public static void WriteLog(ActionLog actionlog)
{
string folder = "G:\\Study\\Database";
if (!Directory.Exists(folder))
{
Directory.CreateDirectory(folder);
}
File.WriteAllText(string.Format("{0}\\{1}.txt", folder, DateTime.Now.ToString("yyyyMMdd")), "测试信息向文件中覆盖写入信息", Encoding.UTF8);
//在将文本写入文件前,处理文本行
//StreamWriter一个参数默认覆盖
//StreamWriter第二个参数为false覆盖现有文件,为true则把文本追加到文件末尾
using (StreamWriter file = new StreamWriter(string.Format("{0}\\{1}.txt", folder, DateTime.Now.ToString("dd")), true))
{
file.WriteLine(string.Format("User:{0} Action:{1} Book:{2} Time:{3}", actionlog.user_id, actionlog.action_type, actionlog.Book_id, actionlog.time)); //直接追加文件末尾,不换行
file.WriteLine("---------------------------------");
file.WriteLine(); // 直接追加文件末尾,换行
file.Close();
}
}
// POST api/values
public SendContent Post([FromBody] string value)
{
ActionLog actionlog = new ActionLog();
var receivecontent = JsonConvert.DeserializeObject <ReceiveContent>(value);
SendContent sendcontent = new SendContent();
DateTime current_time = new DateTime();
Model.login();
if (PublicInfo.conn_result != "succeed")
{
string sendmsg = System.String.Format("Login error: {0}", PublicInfo.conn_result);
sendcontent.func_select = 1;
sendcontent.content = sendmsg;
return(sendcontent);
}
if (receivecontent.func_select == 0 || receivecontent.func_select == 1 || receivecontent.func_select == 3 || receivecontent.func_select == 4)
{
if (receivecontent.func_select == 0)
{
bool tag_temp;
string temp = null;
if (receivecontent.login.login_type == 0)
{
try
{
string temp_command = "Select password from PB14000314_user_1 Where username=@username";
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
cmd.Parameters.AddWithValue("@username", receivecontent.login.user_name);
cmd.CommandText = temp_command;
SqlDataReader reader = cmd.ExecuteReader();
reader.Read();
temp = reader["password"].ToString();
reader.Dispose();
}
catch
{
string sendmsg = "Login Error! User name does not exist.";
sendcontent.func_select = 1;
sendcontent.content = sendmsg;
return(sendcontent);
}
}
else
{
try
{
string temp_command = "Select password from PB14000314_administrator Where admin_name=@username";
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
cmd.Parameters.AddWithValue("@username", receivecontent.login.user_name);
cmd.CommandText = temp_command;
SqlDataReader reader = cmd.ExecuteReader();
reader.Read();
temp = reader["password"].ToString();
reader.Dispose();
}
catch
{
string sendmsg = "Login Error! Administrator name does not exist.";
sendcontent.func_select = 1;
sendcontent.content = sendmsg;
return(sendcontent);
}
}
tag_temp = System.String.Equals(receivecontent.login.password.GetHashCode().ToString(), temp);
string aaa = "Login succeed.";
string password_hash = receivecontent.login.password.GetHashCode().ToString();
if (!tag_temp)
{
string sendmsg = "Login error! Password incorrect.";
sendcontent.func_select = 1;
sendcontent.content = sendmsg;
return(sendcontent);
}
else
{
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
string temp_command = null;
if (receivecontent.login.login_type == 0)
{
temp_command = "Select user_id from PB14000314_user_1 where username=@username";
}
else
{
temp_command = "Select admin_id from PB14000314_administrator where admin_name=@username";
}
cmd.Parameters.AddWithValue("@username", receivecontent.login.user_name);
cmd.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
PublicInfo.sda.Fill(dt);
DataRow dr = dt.Rows[0];
if (receivecontent.login.login_type == 0)
{
PublicInfo.user_id = dr["user_id"] as string;
}
else
{
PublicInfo.user_id = dr["admin_id"] as string;
}
PublicInfo.key = Model.GetRandomString(16);
sendcontent.key = PublicInfo.key;
Model.time_update();
string sendmsg = aaa;
