public ActionResult EditUser(string username, string password, string password2, string email, string email2, string isAdmin)
{
string subdomain = UtilityHelper.GetSubdomain(HttpContext.Request.Headers["HOST"]);
if (UtilityHelper.GetIsUserAdmin(Session))
{
DataModel.User userObj = UserBL.GetUser(subdomain, username);
bool? isAdminBool = null;
if (!string.IsNullOrEmpty(isAdmin))
{
if (isAdmin.Equals("on"))
{
isAdminBool = new bool?(true);
}
}
if (password.Equals(userObj.Password))
{
//update without updating password
UserBL.UpdateUser(subdomain, username, email, true, isAdminBool);
}
else
{
//update user along with password
UserBL.UpdateUser(subdomain, username, password, email, true, isAdminBool);
}
}
else
{
throw new Exception("Security exception");
}
return(RedirectToAction("ListUsers"));
}
public async Task <ErrorCode> UpdateAsync(DataModel.User user)
{
bool checkExist = await _2CContext.ControlUsers.AsQueryable().
AnyAsync(wr => wr.ControlUserEmail == user.Email &&
wr.ControlUserId != user.Id);
if (checkExist)
{
return(ErrorCode.EMAIL_EXIST);
}
ControlUsers controlUser = await _2CContext.ControlUsers.AsQueryable().
Where(wr => wr.ControlUserId == user.Id).
FirstOrDefaultAsync();
if (controlUser == null)
{
return(ErrorCode.USER_NOT_FOUND);
}
controlUser.ControlUserEmail = user.Email;
controlUser.ControlUserPassword = user.Password;
await _2CContext.SaveChangesAsync();
return(ErrorCode.NO_ERROR);
}
public static DataModel.User DataToUser(IDataReader data)
{
DataModel.User user = new DataModel.User
{
UId = (int)data["UId"],
Login = (string)data["Login"],
Age = (int)data["Age"],
Phone = (string)data["Phone"],
Password = (string)data["Password"],
FirstName = (string)data["FirstName"],
LastName = (string)data["LastName"],
IsActive = (bool)data["IsActive"],
ImageID = (int)data["ImageID"],
Email = (string)data["Email"],
BirthDay = (DateTime)data["BirthDay"],
DateCreated = (DateTime)data["DateCreated"],
DateUpdated = (DateTime)data["DateUpdated"],
BlockDescription = (string)data["BlockDescription"],
};
DataModel.Image img = new DataModel.Image
{
IId = (int)data["IId"],
ImageName = (string)data["ImageName"],
ImageContent = (byte[])data["ImageContent"]
};
user.Image = img;
return user;
}
public static DataModel.User GetValidatedUser(string username, string password, string account)
{
using (MySqlConnection sqlConnection = new MySqlConnection(UtilityHelper.GetConnectionString()))
{
sqlConnection.Open();
DataModel.User userObj = sqlConnection.Query <DataModel.User>("Select * from User where Username=@Username and Account=@Account", new { Username = username, Account = account }).FirstOrDefault();
if (userObj != null)
{
if (string.IsNullOrEmpty(userObj.Salt))
{
if (password.Equals(userObj.Password))
{
string salt = Guid.NewGuid().ToString();
sqlConnection.Execute(@"update User set Salt=@Salt, Password=@Password where Username=@Username and Account=@Account", new { Salt = salt, Password = UtilityHelper.HashPassword(userObj.Password, salt), Username = username, Account = account });
return(userObj);
}
}
else
{
password = UtilityHelper.HashPassword(password, userObj.Salt);
if (password.Equals(userObj.Password))
{
return(userObj);
}
}
}
}
return(null);
}
public static DataModel.User GetUser(string account, string username)
{
DataModel.User userObj = null;
using (MySqlConnection sqlConnection = new MySqlConnection(UtilityHelper.GetConnectionString()))
{
sqlConnection.Open();
userObj = sqlConnection.Query <DataModel.User>("Select * from User where Username=@Username and Account=@Account", new { Username = username, Account = account }).FirstOrDefault();
}
return(userObj);
}
public ActionResult Settings()
{
string subdomain = UtilityHelper.GetSubdomain(HttpContext.Request.Headers["HOST"]);
string username = HttpContext.User.Identity.Name;
DataModel.User userObj = UserBL.GetUser(subdomain, username);
ViewBag.Username = username;
ViewBag.Password = userObj.Password;
ViewBag.Email = userObj.Email;
return(View());
}
public ActionResult ForgotPassword(string username)
{
