public static void AddTags(StringCollection tags, int siteId, int contentId)
{
if (tags == null || tags.Count == 0)
{
return;
}
foreach (var tagName in tags)
{
var tagInfo = DataProvider.TagDao.GetTagInfo(siteId, AttackUtils.FilterXss(tagName));
if (tagInfo != null)
{
var contentIdList = TranslateUtils.StringCollectionToIntList(tagInfo.ContentIdCollection);
if (!contentIdList.Contains(contentId))
{
contentIdList.Add(contentId);
tagInfo.ContentIdCollection = TranslateUtils.ObjectCollectionToString(contentIdList);
tagInfo.UseNum = contentIdList.Count;
DataProvider.TagDao.Update(tagInfo);
}
}
else
{
tagInfo = new TagInfo(0, siteId, contentId.ToString(), tagName, contentId > 0 ? 1 : 0);
DataProvider.TagDao.Insert(tagInfo);
}
}
}
public override string GetInspectString()
{
if (OnlineWObject == null)
{
return("OCity_Caravan_Player".Translate(OnlineName, OnlinePlayerLogin) + Environment.NewLine);
}
else
{
var s = "OCity_Caravan_Player".Translate() + Environment.NewLine
//+ "OCity_Caravan_PriceThing".Translate() + Environment.NewLine
//+ "OCity_Caravan_PriceAnimalsPeople".Translate()
+ "OCity_Caravan_Other".Translate();
var s1 = string.Format(s,
OnlineName
, OnlinePlayerLogin + (IsOnline ? " Online!" : "") + " (sId:" + OnlineWObject.ServerId + ")"
, OnlineWObject.MarketValue.ToStringMoney()
, OnlineWObject.MarketValuePawn.ToStringMoney()
)
+ ((this is BaseOnline)
? Environment.NewLine + "OCity_Caravan_PlayerAttackCost".Translate(
AttackUtils.MaxCostAttackerCaravan(OnlineWObject.MarketValue + OnlineWObject.MarketValuePawn, this is BaseOnline).ToStringMoney()).ToString()
: "")
+ (OnlineWObject.FreeWeight > 0 && OnlineWObject.FreeWeight < 999999
? Environment.NewLine + "OCity_Caravan_FreeWeight".Translate().ToString() + OnlineWObject.FreeWeight.ToStringMass()
: "");
return(s1);
}
}
public IDataReader GetDataSource(int siteId, string searchText, string templateTypeString)
{
if (string.IsNullOrEmpty(searchText) && string.IsNullOrEmpty(templateTypeString))
{
var parms = new IDataParameter[]
{
GetParameter(ParmSiteId, DataType.Integer, siteId)
};
var enumerable = ExecuteReader(SqlSelectAllTemplateBySiteId, parms);
return(enumerable);
}
if (!string.IsNullOrEmpty(searchText))
{
var whereString = (string.IsNullOrEmpty(templateTypeString)) ? string.Empty :
$"AND TemplateType = '{templateTypeString}' ";
searchText = AttackUtils.FilterSql(searchText);
whereString +=
$"AND (TemplateName LIKE '%{searchText}%' OR RelatedFileName LIKE '%{searchText}%' OR CreatedFileFullName LIKE '%{searchText}%' OR CreatedFileExtName LIKE '%{searchText}%')";
string sqlString =
$"SELECT Id, SiteId, TemplateName, TemplateType, RelatedFileName, CreatedFileFullName, CreatedFileExtName, Charset, IsDefault FROM siteserver_Template WHERE SiteId = {siteId} {whereString} ORDER BY TemplateType, RelatedFileName";
var enumerable = ExecuteReader(sqlString);
return(enumerable);
}
return(GetDataSourceByType(siteId, TemplateTypeUtils.GetEnumType(templateTypeString)));
}
public void Update(AdministratorInfo info)
{
info.DisplayName = AttackUtils.FilterXss(info.DisplayName);
info.Email = AttackUtils.FilterXss(info.Email);
info.Mobile = AttackUtils.FilterXss(info.Mobile);
IDataParameter[] parms =
{
GetParameter(ParmLastActivityDate, DataType.DateTime, info.LastActivityDate),
GetParameter(ParmCountOfLogin, DataType.Integer, info.CountOfLogin),
GetParameter(ParmCountOfFailedLogin, DataType.Integer, info.CountOfFailedLogin),
GetParameter(ParmIsLockedOut, DataType.VarChar, 18,info.IsLockedOut.ToString()),
GetParameter(ParmSiteIdCollection, DataType.VarChar, 50,info.SiteIdCollection),
GetParameter(ParmSiteId, DataType.Integer, info.SiteId),
GetParameter(ParmDepartmentId, DataType.Integer, info.DepartmentId),
GetParameter(ParmAreaId, DataType.Integer, info.AreaId),
GetParameter(ParmDisplayname, DataType.VarChar, 255,info.DisplayName),
GetParameter(ParmEmail, DataType.VarChar, 255,info.Email),
GetParameter(ParmMobile, DataType.VarChar, 20,info.Mobile),
GetParameter(ParmUsername, DataType.VarChar, 255,info.UserName)
};
ExecuteNonQuery(SqlUpdateUser, parms);
DataProvider.DepartmentDao.UpdateCountOfAdmin();
DataProvider.AreaDao.UpdateCountOfAdmin();
AdminManager.UpdateCache(info);
}
public override IEnumerable <FloatMenuOption> GetFloatMenuOptions(Caravan caravan)
{
foreach (FloatMenuOption o in base.GetFloatMenuOptions(caravan))
{
yield return(o);
}
var player = this.Player;
// Передача товара
var minCostForTrade = 25000; // эту цифру изменять вместе с ServerManager.DoWorld()
bool disTrade = false;
if (SessionClientController.Data.ProtectingNovice)
{
var costAll = player.CostAllWorldObjects();