sendcontent.func_select = 1;
sendcontent.content = sendmsg;
return(sendcontent);
}
}
if (receivecontent.func_select == 1)
{
try
{
if (receivecontent.search.match_type == 0)
{
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
string temp_command = System.String.Format("Select Book_id, Book_name, Book_author, Book_publisher, Book_saletime, Book_status from PB14000314_bookinfo_1 Where {0}='{1}'", receivecontent.search.search_condition, receivecontent.search.keyword);
cmd.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
PublicInfo.sda.Fill(dt);
sendcontent.data = Model.ConvertToList(dt);
}
else
{
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
string temp_command = System.String.Format("Select Book_id, Book_name, Book_author, Book_publisher, Book_saletime, Book_status from PB14000314_bookinfo_1 Where {0} Like '%{1}%'", receivecontent.search.search_condition, receivecontent.search.keyword);
cmd.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
PublicInfo.sda.Fill(dt);
sendcontent.data = Model.ConvertToList(dt);
}
sendcontent.func_select = 2;
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
if (receivecontent.func_select == 3)
{
sendcontent.func_select = 1;
sendcontent.content = "Logout succeed.";
PublicInfo.key = null;
PublicInfo.user_id = null;
}
if (receivecontent.func_select == 4)
{
try
{
string temp_command = "Select username from PB14000314_user_1 Where username=@username";
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
cmd.Parameters.AddWithValue("@username", receivecontent.register.user_name);
cmd.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
dt = new DataTable();
PublicInfo.sda.Fill(dt);
DataRow dr = dt.Rows[0];
string temp_username = dr["username"] as string;
if (System.String.Equals(temp_username, receivecontent.register.user_name))
{
sendcontent.func_select = 1;
sendcontent.content = "The user name already existed, please change another name.";
return(sendcontent);
}
}
catch
{
try
{
string temp_command = System.String.Format("Select count(user_id) as num from PB14000314_user_1");
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
cmd.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
dt = new DataTable();
PublicInfo.sda.Fill(dt);
DataRow dr = dt.Rows[0];
int temp_usernum = (dr["num"] as int?) ?? 0;
temp_usernum += 1;
string user_id;
if (temp_usernum < 10)
{
user_id = System.String.Format("U000{0}", temp_usernum.ToString());
}
else if (temp_usernum < 100)
{
user_id = System.String.Format("U00{0}", temp_usernum.ToString());
}
else
{
sendcontent.func_select = 1;
sendcontent.content = "Sorry, database is full.";
return(sendcontent);
}
temp_command = System.String.Format("Insert into PB14000314_user_1 values(@username, @email, @password, '{0}', 0)", user_id);
SqlCommand cmdtemp1 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp1.Parameters.AddWithValue("@username", receivecontent.register.user_name);
cmdtemp1.Parameters.AddWithValue("@email", receivecontent.register.email);
cmdtemp1.Parameters.AddWithValue("@password", receivecontent.register.password.GetHashCode().ToString());
cmdtemp1.CommandType = CommandType.Text;
cmdtemp1.ExecuteNonQuery();
sendcontent.func_select = 1;
sendcontent.content = "Register succeed.";
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
}
}
else
{
if (!String.Equals(receivecontent.varification, PublicInfo.key) || PublicInfo.key == null || !Model.time_check())
{
PublicInfo.key = null;
sendcontent.func_select = 9;
sendcontent.errormessage = "Please login first.";
return(sendcontent);
}
else
{
Model.time_update();
}
if (receivecontent.func_select == 2)
{
try
{
if (receivecontent.update.update_type == 0)
{
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