string subdomain = UtilityHelper.GetSubdomain(HttpContext.Request.Headers["HOST"]);
string password = Guid.NewGuid().ToString().Substring(0, 8);
DataModel.User user = UserBL.ResetPassword(subdomain, username, password);
HttpApplicationStateBase application = HttpContext.Application;
string body = application[ConstantsUtil.ConfigForgotPasswordEmailBody].ToString().Replace("*password*", password);
UtilityHelper.SendEmail(user.Email, application[ConstantsUtil.ConfigForgotPasswordEmailSubject].ToString(), body);
ViewBag.Email = user.Email;
return(View());
}
public static ApiModel.User FromData(DataModel.User dataUser)
{
return(dataUser == null ? null : new ApiModel.User()
{
Email = dataUser.Email,
FirstName = dataUser.FirstName,
Id = dataUser.Id,
IsUploading = dataUser.IsUploadingAudio,
LastName = dataUser.LastName,
NickName = dataUser.NickName,
RegisterDate = dataUser.RegisterDate,
});
}
protected override void OnActionExecuted(ActionExecutedContext filterContext)
{
// inizializza l'utente attualmente loggato
if (User != null && User.Identity != null)
{
var usBusiness = new CityAngels.Business.Users(db);
this.currentUser = usBusiness.GetUser(User.Identity.Name);
}
// metti sempre il valore nella ViewBag
ViewBag.CurrentUser = currentUser;
base.OnActionExecuted(filterContext);
}
protected Guid GetUserId(PlayCatDbContext context)
{
var inviteService = _server.Host.Services.GetService(typeof(IInviteService)) as IInviteService;
string password = "******";
string email = "*****@*****.**";
DataModel.User user = context.CreateUser(email, "test", "test", "m", password, inviteService.GenerateInvite());
DataModel.AuthToken authToken = context.CreateToken(DateTime.Now.AddDays(-1), false, user.Id);
context.SaveChanges();
return(user.Id);
}
public void AddUser(User user)
{
if (ctx.UserSet.Any(r => r.Name == user.Username))
{
throw new UsernameUsedException();
}
var dbuser = new DataModel.User()
{
Name = user.Username
};
ctx.UserSet.Add(dbuser);
ctx.SaveChanges();
}
private User ConvertBLUserToDbUser(DataModel.User orderer)
{
User user = new User();
user.FirstName = orderer.FirstName;
user.LastName = orderer.LastName;
user.Address = orderer.Address;
user.City = orderer.City;
user.State = orderer.State;
user.Country = orderer.Country;
user.Phone = orderer.Phone;
user.PostalCode = orderer.PostalCode;
user.Email = orderer.Email;
user.Username = orderer.UserName;
return(user);
}
public static DataModel.User ResetPassword(string account, string username, string password)
{
DataModel.User userObj = null;
using (MySqlConnection sqlConnection = new MySqlConnection(UtilityHelper.GetConnectionString()))
{
sqlConnection.Open();
string salt = sqlConnection.Query <string>("select Salt from User where Username=@Username and Account=@Account", new { Username = username, Account = account }).FirstOrDefault();
if (string.IsNullOrEmpty(salt))
{
salt = Guid.NewGuid().ToString();
}
sqlConnection.Execute(@"update User set Password=@Password, Salt=@Salt where Username=@Username and Account=@Account", new { Username = username, Account = account, Salt = salt, Password = UtilityHelper.HashPassword(password, salt) });
userObj = sqlConnection.Query <DataModel.User>("Select * from User where Username=@Username and Account=@Account", new { Username = username, Account = account }).FirstOrDefault();
}
return(userObj);
}
public ActionResult EditUser(string account, string username)
{
string subdomain = UtilityHelper.GetSubdomain(HttpContext.Request.Headers["HOST"]);
if (subdomain.Equals(account) && UtilityHelper.GetIsUserAdmin(Session))
{
DataModel.User user = UserBL.GetUser(subdomain, username);
ViewBag.Username = user.Username;
ViewBag.Password = user.Password;
ViewBag.Email = user.Email;
ViewBag.IsAdmin = user.IsAdmin;
}
else
{
throw new Exception("Security exception");
}
return(View());
}
public ActionResult Login(string username, string password, bool?rememberMe)
{
string subdomain = UtilityHelper.GetSubdomain(HttpContext.Request.Headers["HOST"]);
DataModel.User user = UserBL.GetValidatedUser(username, password, subdomain);