disTrade = player.Public.LastTick < 3600000 / 2 || costAll.MarketValue + costAll.MarketValuePawn < minCostForTrade;
}
var fmoTrade = new FloatMenuOption("OCity_Caravan_Trade".Translate(OnlinePlayerLogin + " " + OnlineName)
+ (disTrade ? "OCity_Caravan_Abort".Translate().ToString() + " " + minCostForTrade.ToString() : "") // "Вам нет года или стоимость меньше" You are under a year old or cost less than
, delegate
{
caravan.pather.StartPath(this.Tile, new CaravanArrivalAction_VisitOnline(this, "exchangeOfGoods"), true);
}, MenuOptionPriority.Default, null, null, 0f, null, this);
if (disTrade)
{
fmoTrade.Disabled = true;
}
yield return(fmoTrade);
// Атаковать
if (SessionClientController.My.EnablePVP &&
this is BaseOnline &&
GameAttacker.CanStart)
{
var dis = AttackUtils.CheckPossibilityAttack(SessionClientController.Data.MyEx
, player
, UpdateWorldController.GetMyByLocalId(caravan.ID).ServerId
, this.OnlineWObject.ServerId
, SessionClientController.Data.ProtectingNovice
);
var fmo = new FloatMenuOption("OCity_Caravan_Attack".Translate(OnlinePlayerLogin + " " + OnlineName)
+ (dis != null ? " (" + dis + ")" : "")
, delegate
{
caravan.pather.StartPath(this.Tile, new CaravanArrivalAction_VisitOnline(this, "attack"), true);
}, MenuOptionPriority.Default, null, null, 0f, null, this);
if (dis != null)
{
fmo.Disabled = true;
}
yield return(fmo);
}
//}
}
public bool Insert(AdministratorInfo adminInfo, out string errorMessage)
{
if (!InsertValidate(adminInfo.UserName, adminInfo.Password, adminInfo.Email, adminInfo.Mobile, out errorMessage))
{
return(false);
}
try
{
adminInfo.LastActivityDate = DateUtils.SqlMinValue;
adminInfo.CreationDate = DateTime.Now;
adminInfo.PasswordFormat = EPasswordFormatUtils.GetValue(EPasswordFormat.Encrypted);
adminInfo.Password = EncodePassword(adminInfo.Password, EPasswordFormatUtils.GetEnumType(adminInfo.PasswordFormat), out var passwordSalt);
adminInfo.PasswordSalt = passwordSalt;
adminInfo.DisplayName = AttackUtils.FilterXss(adminInfo.DisplayName);
adminInfo.Email = AttackUtils.FilterXss(adminInfo.Email);
adminInfo.Mobile = AttackUtils.FilterXss(adminInfo.Mobile);
IDataParameter[] parameters =
{
GetParameter(ParmUsername, DataType.VarChar, 255, adminInfo.UserName),
GetParameter(ParmPassword, DataType.VarChar, 255, adminInfo.Password),
GetParameter(ParmPasswordFormat, DataType.VarChar, 50, adminInfo.PasswordFormat),
GetParameter(ParmPasswordSalt, DataType.VarChar, 128, adminInfo.PasswordSalt),
GetParameter(ParmCreationDate, DataType.DateTime, adminInfo.CreationDate),
GetParameter(ParmLastActivityDate, DataType.DateTime, adminInfo.LastActivityDate),
GetParameter(ParmCountOfLogin, DataType.Integer, adminInfo.CountOfLogin),
GetParameter(ParmCountOfFailedLogin, DataType.Integer, adminInfo.CountOfFailedLogin),
GetParameter(ParmCreatorUsername, DataType.VarChar, 255, adminInfo.CreatorUserName),
GetParameter(ParmIsLockedOut, DataType.VarChar, 18, adminInfo.IsLockedOut.ToString()),
GetParameter(ParmSiteIdCollection, DataType.VarChar, 50, adminInfo.SiteIdCollection),
GetParameter(ParmSiteId, DataType.Integer, adminInfo.SiteId),
GetParameter(ParmDepartmentId, DataType.Integer, adminInfo.DepartmentId),
GetParameter(ParmAreaId, DataType.Integer, adminInfo.AreaId),
GetParameter(ParmDisplayname, DataType.VarChar, 255, adminInfo.DisplayName),
GetParameter(ParmMobile, DataType.VarChar, 20, adminInfo.Mobile),
GetParameter(ParmEmail, DataType.VarChar, 255, adminInfo.Email),
GetParameter(ParmAvatarUrl, DataType.VarChar, 200, adminInfo.AvatarUrl)
};
ExecuteNonQuery(SqlInsertUser, parameters);
DataProvider.DepartmentDao.UpdateCountOfAdmin();
DataProvider.AreaDao.UpdateCountOfAdmin();
var roles = new[] { EPredefinedRoleUtils.GetValue(EPredefinedRole.Administrator) };
DataProvider.AdministratorsInRolesDao.AddUserToRoles(adminInfo.UserName, roles);
return(true);
}
catch (Exception ex)
{
errorMessage = ex.Message;
return(false);
}
}
public string New(PlayerServer player, PlayerServer hostPlayer, AttackInitiatorToSrv fromClient, bool testMode)
{
if (ServerManager.ServerSettings.GeneralSettings.EnablePVP)
{
return("PVP online disable on this server");
}
if (!player.Online || !hostPlayer.Online)
{
Loger.Log($"Server AttackServer {Attacker.Public.Login} -> {Host.Public.Login} canceled: Attack not possible: player offline");
return("Attack not possible: player offline");
}
var err = AttackUtils.CheckPossibilityAttack(player, hostPlayer, fromClient.InitiatorPlaceServerId, fromClient.HostPlaceServerId
, ServerManager.ServerSettings.ProtectingNovice);
if (err != null)
{
Loger.Log($"Server AttackServer {Attacker.Public.Login} -> {Host.Public.Login} canceled: {err}");
return(err);
}
TestMode = testMode;
Attacker = player;
Host = hostPlayer;
