protected void alterarDados(object sender, EventArgs e)
{
if (txtSenha.Text != txtConfirmarSenha.Text)
{
Label1.Text = "A senha e confirmação de senha não conferem";
return;
}
if (Session["userID"] != null)
{
string URL = $"https://localhost:44323/api/ClienteOnline/" + Session["userID"];
string urlParameters = "";
HttpClient client = new HttpClient();
client.BaseAddress = new Uri(URL);
ClienteOnline cli;
if ((String.IsNullOrWhiteSpace(txtSenha.Text) || String.IsNullOrWhiteSpace(txtConfirmarSenha.Text)) && !String.IsNullOrWhiteSpace(TextBox1.Text) && !String.IsNullOrWhiteSpace(TextBox2.Text))
{
cli = new ClienteOnline(TextBox1.Text, TextBox2.Text, null, null);
}
else if (!String.IsNullOrWhiteSpace(TextBox1.Text) && !String.IsNullOrWhiteSpace(TextBox2.Text))
{
cli = new ClienteOnline(TextBox1.Text, TextBox2.Text, null, txtSenha.Text);
}
else
{
Label1.Text = "Digite um nome e sobrenome";
return;
}
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue((string)Session["userToken"]);
// Add an Accept header for JSON format.
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
// List data response.
JavaScriptSerializer serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
HttpResponseMessage response = client.PostAsync(urlParameters, new StringContent(serializer.Serialize(cli), Encoding.UTF8, "application/json")).Result;
if (response.IsSuccessStatusCode)
{
Label1.Text = "Dados alterados com sucesso!";
textboxs = false;
}
else
{
Label1.Text = "Erro";
}
}
else
{
Response.Redirect("Index2.aspx");
}
}
protected void btnRedefinir_Click(object sender, EventArgs e)
{
if (txtSenha.Text != txtConfirmarSenha.Text)
{
lblAvisoSenha.Text = "A senha e confirmação de senha não conferem";
return;
}
if (id != null && !String.IsNullOrWhiteSpace(txtSenha.Text) && !String.IsNullOrWhiteSpace(txtConfirmarSenha.Text))
{
string URL = $"https://localhost:44323/api/ClienteOnline/" + id;
string urlParameters = "";
HttpClient client = new HttpClient();
client.BaseAddress = new Uri(URL);
ClienteOnline cli;
cli = new ClienteOnline(null, null, null, txtSenha.Text);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token);
// Add an Accept header for JSON format.
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
// List data response.
JavaScriptSerializer serializer = new System.Web.Script.Serialization.JavaScriptSerializer();
HttpResponseMessage response = client.PostAsync(urlParameters, new StringContent(serializer.Serialize(cli), Encoding.UTF8, "application/json")).Result;
if (response.IsSuccessStatusCode)
{
lblAvisoSenha.Text = "Dados alterados com sucesso!";
}
else
{
lblAvisoSenha.Text = "Erro";
}
}
else
{
Response.Redirect("Index2.aspx");
}
}
public Dictionary <string, object> Put([FromBody] ClienteOnline newClient)
{
if (newClient.Login == null || newClient.Password == null || newClient.Nome == null || newClient.Sobrenome == null)
{
Response.StatusCode = StatusCodes.Status400BadRequest;
return(new Dictionary <string, object> {
{ "error", "MALFORMED_REQUEST_ERROR" },
});
}
if (!EmailChecker.IsValidEmail(newClient.Login))
{
Response.StatusCode = StatusCodes.Status400BadRequest;
return(new Dictionary <string, object> {
{ "error", "EMAIL_INVALID_ERROR" },
});
}
else if (newClient.Password.Length < 1)
{
return(new Dictionary <string, object> {
{ "error", "PASS_TOO_SHORT_ERROR" },
});
}
else if (newClient.Nome.Length < 1)
{
return(new Dictionary <string, object> {
{ "error", "NAME_TOO_SHORT_ERROR" },
});
}
else if (newClient.Sobrenome.Length < 1)
{
return(new Dictionary <string, object> {
{ "error", "SURNAME_TOO_SHORT_ERROR" },
});
}
else
{
using (
SqlConnection connection = new SqlConnection(string.Format("User ID={0}; Password={1}; Initial Catalog={2}; Persist Security Info=True;Data Source={3}", Program.dbLogin, Program.dbPass, "dbSblenders", Program.dbEnv))
)
using (
SqlCommand insertAgentCommand = new SqlCommand("INSERT INTO tbAgente(tipoAgenteID, agenteLogin, agenteSenha, agenteSalt) VALUES(1, @login, @pass, @salt) SELECT CAST(SCOPE_IDENTITY() AS INT)", connection)
)
{
string salt = RandomGenerator.GenerateHexString(32);
insertAgentCommand.Parameters.Add(new SqlParameter("@salt", salt));
insertAgentCommand.Parameters.Add(new SqlParameter("@login", newClient.Login));
insertAgentCommand.Parameters.Add(new SqlParameter("@pass", PasswordHasher.Hash(newClient.Password, salt)));