if (user != null)
{
FormsAuthentication.SetAuthCookie(username, rememberMe.HasValue ? rememberMe.Value : false);
Session[ConstantsUtil.SessionUser] = user;
return(RedirectToAction("Index", "App"));
}
else
{
ViewBag.ErrorMessage = "Incorrect username/password";
ViewBag.Username = username;
return(View());
}
}
public ActionResult CreateUser(string username, string password, string password2, string email, string email2, string isAdmin)
{
string subdomain = UtilityHelper.GetSubdomain(HttpContext.Request.Headers["HOST"]);
if (UtilityHelper.GetIsUserAdmin(Session))
{
DataModel.User user = UserBL.GetUser(subdomain, username);
bool? isAdminBool = null;
if (!string.IsNullOrEmpty(isAdmin))
{
if (isAdmin.Equals("on"))
{
isAdminBool = new bool?(true);
}
}
if (user != null)
{
if (user.IsActive)
{
ViewBag.Username = "";
ViewBag.Password = password;
ViewBag.Email = email;
ViewBag.ErrorMessage = HttpContext.Application[ConstantsUtil.ConfigUserExistsErrorMessage].ToString();
return(View());
}
else
{
UserBL.UpdateUser(subdomain, username, email, true, isAdminBool);
}
}
else
{
UserBL.CreateUser(username, subdomain, password, email, isAdminBool);
}
}
else
{
throw new Exception("Security exception");
}
return(RedirectToAction("ListUsers"));
}
static private Core.Models.User.UserItem Create(Core.Models.User.UserItem user, DataModel.Entities db)
{
var pass = Hash(user.PasswordAgain);
var newUser = new DataModel.User()
{
Id = user.Id,
FirstName = user.FirstName,
LastName = user.LastName,
Password = pass,
Name = user.Name,
Mail = user.Mail,
Role = user.Role,
Type = user.Type,
Status = user.Status,
Created = DateTime.Now
};
db.Users.Add(newUser);
db.SaveChanges();
return(user);
}
private bool ValidateUser(string strUsername, string strPassword)
{
bool validateUser = false;
try
{
using (DataModel.User_BO objUser_BO = new DataModel.User_BO())
{
DataModel.User objUser = objUser_BO.GetByUserName(strUsername, strPassword);
if (objUser != null)
{
validateUser = true;
}
}
}
catch (Exception ex)
{
log.Error(ex.Message);
}
return(validateUser);
}
private void BindBranch()
{
using (DataModel.COMPANY_BO objT24_COMPANY_BO = new DataModel.COMPANY_BO())
{
List <DataModel.COMPANY> lstData = objT24_COMPANY_BO.GetAll().ToList();
foreach (DataModel.COMPANY item in lstData)
{
cboBranch.Items.Add(new ListItem(item.COMPANY_CODE + "-" + item.COMPANY_NAME, item.COMPANY_CODE));
}
cboBranch.Items.Insert(0, new ListItem("--Chọn chi nhánh--", string.Empty));
if (Session[Commons.Constant.DAO_CODE] != null)
{
cboBranch.ClearSelection();
if (cboBranch.Items.FindByValue(Session[Commons.Constant.DAO_CODE].ToString()) != null)
{
cboBranch.Items.FindByValue(Session[Commons.Constant.DAO_CODE].ToString()).Selected = true;
}
}
using (DataModel.User_BO objUser_BO = new DataModel.User_BO())
{
DataModel.User objUser = objUser_BO.GetByUserName(Session[Commons.Constant.USERNAME].ToString());
if (objUser != null && objUser.Permisions != null)
{
bool hasPer = false;
foreach (DataModel.Permision item in objUser.Permisions)
{
if (item != null && item.Permision1 == Commons.Constant.PERMISION_ADMIN)
{
hasPer = true;
break;
}
}
if (hasPer)
{
cboBranch.Enabled = true;
}
}
}
}
}
public ActionResult Settings(string username, string password, string password2, string email, string email2)
{
string subdomain = UtilityHelper.GetSubdomain(HttpContext.Request.Headers["HOST"]);
string username1 = HttpContext.User.Identity.Name;
if (username.Equals(username1))
{
DataModel.User userObj = UserBL.GetUser(subdomain, username1);
if (password.Equals(userObj.Password))
{
//update without updating password
UserBL.UpdateUser(subdomain, username, email, true, null);
}
else
{
//update user along with password
UserBL.UpdateUser(subdomain, username, password, email, true, null);
}
return(RedirectToAction("Index", "App"));
}
return(View());
}
/// <summary>
/// Currently, this creates a new patient with placeholder values, inserts it into the db, and then creates a new
/// patient type user and inserts that into the db, and returns information on the new user.