Attacker.AttackData = this;
Host.AttackData = this;
HostPlaceServerId = fromClient.HostPlaceServerId;
InitiatorPlaceServerId = fromClient.InitiatorPlaceServerId;
var data = Repository.GetData;
var woip = data.WorldObjects.FirstOrDefault(wo => wo.ServerId == InitiatorPlaceServerId);
if (woip != null)
{
InitiatorPlaceTile = woip.Tile;
}
NewPawns = new List <ThingEntry>();
NewPawnsId = new List <int>();
NewThings = new List <ThingTrade>();
NewThingsId = new List <int>();
NewCorpses = new List <AttackCorpse>();
Delete = new List <int>();
UpdateState = new Dictionary <int, AttackThingState>();
UpdateCommand = new Dictionary <int, AttackPawnCommand>();
NeedNewThingIDs = new HashSet <int>();
CreateTime = DateTime.UtcNow;
AttackUpdateTick = 0;
if (!TestMode)
{
Host.Public.LastPVPTime = DateTime.UtcNow;
}
Loger.Log($"Server AttackServer {Attacker.Public.Login} -> {Host.Public.Login} New");
return(null);
}
private void SetTaxisSubtract(int id, string parentsPath, int subtractNum)
{
var path = AttackUtils.FilterSql(parentsPath);
var sqlString =
$"UPDATE siteserver_Department SET Taxis = Taxis - {subtractNum} WHERE Id = {id} OR ParentsPath = '{path}' OR ParentsPath LIKE '{path},%'";
ExecuteNonQuery(sqlString);
DepartmentManager.ClearCache();
}
private void SetTaxisAdd(int areaId, string parentsPath, int addNum)
{
var path = AttackUtils.FilterSql(parentsPath);
string sqlString =
$"UPDATE siteserver_Area SET Taxis = Taxis + {addNum} WHERE Id = {areaId} OR ParentsPath = '{path}' OR ParentsPath LIKE '{path},%'";
ExecuteNonQuery(sqlString);
AreaManager.ClearCache();
}
public override void Submit_OnClick(object sender, EventArgs e)
{
var isChanged = false;
var contentGroupInfo = new ContentGroupInfo
{
GroupName = AttackUtils.FilterXss(TbContentGroupName.Text),
SiteId = SiteId,
Description = TbDescription.Text
};
if (AuthRequest.IsQueryExists("GroupName"))
{
try
{
DataProvider.ContentGroupDao.Update(contentGroupInfo);
AuthRequest.AddSiteLog(SiteId, "修改内容组", $"内容组:{contentGroupInfo.GroupName}");
isChanged = true;
}
catch (Exception ex)
{
FailMessage(ex, "内容组修改失败!");
}
}
else
{
var contentGroupNameList = DataProvider.ContentGroupDao.GetGroupNameList(SiteId);
if (contentGroupNameList.IndexOf(TbContentGroupName.Text) != -1)
{
FailMessage("内容组添加失败,内容组名称已存在!");
}
else
{
try
{
DataProvider.ContentGroupDao.Insert(contentGroupInfo);
AuthRequest.AddSiteLog(SiteId, "添加内容组",
$"内容组:{contentGroupInfo.GroupName}");
isChanged = true;
}
catch (Exception ex)
{
FailMessage(ex, "内容组添加失败!");
}
}
}
if (isChanged)
{
LayerUtils.Close(Page);
}
}
public static Dictionary <string, object> SaveAttributes(SiteInfo siteInfo, List <TableStyleInfo> styleInfoList, NameValueCollection formCollection, List <string> dontAddAttributes)
{
var dict = new Dictionary <string, object>();
if (dontAddAttributes == null)
{
dontAddAttributes = new List <string>();
}
foreach (var styleInfo in styleInfoList)
{
if (StringUtils.ContainsIgnoreCase(dontAddAttributes, styleInfo.AttributeName))
{
continue;
}
//var theValue = GetValueByForm(styleInfo, siteInfo, formCollection);
var theValue = formCollection[styleInfo.AttributeName] ?? string.Empty;
var inputType = styleInfo.InputType;
if (inputType == InputType.TextEditor)
{
theValue = ContentUtility.TextEditorContentEncode(siteInfo, theValue);
theValue = UEditorUtils.TranslateToStlElement(theValue);
}
if (inputType != InputType.TextEditor && inputType != InputType.Image && inputType != InputType.File && inputType != InputType.Video && styleInfo.AttributeName != ContentAttribute.LinkUrl)
{
theValue = AttackUtils.FilterXss(theValue);
}
dict[styleInfo.AttributeName] = theValue;
if (styleInfo.Additional.IsFormatString)
{
var formatString = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatStrong"]);
var formatEm = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatEM"]);
var formatU = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatU"]);
var formatColor = formCollection[styleInfo.AttributeName + "_formatColor"];
var theFormatString = ContentUtility.GetTitleFormatString(formatString, formatEm, formatU, formatColor);
dict[ContentAttribute.GetFormatStringAttributeName(styleInfo.AttributeName)] = theFormatString;
}
if (inputType == InputType.Image || inputType == InputType.File || inputType == InputType.Video)
{
var attributeName = ContentAttribute.GetExtendAttributeName(styleInfo.AttributeName);
dict[attributeName] = formCollection[attributeName];
}
}
return(dict);
}
private static string GetGroupWhereString(DatabaseType databaseType, string group, string groupNot)
{
var whereStringBuilder = new StringBuilder();
if (!string.IsNullOrEmpty(group))
{
group = group.Trim().Trim(',');