connection.Open();
int agentID;
try
{
agentID = (int)insertAgentCommand.ExecuteScalar();
}
catch (SqlException ex)
{
if (ex.Number == 2601 || ex.Number == 2627) //ver se é unique violation
{
Response.StatusCode = StatusCodes.Status400BadRequest;
return(new Dictionary <string, object> {
{ "error", "LOGIN_ALREADY_EXISTS_ERROR" }
});
}
else
{
Response.StatusCode = StatusCodes.Status500InternalServerError;
return(new Dictionary <string, object> {
{ "error", "INTERNAL_ERROR" }
});
}
}
using (
SqlCommand insertClientCommand = new SqlCommand("INSERT INTO tbClienteOnline(clienteOnlineNome, clienteOnlineSobrenome, clienteOnlineUrlVerifica, clienteOnlineVerificadoFlag, agenteID) VALUES(@name, @surname, @url, 0, @id)", connection)
)
{
string url = RandomGenerator.GenerateHexString(16);
insertClientCommand.Parameters.Add(new SqlParameter("@name", newClient.Nome));
insertClientCommand.Parameters.Add(new SqlParameter("@surname", newClient.Sobrenome));
insertClientCommand.Parameters.Add(new SqlParameter("@url", url));
insertClientCommand.Parameters.Add(new SqlParameter("@id", agentID));
int rowsAffected = insertClientCommand.ExecuteNonQuery();
if (rowsAffected < 1)
{
Response.StatusCode = StatusCodes.Status500InternalServerError;
return(new Dictionary <string, object> {
{ "error", "INTERNAL_ERROR" }
});
}
else
{
//mandar email aqui [email protected] wbBA6rgyGLQ5dPZ
string htmlString = string.Format("<h1>Clique neste link para verificar sua conta, {0}:</h1><br/><a href='http://*****:*****@gmail.com");
message.To.Add(new MailAddress(newClient.Login));
message.Subject = "Verifique sua conta SBLENDERS";
message.IsBodyHtml = true;
message.Body = htmlString;
smtp.Port = 587;
smtp.Host = "smtp.gmail.com";
smtp.EnableSsl = true;
smtp.UseDefaultCredentials = false;
smtp.Credentials = new NetworkCredential("*****@*****.**", "wbBA6rgyGLQ5dPZ");
smtp.DeliveryMethod = SmtpDeliveryMethod.Network;
smtp.Send(message);
return(new Dictionary <string, object> {
{ "message", "SUCCESS" }
});
}
}
}
}
}
public void Post([FromBody] ClienteOnline new_info, int id)
{
string token = Request.Headers["Authorization"];
using (
SqlConnection connection = new SqlConnection(string.Format(
"User ID={0}; Password={1}; Initial Catalog={2}; Persist Security Info=True;Data Source={3}"
, Program.dbLogin, Program.dbPass, "dbSblenders", Program.dbEnv))
)
using (
SqlCommand userQueryCommand = new SqlCommand(
"SELECT agenteID, tipoAgenteID, agenteSalt FROM tbAgente WHERE agenteID= @id AND agenteToken = @token;"
, connection)
){
userQueryCommand.Parameters.Add(new SqlParameter("@id", id));
userQueryCommand.Parameters.Add(new SqlParameter("@token", token));
using (SqlDataAdapter sqlAdapter = new SqlDataAdapter(userQueryCommand)){
var authTable = new DataTable();
sqlAdapter.Fill(authTable);
if (authTable.Rows.Count != 1)
{
Response.StatusCode = 403;
return;
}
else if ((int)authTable.Rows[0]["tipoAgenteID"] != 1)
{
Response.StatusCode = 403;
return;
}
else
{
using (SqlCommand changeInfoCommand = new SqlCommand()){
List <string> updateCommands = new List <string>();
bool updateData = false;
bool updatePass = false;
if (new_info.Nome != null)
{
updateData = true;
updateCommands.Add("clienteOnlineNome = @nome");
changeInfoCommand.Parameters.Add(new SqlParameter("@nome", new_info.Nome));
}
if (new_info.Sobrenome != null)
{
updateData = true;
updateCommands.Add("tbClienteOnline.clienteOnlineSobrenome = @sbnome");
changeInfoCommand.Parameters.Add(new SqlParameter("@sbnome", new_info.Sobrenome));
}
if (new_info.Password != null)
{
updatePass = true;
changeInfoCommand.Parameters.Add(new SqlParameter("@pass", PasswordHasher.Hash(new_info.Password, authTable.Rows[0]["agenteSalt"].ToString())));
}
changeInfoCommand.Parameters.Add(new SqlParameter("@id", id));
changeInfoCommand.Connection = connection;
if (updateData)
{
connection.Open();
changeInfoCommand.CommandText = $"UPDATE tbClienteOnline SET {String.Join(",",updateCommands.ToArray())} WHERE agenteID = @id";
changeInfoCommand.ExecuteNonQuery();
connection.Close();
}
if (updatePass)
{
connection.Open();
changeInfoCommand.CommandText = $"UPDATE tbAgente SET agenteSenha=@pass WHERE agenteID = @id";
changeInfoCommand.ExecuteNonQuery();
connection.Close();
}
connection.Close();
}
}
}
}
}