/// </summary>
/// <param name="email">The user's email.</param>
/// <returns>the created user object from the db</returns>
public async Task <UserModel> AddAuthorizedPatientAsync(string Email)
{
DataModel.User newuser = new DataModel.User();
newuser.Email = Email;
newuser.UserType = "patient";
Models.Patient pat = new Models.Patient(-1, "Dr.", DateTime.Now, "1234-56-678", "Unknown Insurance.");
//should be removed after AddPatientAsynch returns the patient created
//with real id, then update id bellow in commented out code
pat.Id = _context.Patients.Max(patient => patient.Id) + 1;
var newDbPat = AddPatientAsync(pat);
//uncomment when add patients asynch is added
//pat.Id = newDbPat.id;
newuser.Id = pat.Id;
var user = await _context.Users.AddAsync(newuser);
return(new UserModel(newuser.Id, Email));
}
public SignUpInResult SignIn(SignInRequest request)
{
return(BaseInvokeCheckModel(request, () =>
{
DataModel.User dataUser = _dbContext.Users
.Include(x => x.AuthToken)
.FirstOrDefault(x => x.Email == request.Email);
if (dataUser == null || !Crypto.VerifyHashedPassword(dataUser.PasswordHash, request.Password + dataUser.PasswordSalt))
{
return ResponseBuilder <SignUpInResult> .Fail().SetInfoAndBuild("Email or password is incorrect");
}
UpdateAuthToken(dataUser.AuthToken);
_dbContext.SaveChanges();
return ResponseBuilder <SignUpInResult> .SuccessBuild(new SignUpInResult()
{
User = UserMapper.ToApi.FromData(dataUser),
AuthToken = AuthTokenMapper.ToApi.FromData(dataUser.AuthToken),
});
}));
}
static private Core.Models.User.UserItem Update(Core.Models.User.UserItem user, DataModel.Entities db, DataModel.User dbUser)
{
/// TODO
dbUser.FirstName = !string.IsNullOrEmpty(user.FirstName) && user.FirstName != dbUser.FirstName ? user.FirstName : dbUser.FirstName;
dbUser.LastName = !string.IsNullOrEmpty(user.LastName) && user.LastName != dbUser.LastName ? user.LastName : dbUser.LastName;
db.SaveChanges();
return(user);
}
/// <summary>
/// Invoqué lorsque cette page est sur le point d'être affichée dans un frame.
/// </summary>
/// <param name="e">Données d'événement décrivant la manière dont l'utilisateur a accédé à cette page. La propriété Parameter
/// est généralement utilisée pour configurer la page.</param>
protected override void OnNavigatedTo(NavigationEventArgs e)
{
this._user = e.Parameter as DataModel.User;
}
public Logs(Data.MyDbContext db, Data.Enum.LogTypes logType, DataModel.User currentUser)
: base(db)
{
this.logType = logType;
this.currentUser = currentUser;
}
public async Task <UploadResult> UploadAudioAsync(Guid userId, UploadAudioRequest request)
{
return(await BaseInvokeCheckModelAsync(request, async() =>
{
DataModel.User user = _dbContext.Users.FirstOrDefault(x => x.Id == userId);
if (user == null)
{
throw new Exception("User not found, but token does");
}
var responseBuilder =
ResponseBuilder <UploadResult>
.Fail();
if (user.IsUploadingAudio)
{
return responseBuilder.SetInfoAndBuild("User already uploading audio");
}
user.IsUploadingAudio = true;
_dbContext.SaveChanges();
using (var transaction = _dbContext.Database.BeginTransaction())
{
try
{
GetInfoResult result = GetInfo(new UrlRequest()
{
Url = request.Url
});
if (!result.Ok)
{
return responseBuilder
.SetErrors(result.Errors)
.SetInfoAndBuild(result.Info);
}
string videoId = UrlFormatter.GetYoutubeVideoIdentifier(request.Url);
IFile videoFile = _saveVideo.Save(request.Url);
IFile audioFile = await _extractAudio.ExtractAsync(videoFile);
//TODO: create upload for FileSystem, Blob, etc...