var groupArr = group.Split(',');
if (groupArr.Length > 0)
{
whereStringBuilder.Append(" AND (");
foreach (var theGroup in groupArr)
{
var trimGroup = theGroup.Trim();
whereStringBuilder.Append(
$" (siteserver_Channel.GroupNames = '{trimGroup}' OR {SqlUtils.GetInStr(databaseType, "siteserver_Channel.GroupNames", trimGroup + ",")} OR {SqlUtils.GetInStr(databaseType, "siteserver_Channel.GroupNames", "," + trimGroup + ",")} OR {SqlUtils.GetInStr(databaseType, "siteserver_Channel.GroupNames", "," + trimGroup)}) OR ");
}
if (groupArr.Length > 0)
{
whereStringBuilder.Length -= 3;
}
whereStringBuilder.Append(") ");
}
}
if (!string.IsNullOrEmpty(groupNot))
{
groupNot = groupNot.Trim().Trim(',');
var groupNotArr = groupNot.Split(',');
if (groupNotArr.Length > 0)
{
whereStringBuilder.Append(" AND (");
foreach (var theGroupNot in groupNotArr)
{
var trimGroupNot = AttackUtils.FilterSql(theGroupNot.Trim());
//whereStringBuilder.Append(
// $" (siteserver_Channel.GroupNames <> '{trimGroupNot}' AND CHARINDEX('{trimGroupNot},',siteserver_Channel.GroupNames) = 0 AND CHARINDEX(',{trimGroupNot},',siteserver_Channel.GroupNames) = 0 AND CHARINDEX(',{trimGroupNot}',siteserver_Channel.GroupNames) = 0) AND ");
whereStringBuilder.Append(
$" (siteserver_Channel.GroupNames <> '{trimGroupNot}' AND {SqlUtils.GetNotInStr(databaseType, "siteserver_Channel.GroupNames", trimGroupNot + ",")} AND {SqlUtils.GetNotInStr(databaseType, "siteserver_Channel.GroupNames", "," + trimGroupNot + ",")} AND {SqlUtils.GetNotInStr(databaseType, "siteserver_Channel.GroupNames", "," + trimGroupNot)}) AND ");
}
if (groupNotArr.Length > 0)
{
whereStringBuilder.Length -= 4;
}
whereStringBuilder.Append(") ");
}
}
return(whereStringBuilder.ToString());
}
public static void SaveAttributes(IAttributes attributes, SiteInfo siteInfo, List <TableStyleInfo> styleInfoList, NameValueCollection formCollection, List <string> dontAddAttributesLowercase)
{
if (dontAddAttributesLowercase == null)
{
dontAddAttributesLowercase = new List <string>();
}
foreach (var styleInfo in styleInfoList)
{
if (dontAddAttributesLowercase.Contains(styleInfo.AttributeName.ToLower()))
{
continue;
}
//var theValue = GetValueByForm(styleInfo, siteInfo, formCollection);
var theValue = formCollection[styleInfo.AttributeName] ?? string.Empty;
var inputType = styleInfo.InputType;
if (inputType == InputType.TextEditor)
{
theValue = ContentUtility.TextEditorContentEncode(siteInfo, theValue);
theValue = UEditorUtils.TranslateToStlElement(theValue);
}
if (inputType != InputType.TextEditor && inputType != InputType.Image && inputType != InputType.File && inputType != InputType.Video && styleInfo.AttributeName != ContentAttribute.LinkUrl)
{
theValue = AttackUtils.FilterSqlAndXss(theValue);
}
attributes.Set(styleInfo.AttributeName, theValue);
//TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, styleInfo.AttributeName, theValue);
if (styleInfo.Additional.IsFormatString)
{
var formatString = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatStrong"]);
var formatEm = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatEM"]);
var formatU = TranslateUtils.ToBool(formCollection[styleInfo.AttributeName + "_formatU"]);
var formatColor = formCollection[styleInfo.AttributeName + "_formatColor"];
var theFormatString = ContentUtility.GetTitleFormatString(formatString, formatEm, formatU, formatColor);
attributes.Set(ContentAttribute.GetFormatStringAttributeName(styleInfo.AttributeName), theFormatString);
//TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, ContentAttribute.GetFormatStringAttributeName(styleInfo.AttributeName), theFormatString);
}
if (inputType == InputType.Image || inputType == InputType.File || inputType == InputType.Video)
{
var attributeName = ContentAttribute.GetExtendAttributeName(styleInfo.AttributeName);
attributes.Set(attributeName, formCollection[attributeName]);
//TranslateUtils.SetOrRemoveAttributeLowerCase(attributes, attributeName, formCollection[attributeName]);
}
}
}
protected string GetString(IDataReader rdr, int i)
{
var value = rdr.IsDBNull(i) ? string.Empty : rdr.GetValue(i).ToString();
if (!string.IsNullOrEmpty(value))
{
value = AttackUtils.UnFilterSql(value);
}
if (WebConfigUtils.DatabaseType == DatabaseType.Oracle && value == SqlUtils.OracleEmptyValue)
{
value = string.Empty;
}
return(value);
}
public void Update(UserInfo userInfo)
{
if (userInfo == null)
{
return;
}
userInfo.DisplayName = AttackUtils.FilterXss(userInfo.DisplayName);
userInfo.Email = AttackUtils.FilterXss(userInfo.Email);
userInfo.Mobile = AttackUtils.FilterXss(userInfo.Mobile);
userInfo.AvatarUrl = AttackUtils.FilterXss(userInfo.AvatarUrl);
