public IActionResult OnPostLogin(string user, string pass)
{
string query = "SELECT username, password, userID, roleID FROM user WHERE username='******' AND password='******';";
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass())); // change to username and password later
MySqlDataReader reader;
try
{
reader = db.performQuery(query);
if (reader == null)
{
Error = "Could not Query. reader is null";
return(Page());
}
else if (!reader.HasRows)
{
Error = "Could not Login. Bad username or password";
return(Page());
}
else
{
reader.Read();
CurrentLogged.login(reader.GetString("username"), reader.GetInt32("userID"), reader.GetInt32("roleID"));
return(Redirect("Account"));
}
}
catch (Exception e)
{
Error = "Error Querying Database" + db.getError();
return(Page());
}
}
public Startup(IConfiguration configuration)
{
Configuration = configuration;
uid = MysqlLogins.getMySqlUser();
pwd = MysqlLogins.getMySqlPass();
connectionString = "server=localhost; uid=" + uid + "; pwd=" + pwd + ";";
}
public IActionResult OnPostPromote(string user)
{
if (CurrentLogged.getRole() == 1)
{
Error = "You are not authorized to promote users";
return(Page());
}
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
string query = "SELECT username FROM user WHERE username='******';";
MySqlDataReader reader = db.performQuery(query);
Error = "Unknown error occured";
if (!reader.HasRows)
{
Error = "No user found";
}
else
{
query = "UPDATE user SET roleID = '" + CurrentLogged.getRole() + "' WHERE username='******';";
reader = db.performQuery(query);
Error = "Update successful";
}
username = CurrentLogged.getUsername();
return(Page());
}
public void OnGet()
{
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
string query = "SELECT * FROM counselors;";
MySqlDataReader reader = db.performQuery(query);
counselers = new List <Database_Tables_Classes.Counselers>();
while (reader.Read())
{
counselers.Add(new Database_Tables_Classes.Counselers(reader.GetInt32("counselorID"), reader.GetInt32("userID")));
}
}
public Counselers(int cID, int uID)
{
this.counselerID = cID;
this.userID = uID;
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
string query = "SELECT user.name, user.email FROM user INNER JOIN counselors ON user.userID=counselors.userID WHERE counselors.userID='" + uID + "';";
MySqlDataReader reader = db.performQuery(query);
reader.Read();
name = reader.GetString("name");
email = reader.GetString("email");
}
public Tutors(int tID, int uID, string subject)
{
this.tutorID = tID;
this.userID = uID;
this.subject = subject;
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
string query = "SELECT user.name, user.email FROM user INNER JOIN tutors ON user.userID=tutors.userID WHERE tutors.userID='" + uID + "';";
MySqlDataReader reader = db.performQuery(query);
reader.Read();
name = reader.GetString("name");
email = reader.GetString("email");
}
public static string getPassword()
{
string[] splited;
splited = getLoginInfo().Split(',');
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
splited = null;
string query = "SELECT password FROM user WHERE userID='" + userID + "';";
MySqlDataReader reader = db.performQuery(query);
reader.Read();
return(reader.GetString("password"));
}
private bool emailValidation(string email)
{
Error = "Not valid email";
if (email == null)
{
Error = "Email is null";
return(false);
}
bool validEmailCheck = false;
for (int i = 0; i < email.Length; i++)
{
if (email[i] == '@')
{
validEmailCheck = true;
Error = "The Valid email";
}
}
if (!validEmailCheck)
{
return(false);
}
string query = "SELECT email FROM user WHERE email='" + email + "';";
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
MySqlDataReader reader;
try
{
reader = db.performQuery(query);
if (reader.HasRows)
{
Error = "Username already in use";
return(false);
}
}
catch (Exception e)
{
Error = "could not query DB";
return(false);
}
Error = "Valid email";
return(true);
}
public IActionResult OnPostDonation(string name, string description, string quantity)
{
int quantityValue;
if (!int.TryParse(quantity, out quantityValue))
{
Error = "Quantity needs to be a number value";
return(Page());
}
if (name == null || description == null || quantityValue == null)
{
Error = "error, no fields can be left blank";
return(Page());
}
else
{
DBHandler db = new DBHandler(DBHandler.connectionStringBuilder(MysqlLogins.getMySqlUser(), MysqlLogins.getMySqlPass()));
string query = "INSERT INTO transactions(name, description, userID, time, roleID, QUANTITY) VALUES ('" + name + "', '" + description + "', '" + CurrentLogged.getID() + "', '" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "', '" + CurrentLogged.getRole() + "', '" + quantityValue + "');";
MySqlDataReader reader;
try
{
reader = db.performQuery(query);
if (reader == null)
{
Error = "can not perform query";
return(Page());
}
}
catch (Exception e)
{
Error = "Could not perform query";
return(Page());
}
}
return(Redirect("Account"));
}