string accessUrl = _uploadAudio.Upload(audioFile, StorageType.FileSystem);
var generalPlayList = _dbContext.Playlists.FirstOrDefault(x => x.OwnerId == userId && x.IsGeneral);
if (generalPlayList == null)
{
throw new Exception("Playlist not found");
}
var audio = new DataModel.Audio()
{
Id = Guid.NewGuid(),
AccessUrl = accessUrl,
DateCreated = DateTime.Now,
Artist = request.Artist,
Song = request.Song,
Duration = audioFile.Duration,
Extension = audioFile.Extension,
FileName = audioFile.Filename,
UniqueIdentifier = videoId,
UploaderId = userId,
};
var audioPlaylist = new DataModel.AudioPlaylist()
{
AudioId = audio.Id,
DateCreated = DateTime.Now,
PlaylistId = generalPlayList.Id,
Order = generalPlayList.OrderValue,
};
//skip upload process
user.IsUploadingAudio = false;
//update max index in playlist
generalPlayList.OrderValue++;
//add entities
_dbContext.AudioPlaylists.Add(audioPlaylist);
DataModel.Audio audioEntity = _dbContext.Audios.Add(audio).Entity;
_dbContext.SaveChanges();
transaction.Commit();
return ResponseBuilder <UploadResult> .SuccessBuild(new UploadResult()
{
Audio = AudioMapper.ToApi.FromData(audioEntity),
});
} catch (Exception ex)
{
transaction.Rollback();
user.IsUploadingAudio = false;
_dbContext.SaveChanges();
throw ex;
}
}
}));
}
public User()
{
_user = new DataModel.User();
}
public InsertUserCommand(User user)
{
User = user;
}
public static bool GetIsUserAdmin(HttpSessionStateBase session)
{
DataModel.User user = (DataModel.User)session[ConstantsUtil.SessionUser];
return(user.IsAdmin);
}
protected void btnLogin_Click(object sender, EventArgs e)
{
lblInfor.Text = string.Empty;
if (string.IsNullOrEmpty(txtUsername.Text))
{
lblInfor.Text = "Nhập tên đăng nhập.";
txtUsername.Focus();
return;
}
if (string.IsNullOrEmpty(txtPassword.Text))
{
lblInfor.Text = "Nhập mật khẩu.";
txtPassword.Focus();
return;
}
//if (ValidateByAD(txtUsername.Text.Trim(), txtPassword.Text, "g-bank.com.vn"))
if (ValidateUser(txtUsername.Text.Trim(), txtPassword.Text))
{
using (DataModel.STAFF_USER_BO objSTAFF_USER_BO = new DataModel.STAFF_USER_BO())
{
DataModel.STAFF_USER objSTAFF_USER = objSTAFF_USER_BO.GetByUSERNAME(txtUsername.Text);
if (objSTAFF_USER != null)
{
Session[Commons.Constant.USERNAME] = txtUsername.Text.Trim().ToLower();
Session[Commons.Constant.FULLNAME] = objSTAFF_USER.HO_TEN;
Session[Commons.Constant.DAO_CODE] = objSTAFF_USER.DAO_CODE;
Session[Commons.Constant.DEPT_CODE] = objSTAFF_USER.DEPT_CODE;
log.Info("Login success: " + txtUsername.Text.Trim());
//Page.Response.Redirect(Common.GetRootRequest() + "Default.aspx");
using (DataModel.User_BO objUser_BO = new DataModel.User_BO())
{
DataModel.User objUser = objUser_BO.GetByUserName(Session[Commons.Constant.USERNAME].ToString());
if (objUser != null && objUser.Permisions != null)
{
bool hasPer = false;
foreach (Promotion.DataModel.Permision item in objUser.Permisions)
{
if (item != null && item.Permision1 == Commons.Constant.PERMISION_ADMIN)
{
hasPer = true;
break;
}
}
if (hasPer) //Admin
{
Page.Response.Redirect(Commons.Common.GetRootRequest() + "Manager.aspx");
}
else //Tellers
{
Page.Response.Redirect(Commons.Common.GetRootRequest() + "Default.aspx");
}
}
}
}
else
{
lblInfor.Text = "Người dùng không được truy cập vào hệ thống.";
txtUsername.Focus();
log.Info("Người dùng không được truy cập vào hệ thống");
}
}
}
else
{
lblInfor.Text = "Tên đăng nhập và mật khẩu không phù hợp.";
txtUsername.Focus();
log.Info("Tên đăng nhập và mật khẩu không phù hợp. User: "******", password: " + txtPassword.Text);
}
}