userInfo.Gender = AttackUtils.FilterXss(userInfo.Gender);
userInfo.Birthday = AttackUtils.FilterXss(userInfo.Birthday);
userInfo.WeiXin = AttackUtils.FilterXss(userInfo.WeiXin);
userInfo.Qq = AttackUtils.FilterXss(userInfo.Qq);
userInfo.WeiBo = AttackUtils.FilterXss(userInfo.WeiBo);
userInfo.Bio = AttackUtils.FilterXss(userInfo.Bio);
var sqlString = $"UPDATE {TableName} SET UserName = @UserName, CreateDate = @CreateDate, LastResetPasswordDate = @LastResetPasswordDate, LastActivityDate = @LastActivityDate, CountOfLogin = @CountOfLogin, CountOfFailedLogin = @CountOfFailedLogin, GroupId = @GroupId, IsChecked = @IsChecked, IsLockedOut = @IsLockedOut, DisplayName = @DisplayName, Email = @Email, Mobile = @Mobile, AvatarUrl = @AvatarUrl, Gender = @Gender, Birthday = @Birthday, WeiXin = @WeiXin, QQ = @QQ, WeiBo = @WeiBo, Bio = @Bio, SettingsXml = @SettingsXml WHERE Id = @Id";
var updateParms = new IDataParameter[]
{
GetParameter(ParmUserName, DataType.VarChar, 255, userInfo.UserName),
GetParameter(ParmCreateDate, DataType.DateTime, userInfo.CreateDate),
GetParameter(ParmLastResetPasswordDate, DataType.DateTime, userInfo.LastResetPasswordDate),
GetParameter(ParmLastActivityDate, DataType.DateTime, userInfo.LastActivityDate),
GetParameter(ParmCountOfLogin, DataType.Integer, userInfo.CountOfLogin),
GetParameter(ParmCountOfFailedLogin, DataType.Integer, userInfo.CountOfFailedLogin),
GetParameter(ParmGroupId, DataType.Integer, userInfo.GroupId),
GetParameter(ParmIsChecked, DataType.VarChar, 18, userInfo.IsChecked.ToString()),
GetParameter(ParmIsLockedOut, DataType.VarChar, 18, userInfo.IsLockedOut.ToString()),
GetParameter(ParmDisplayname, DataType.VarChar, 255, userInfo.DisplayName),
GetParameter(ParmEmail, DataType.VarChar, 255, userInfo.Email),
GetParameter(ParmMobile, DataType.VarChar, 20, userInfo.Mobile),
GetParameter(ParmAvatarUrl, DataType.VarChar, 200, userInfo.AvatarUrl),
GetParameter(ParmGender, DataType.VarChar, 255, userInfo.Gender),
GetParameter(ParmBirthday, DataType.VarChar, 50, userInfo.Birthday),
GetParameter(ParmWeixin, DataType.VarChar, 255, userInfo.WeiXin),
GetParameter(ParmQq, DataType.VarChar, 255, userInfo.Qq),
GetParameter(ParmWeibo, DataType.VarChar, 255, userInfo.WeiBo),
GetParameter(ParmBio, DataType.Text, userInfo.Bio),
GetParameter(ParmSettingsXml, DataType.Text, userInfo.ToString(UserAttribute.AllAttributes.Value)),
GetParameter(ParmId, DataType.Integer, userInfo.Id)
};
ExecuteNonQuery(sqlString, updateParms);
UserManager.UpdateCache(userInfo);
}
private bool UpdateTableStyleInfo(TableStyleInfo styleInfo, TableStyleInfo body, bool isRapid, List <string> rapidValues, out string errorMessage)
{
errorMessage = string.Empty;
styleInfo.AttributeName = body.AttributeName;
styleInfo.DisplayName = AttackUtils.FilterXss(body.DisplayName);
styleInfo.HelpText = body.HelpText;
styleInfo.Taxis = body.Taxis;
styleInfo.InputType = body.InputType;
styleInfo.DefaultValue = body.DefaultValue;
styleInfo.IsHorizontal = body.IsHorizontal;
styleInfo.ExtendValues = body.Additional.ToString();
styleInfo.StyleItems = new List <TableStyleItemInfo>();
if (body.InputType == InputType.CheckBox || body.InputType == InputType.Radio || body.InputType == InputType.SelectMultiple || body.InputType == InputType.SelectOne)
{
if (isRapid)
{
foreach (var rapidValue in rapidValues)
{
var itemInfo = new TableStyleItemInfo(0, styleInfo.Id, rapidValue, rapidValue, false);
styleInfo.StyleItems.Add(itemInfo);
}
}
else
{
var isHasSelected = false;
foreach (var styleItem in body.StyleItems)
{
if (body.InputType != InputType.SelectMultiple && body.InputType != InputType.CheckBox && isHasSelected && styleItem.IsSelected)
{
errorMessage = "操作失败,只能有一个初始化时选定项!";
return(false);
}
if (styleItem.IsSelected)
{
isHasSelected = true;
}
var itemInfo = new TableStyleItemInfo(0, styleInfo.Id, styleItem.ItemTitle, styleItem.ItemValue, styleItem.IsSelected);
styleInfo.StyleItems.Add(itemInfo);
}
}
}
DataProvider.TableStyleDao.Update(styleInfo);
return(true);
}
private int InsertWithoutValidation(UserInfo userInfo, string password, EPasswordFormat passwordFormat, string passwordSalt)
{
var sqlString = $"INSERT INTO {TableName} (UserName, Password, PasswordFormat, PasswordSalt, CreateDate, LastResetPasswordDate, LastActivityDate, CountOfLogin, CountOfFailedLogin, GroupId, IsChecked, IsLockedOut, DisplayName, Email, Mobile, AvatarUrl, Gender, Birthday, WeiXin, QQ, WeiBo, Bio, SettingsXml) VALUES (@UserName, @Password, @PasswordFormat, @PasswordSalt, @CreateDate, @LastResetPasswordDate, @LastActivityDate, @CountOfLogin, @CountOfFailedLogin, @GroupId, @IsChecked, @IsLockedOut, @DisplayName, @Email, @Mobile, @AvatarUrl, @Gender, @Birthday, @WeiXin, @QQ, @WeiBo, @Bio, @SettingsXml)";
