Esempio n. 1
0
 private static string FixUsername(string username)
 {
     //Since the hashPassword function is case sensitive, recv the real thing from db.
     //HACK, this needs password recovery to be solved.
     using(Db db = new Db())
     {
         db.CommandText = "SELECT username FROM tMember WHERE lower(username) = @username";
         db.AddParameter("@username", username);
         username = db.ExecuteScalar() as string;
         return username;
     }
 }
Esempio n. 2
0
        private static void HandleDetailsUpdate(HttpRequest Request, HttpResponse Response, Guid userId)
        {
            BinaryReader r			= new BinaryReader(Request.InputStream);
            int responseVersion		= 0;
            int responseCode		= -1;
            Encoding e				= Encoding.Unicode;
            try
            {
                int clientVersion	= r.ReadInt32();
                responseVersion		= clientVersion;
                if(userId == Guid.Empty)
                {
                    responseCode = -2;
                    return;
                }
                int itemcount		= r.ReadInt32();
                using(Db db = new Db())
                {
                    db.CommandText = "UPDATE tPhoto SET name=@title, comment=@text WHERE id=@photoId";
                    IDataParameter pid		= db.AddParameter("@photoId",	Guid.Empty);
                    IDataParameter ptitle	= db.AddParameter("@title",		string.Empty);
                    IDataParameter ptext	= db.AddParameter("@text",		string.Empty);
                    for(int i=0;i<itemcount;i++)
                    {
                        Guid photoId = new Guid(r.ReadBytes(16));
                        int len;
                        byte[] raw;
                        len = r.ReadInt32();
                        raw = r.ReadBytes(len);
                        string title = e.GetString(raw, 0, raw.Length-2);

                        len = r.ReadInt32();
                        raw = r.ReadBytes(len);
                        string text = e.GetString(raw, 0, raw.Length-2);

                        bool ok;
                        try
                        {
                            Database.EnforcePhotoPermission(userId, photoId, Permission.Change);
                            pid.Value		= photoId;
                            ptitle.Value	= title;
                            ptext.Value		= text;
                            ok = db.ExecuteNonQuery(0)==1;
                        }
                        catch(System.Data.SqlClient.SqlException exc)
                        {
                            string debug = exc.ToString();
                            throw;
                        }
                        catch(Error_AccessDenied)
                        {
                            ok = false;
                            Log.LogSecurity(2, "Denied access to edit photo details with client control. userId:{0}, photoId:{1}, title{2}, text:{3}.",
                                userId, photoId, title, text);
                        }
                    }
                }
                responseCode = 0;
                Log.LogStatistics(2, "Updated details for {0} photos.", itemcount);
            }
            catch
            {
                responseCode = -1;
                throw;
            }
            finally
            {
                BinaryWriter writer = new BinaryWriter(Response.OutputStream);

                writer.Write(responseVersion);
                writer.Write(responseCode);

                writer.Flush();
            }
        }
Esempio n. 3
0
        public static void HandleUserLookup(HttpRequest Request, HttpResponse Response, Guid userId)
        {
            try
            {
                ClientControlsReader r	= new ClientControlsReader(Request.InputStream);
                Response.ClearContent();
                ClientControlsWriter w = new ClientControlsWriter(Response.OutputStream);

                w.Write(1);

                string query = Request["userquery"];

                //Write result code
                if(query == null || query.Length == 0)
                {
                    w.Write(-1);
                    return;
                }
                else
                    w.Write(0);

                query = "%"+query+"%";
                ArrayList data = new ArrayList();
                using(Db db = new Db())
                {
                    db.CommandText = @"
                            SELECT id, fullNameClean as fullName, username, email
                            FROM tMember
                            WHERE fullName LIKE @q OR email LIKE @q OR username LIKE @q
                            ORDER BY fullNameClean ASC
                            ";
                    db.AddParameter("@q", query);
                    while(db.Read())
                    {
                        UserInfo user	= new UserInfo();
                        user.username	= (string)db["username"];
                        user.id			= (Guid)db["id"];
                        user.email		= db["email"] as string;
                        user.name		= (string)db["fullName"];
                        data.Add(user);
                    }
                }

                w.Write((int)data.Count);
                foreach(object o in data)
                {
                    if(o is UserInfo)
                    {
                        w.Write((byte)0);
                        UserInfo user = (UserInfo)o;
                        w.Write(user.id.ToByteArray());
                        w.WriteString(user.username);
                        w.WriteString(user.email);
                        w.WriteString(user.name);
                    }
                }

                int a = 3;
            }
            finally
            {
                Response.Flush();
                Response.Close();
                Response.End();
            }
        }