDefault();
if (userId == null)
return SetLoginStatus.NotFound;
return SetLogin(userId.Value, password);
}
}
public static SetLoginStatus SetLogin(int userId, string password)
{
if (ValidateUser(userId, password) < ValidateUserStatus.Success)
return SetLoginStatus.ValidateFailure;
try {
// Login status and currently logged in user.
HttpContext.Current.Session["loggedIn"] = true;
HttpContext.Current.Session["userId"] = userId;
// Commonly accessed info.
using (WBDbContext db = new WBDbContext()) {
User user = db.Users
.Where(u => u.UserID == userId)
.First();
HttpContext.Current.Session["username"] = GetUsername(user.UserID);
// More commonly used info will be stored here.
}
} catch (Exception) {
// I don't care what exception we catch, I just don't want the page to break.
return SetLoginStatus.Failure;
}
return SetLoginStatus.Success;
}
public static ValidateUserStatus ValidateUser(string username, string password)
{
if (String.IsNullOrWhiteSpace(username))
return ValidateUserStatus.UsernameInvalid;
if (String.IsNullOrWhiteSpace(password))
return ValidateUserStatus.PassInvalid;
using (WBDbContext db = new WBDbContext()) {
int? userId = db.Users
.Where(u => u.Username.ToLower() == username.ToLower())
.Select(u => u.UserID)
.FirstOrDefault();
if (userId == null)
return ValidateUserStatus.NotFound;
return ValidateUser(userId.Value, password);
}
}
private static int GetNextUserId()
{
using (WBDbContext db = new WBDbContext()) {
return db.Users.Any() ? db.Users.Max(u => u.UserID) + 1 : 1;
}
}
public static CreateUserStatus CreateUser(string username, string password)
{
try {
using (WBDbContext db = new WBDbContext()) {
if (db.Users.Any(u => u.Username.ToLower() == username.ToLower()))
return CreateUserStatus.UsernameTaken;
byte[] salt = Utils.CreateSalt();
int userId = GetNextUserId();
User user = new User {
UserID = userId,
Username = username,
Salt = Convert.ToBase64String(salt),
Password = Utils.HashStringSHA256(password, salt)
};
db.Users.Add(user);
db.SaveChanges();
}
} catch (Exception) {
// I don't care what exception we catch, I just don't want the page to break.
return CreateUserStatus.Failure;
}
return CreateUserStatus.Success;
}