userInfo.CreateDate = DateTime.Now;
userInfo.LastActivityDate = DateTime.Now;
userInfo.LastResetPasswordDate = DateTime.Now;
userInfo.DisplayName = AttackUtils.FilterXss(userInfo.DisplayName);
userInfo.Email = AttackUtils.FilterXss(userInfo.Email);
userInfo.Mobile = AttackUtils.FilterXss(userInfo.Mobile);
userInfo.AvatarUrl = AttackUtils.FilterXss(userInfo.AvatarUrl);
userInfo.Gender = AttackUtils.FilterXss(userInfo.Gender);
userInfo.Birthday = AttackUtils.FilterXss(userInfo.Birthday);
userInfo.WeiXin = AttackUtils.FilterXss(userInfo.WeiXin);
userInfo.Qq = AttackUtils.FilterXss(userInfo.Qq);
userInfo.WeiBo = AttackUtils.FilterXss(userInfo.WeiBo);
userInfo.Bio = AttackUtils.FilterXss(userInfo.Bio);
var settingsXml = userInfo.ToString(UserAttribute.AllAttributes.Value);
var parameters = new IDataParameter[]
{
GetParameter(ParmUserName, DataType.VarChar, 255, userInfo.UserName),
GetParameter(ParmPassword, DataType.VarChar, 255, password),
GetParameter(ParmPasswordFormat, DataType.VarChar, 50, EPasswordFormatUtils.GetValue(passwordFormat)),
GetParameter(ParmPasswordSalt, DataType.VarChar, 128, passwordSalt),
GetParameter(ParmCreateDate, DataType.DateTime, userInfo.CreateDate),
GetParameter(ParmLastResetPasswordDate, DataType.DateTime, userInfo.LastResetPasswordDate),
GetParameter(ParmLastActivityDate, DataType.DateTime, userInfo.LastActivityDate),
GetParameter(ParmCountOfLogin, DataType.Integer, userInfo.CountOfLogin),
GetParameter(ParmCountOfFailedLogin, DataType.Integer, userInfo.CountOfFailedLogin),
GetParameter(ParmGroupId, DataType.Integer, userInfo.GroupId),
GetParameter(ParmIsChecked, DataType.VarChar, 18, userInfo.IsChecked.ToString()),
GetParameter(ParmIsLockedOut, DataType.VarChar, 18, userInfo.IsLockedOut.ToString()),
GetParameter(ParmDisplayname, DataType.VarChar, 255, userInfo.DisplayName),
GetParameter(ParmEmail, DataType.VarChar, 255, userInfo.Email),
GetParameter(ParmMobile, DataType.VarChar, 20, userInfo.Mobile),
GetParameter(ParmAvatarUrl, DataType.VarChar, 200, userInfo.AvatarUrl),
GetParameter(ParmGender, DataType.VarChar, 255, userInfo.Gender),
GetParameter(ParmBirthday, DataType.VarChar, 50, userInfo.Birthday),
GetParameter(ParmWeixin, DataType.VarChar, 255, userInfo.WeiXin),
GetParameter(ParmQq, DataType.VarChar, 255, userInfo.Qq),
GetParameter(ParmWeibo, DataType.VarChar, 255, userInfo.WeiBo),
GetParameter(ParmBio, DataType.Text, userInfo.Bio),
GetParameter(ParmSettingsXml, DataType.Text, settingsXml)
};
return(ExecuteNonQueryAndReturnId(TableName, UserAttribute.Id, sqlString, parameters));
}
public IHttpActionResult Main()
{
try
{
var request = new AuthenticatedRequest();
var siteId = request.GetPostInt("siteId");
var pageChannelId = request.GetPostInt("pageChannelId");
if (pageChannelId == 0)
{
pageChannelId = siteId;
}
var pageContentId = request.GetPostInt("pageContentId");
var pageTemplateId = request.GetPostInt("pageTemplateId");
var isPageRefresh = request.GetPostBool("isPageRefresh");
var templateContent = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("templateContent"));
var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxDivId"));
var channelId = request.GetPostInt("channelId");
if (channelId == 0)
{
channelId = pageChannelId;
}
var contentId = request.GetPostInt("contentId");
if (contentId == 0)
{
contentId = pageContentId;
}
var pageUrl = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("pageUrl"));
var pageIndex = request.GetPostInt("pageNum");
if (pageIndex > 0)
{
pageIndex--;
}
var queryString = PageUtils.GetQueryStringFilterXss(PageUtils.UrlDecode(HttpContext.Current.Request.RawUrl));
queryString.Remove("siteId");
return(Ok(new
{
Html = StlDynamic.ParseDynamicContent(siteId, channelId, contentId, pageTemplateId, isPageRefresh, templateContent, pageUrl, pageIndex, ajaxDivId, queryString, request.UserInfo)
}));
}
catch (Exception ex)
{
return(InternalServerError(ex));
}
}
public static string ParseRequestEntities(NameValueCollection queryString, string templateContent)
{
if (queryString != null && queryString.Count > 0)
{
foreach (string key in queryString.Keys)
{
var value = queryString[key];
value = WebUtility.UrlDecode(value);
value = AttackUtils.FilterSqlAndXss(value);
templateContent = StringUtils.ReplaceIgnoreCase(templateContent, $"{{Request.{key}}}", value);
}
}
return(RegexUtils.Replace("{Request.[^}]+}", templateContent, string.Empty));
}
private int GetMaxTaxisByParentPath(string parentPath)
{
parentPath = AttackUtils.FilterSql(parentPath);
var sqlString = string.Concat("SELECT MAX(Taxis) AS MaxTaxis FROM siteserver_Department WHERE (ParentsPath = '", parentPath, "') OR (ParentsPath LIKE '", parentPath, ",%')");
var maxTaxis = 0;
using (var rdr = ExecuteReader(sqlString))
{
if (rdr.Read())
{
maxTaxis = GetInt(rdr, 0);
}
rdr.Close();
}
return(maxTaxis);
}
public List <string> GetTagListByStartString(int siteId, string startString, int totalNum)
{
var sqlWithParameter = SqlUtils.GetInStrWithParameter("Tag", AttackUtils.FilterSql(startString));
var sqlString = SqlUtils.GetDistinctTopSqlString("siteserver_Tag", "Tag, UseNum",
$"WHERE SiteId = @SiteId AND {sqlWithParameter.Key}",
"ORDER BY UseNum DESC", totalNum);
IDataParameter[] parameters =
{
GetParameter("@SiteId", DataType.Integer, siteId),
sqlWithParameter.Value
};
return(DataProvider.DatabaseDao.GetStringList(sqlString, parameters));
}
public string GetSelectCommend(string category, string pluginId, string keyword, string dateFrom, string dateTo)
{
var whereString = new StringBuilder();
if (!string.IsNullOrEmpty(category))
{
whereString.Append($"Category = '{AttackUtils.FilterSql(category)}'");
}
if (!string.IsNullOrEmpty(pluginId))
{
whereString.Append($"PluginId = '{AttackUtils.FilterSql(pluginId)}'");
}
if (!string.IsNullOrEmpty(keyword))
{
if (whereString.Length > 0)
{
whereString.Append(" AND ");
}
var filterKeyword = AttackUtils.FilterSql(keyword);
var keywordId = TranslateUtils.ToInt(keyword);
whereString.Append(keywordId > 0
? $"Id = {keywordId}"
: $"(Message LIKE '%{filterKeyword}%' OR Stacktrace LIKE '%{filterKeyword}%' OR Summary LIKE '%{filterKeyword}%')");
}
if (!string.IsNullOrEmpty(dateFrom))
{
if (whereString.Length > 0)
{
whereString.Append(" AND ");
}
whereString.Append($"AddDate >= {SqlUtils.GetComparableDate(TranslateUtils.ToDateTime(dateFrom))}");
}
if (!string.IsNullOrEmpty(dateTo))
{
if (whereString.Length > 0)
{
whereString.Append(" AND ");
}
whereString.Append($"AddDate <= {SqlUtils.GetComparableDate(TranslateUtils.ToDateTime(dateTo))}");
}
return(whereString.Length > 0
? $"SELECT Id, Category, PluginId, Message, Stacktrace, Summary, AddDate FROM {TableName} WHERE {whereString}"
: $"SELECT Id, Category, PluginId, Message, Stacktrace, Summary, AddDate FROM {TableName}");
}
public string GetSelectCommend(string userName, string keyword, string dateFrom, string dateTo)
{
if (string.IsNullOrEmpty(userName) && string.IsNullOrEmpty(keyword) && string.IsNullOrEmpty(dateFrom) && string.IsNullOrEmpty(dateTo))
{
return(GetSelectCommend());
}
var whereString = new StringBuilder("WHERE ");
var isWhere = false;
if (!string.IsNullOrEmpty(userName))
{
isWhere = true;
whereString.AppendFormat("(UserName = '******')", AttackUtils.FilterSql(userName));
}
if (!string.IsNullOrEmpty(keyword))
{
if (isWhere)
{
whereString.Append(" AND ");
}
isWhere = true;
whereString.AppendFormat("(Action LIKE '%{0}%' OR Summary LIKE '%{0}%')", AttackUtils.FilterSql(keyword));
}
if (!string.IsNullOrEmpty(dateFrom))
{
if (isWhere)
{
whereString.Append(" AND ");
}
isWhere = true;
whereString.Append($"(AddDate >= {SqlUtils.GetComparableDate(TranslateUtils.ToDateTime(dateFrom))})");
}
if (!string.IsNullOrEmpty(dateTo))
{
if (isWhere)
{
whereString.Append(" AND ");
}
whereString.Append($"(AddDate <= {SqlUtils.GetComparableDate(TranslateUtils.ToDateTime(dateTo))})");
}
return("SELECT ID, UserName, IPAddress, AddDate, Action, Summary FROM siteserver_UserLog " + whereString);
}
private string GetWhereString(string tag, int siteId, int contentId)
{
var builder = new StringBuilder();
builder.Append($" WHERE SiteId = {siteId} ");
if (!string.IsNullOrEmpty(tag))
{
builder.Append($"AND Tag = '{AttackUtils.FilterSql(tag)}' ");
}
if (contentId > 0)
{
builder.Append(
$"AND (ContentIdCollection = '{contentId}' OR ContentIdCollection LIKE '{contentId},%' OR ContentIdCollection LIKE '%,{contentId},%' OR ContentIdCollection LIKE '%,{contentId}')");
}
return(builder.ToString());
}
public bool IsExists(string tableName)
{
var isExists = false;
string sqlString =
$"SELECT TableName FROM siteserver_Table WHERE TableName = '{AttackUtils.FilterSql(tableName)}'";
using (var rdr = ExecuteReader(sqlString))
{
if (rdr.Read() && !rdr.IsDBNull(0))
{
isExists = true;
}
rdr.Close();
}
return(isExists);
}
private static NameValueCollection GetQueryStringFilterSqlAndXss(string url)
{
if (string.IsNullOrEmpty(url) || url.IndexOf("?", StringComparison.Ordinal) == -1)
{
return(new NameValueCollection());
}
var attributes = new NameValueCollection();
var querystring = url.Substring(url.IndexOf("?", StringComparison.Ordinal) + 1);
var originals = TranslateUtils.ToNameValueCollection(querystring);
foreach (string key in originals.Keys)
{
attributes[key] = AttackUtils.FilterSqlAndXss(originals[key]);
}
return(attributes);
}
public IHttpActionResult Main()
{
try
{
var request = new AuthRequest();
var siteId = request.GetPostInt("siteId");
var channelId = request.GetPostInt("channelId");
var contentId = request.GetPostInt("contentId");
var templateId = request.GetPostInt("templateId");
var ajaxDivId = AttackUtils.FilterSqlAndXss(request.GetPostString("ajaxDivId"));
var pageUrl = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("pageUrl"));
var testType = AttackUtils.FilterSqlAndXss(request.GetPostString("testType"));
//var testValue = PageUtils.FilterSqlAndXss(request.GetPostString("testValue"));
//var testOperate = PageUtils.FilterSqlAndXss(request.GetPostString("testOperate"));
var successTemplate = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("successTemplate"));
var failureTemplate = TranslateUtils.DecryptStringBySecretKey(request.GetPostString("failureTemplate"));
var isSuccess = false;
if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsUserLoggin))
{
isSuccess = request.IsUserLoggin;
}
else if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsAdministratorLoggin))
{
isSuccess = request.IsAdminLoggin;
}
else if (StringUtils.EqualsIgnoreCase(testType, StlIf.TypeIsUserOrAdministratorLoggin))
{
isSuccess = request.IsUserLoggin || request.IsAdminLoggin;
}
return(Ok(new
{
Html = StlDynamic.ParseDynamicContent(siteId, channelId, contentId, templateId, false, isSuccess ? successTemplate : failureTemplate, pageUrl, 0, ajaxDivId, null, request.UserInfo)
}));
}
catch (Exception ex)
{
return(InternalServerError(ex));
}
}
public ApiContentsParameters(RequestImpl request)
{
ChannelIds = TranslateUtils.StringCollectionToIntList(request.GetQueryString("channelIds"));
ChannelGroup = StringUtils.Trim(AttackUtils.FilterSql(request.GetQueryString("channelGroup")));
ContentGroup = StringUtils.Trim(AttackUtils.FilterSql(request.GetQueryString("contentGroup")));
Tag = StringUtils.Trim(AttackUtils.FilterSql(request.GetQueryString("tag")));
Top = request.GetQueryInt("top", 20);
Skip = request.GetQueryInt("skip");
Likes = TranslateUtils.StringCollectionToStringList(StringUtils.Trim(AttackUtils.FilterSql(request.GetQueryString("like"))));
OrderBy = StringUtils.Trim(AttackUtils.FilterSql(request.GetQueryString("orderBy")));
QueryString = new NameValueCollection(request.QueryString);
QueryString.Remove("siteId");
QueryString.Remove("channelIds");
QueryString.Remove("channelGroup");
QueryString.Remove("contentGroup");
QueryString.Remove("tag");
QueryString.Remove("top");
QueryString.Remove("skip");
QueryString.Remove("like");
QueryString.Remove("orderBy");
}
public string GetSqlString(string keyword, string dateFrom, string dateTo)
{
if (string.IsNullOrEmpty(keyword) && string.IsNullOrEmpty(dateFrom) && string.IsNullOrEmpty(dateTo))
{
return(GetSqlString());
}
var whereString = new StringBuilder("WHERE ");
var isWhere = false;
if (!string.IsNullOrEmpty(keyword))
{
isWhere = true;
var filterKeyword = AttackUtils.FilterSql(keyword);
whereString.Append(
$"(Text LIKE '%{filterKeyword}%' OR Summary LIKE '%{filterKeyword}%' OR Source LIKE '%{filterKeyword}%')");
}
if (!string.IsNullOrEmpty(dateFrom))
{
if (isWhere)
{
whereString.Append(" AND ");
}
isWhere = true;
whereString.Append($"(AddDate >= {SqlUtils.GetComparableDate(TranslateUtils.ToDateTime(dateFrom))})");
}
if (!string.IsNullOrEmpty(dateTo))
{
if (isWhere)
{
whereString.Append(" AND ");
}
whereString.Append($"(AddDate <= {SqlUtils.GetComparableDate(TranslateUtils.ToDateTime(dateTo))})");
}
return($"SELECT Id, Text, Summary, Source, AddDate FROM {TableName} {whereString}");
}
public override IEnumerable <FloatMenuOption> GetFloatMenuOptions(Caravan caravan)
{
foreach (FloatMenuOption o in base.GetFloatMenuOptions(caravan))
{
yield return(o);
}
yield return(new FloatMenuOption("OCity_Caravan_Trade".Translate(OnlinePlayerLogin + " " + OnlineName), delegate
{
caravan.pather.StartPath(this.Tile, new CaravanArrivalAction_VisitOnline(this, "exchangeOfGoods"), true);
}, MenuOptionPriority.Default, null, null, 0f, null, this));
if (SessionClientController.My.EnablePVP &&
this is BaseOnline &&
GameAttacker.CanStart)
{
var dis = AttackUtils.CheckPossibilityAttack(SessionClientController.Data.MyEx
, this.Player
, UpdateWorldController.GetMyByLocalId(caravan.ID).ServerId
, this.OnlineWObject.ServerId
);
var fmo = new FloatMenuOption("OCity_Caravan_Attack".Translate(OnlinePlayerLogin + " " + OnlineName)
+ (dis != null ? " (" + dis + ")" : "")
, delegate
{
caravan.pather.StartPath(this.Tile, new CaravanArrivalAction_VisitOnline(this, "attack"), true);
}, MenuOptionPriority.Default, null, null, 0f, null, this);
if (dis != null)
{
fmo.Disabled = true;
}
yield return(fmo);
}
//}
}