string temp_command = System.String.Format("Select owned_num from PB14000314_user_1 where user_id='{0}'", PublicInfo.user_id);
cmd.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
PublicInfo.sda.Fill(dt);
DataRow dr = dt.Rows[0];
int temp_num = (dr["owned_num"] as int?) ?? 0;
temp_command = "Select Book_status from PB14000314_bookinfo_1 where Book_id=@book_id";
cmd.CommandText = temp_command;
cmd.Parameters.AddWithValue("@book_id", receivecontent.update.book_id);
PublicInfo.sda = new SqlDataAdapter(cmd);
dt = new DataTable();
PublicInfo.sda.Fill(dt);
dr = dt.Rows[0];
current_time = DateTime.Now;
int temp_booknum = (dr["Book_status"] as int?) ?? 0;
if (temp_booknum == 0)
{
if (temp_num < 10)
{
temp_command = System.String.Format("update PB14000314_user_1 set owned_num = owned_num + 1 where user_id='{0}'", PublicInfo.user_id);
SqlCommand cmdtemp1 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp1.CommandType = CommandType.Text;
cmdtemp1.ExecuteNonQuery();
current_time = DateTime.Now;
temp_command = System.String.Format("insert into PB14000314_rent values('{0}', @book_id, {1}, {2}, {3})", PublicInfo.user_id, current_time.Year, current_time.Month, current_time.Day);
SqlCommand cmdtemp2 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp2.Parameters.AddWithValue("@book_id", receivecontent.update.book_id);
cmdtemp2.CommandType = CommandType.Text;
cmdtemp2.ExecuteNonQuery();
temp_command = "update PB14000314_bookinfo_1 set Book_status = 1 where Book_id=@book_id";
SqlCommand cmdtemp3 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp3.Parameters.AddWithValue("@book_id", receivecontent.update.book_id);
cmdtemp3.CommandType = CommandType.Text;
cmdtemp3.ExecuteNonQuery();
sendcontent.func_select = 1;
sendcontent.content = "Borrow completed.";
}
else
{
sendcontent.func_select = 1;
sendcontent.content = "You've already had 10 books, please return some first.";
}
}
else
{
sendcontent.func_select = 1;
sendcontent.content = "Sorry, this book is unavailable now.";
}
}
if (receivecontent.update.update_type == 1)
{
SqlCommand cmd1 = PublicInfo.currentconnection.CreateCommand();
string temp_command = System.String.Format("Select user_id from PB14000314_rent where user_id='{0}' and Book_id = @book_id", PublicInfo.user_id);
cmd1.CommandText = temp_command;
cmd1.Parameters.AddWithValue("@book_id", receivecontent.update.book_id);
PublicInfo.sda = new SqlDataAdapter(cmd1);
DataTable dt = new DataTable();
PublicInfo.sda.Fill(dt);
DataRow dr = dt.Rows[0];
string tempstring = dr["user_id"] as string;
if (tempstring == PublicInfo.user_id)
{
temp_command = System.String.Format("update PB14000314_user_1 set owned_num = owned_num - 1 where user_id='{0}'", PublicInfo.user_id);
SqlCommand cmdtemp1 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp1.CommandType = CommandType.Text;
cmdtemp1.ExecuteNonQuery();
temp_command = System.String.Format("delete from PB14000314_rent where user_id = '{0}' and Book_id = @book_id", PublicInfo.user_id);
SqlCommand cmdtemp2 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp2.Parameters.AddWithValue("@book_id", receivecontent.update.book_id);
cmdtemp2.CommandType = CommandType.Text;
cmdtemp2.ExecuteNonQuery();
temp_command = "update PB14000314_bookinfo_1 set Book_status = 0 where Book_id=@book_id";
SqlCommand cmdtemp3 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp3.Parameters.AddWithValue("@book_id", receivecontent.update.book_id);
cmdtemp3.CommandType = CommandType.Text;
cmdtemp3.ExecuteNonQuery();
sendcontent.func_select = 1;
sendcontent.content = "Return completed.";
}
else
{
sendcontent.func_select = 1;
sendcontent.content = "Sorry but you do not have this book, please check the book ID.";
}
}
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
if (receivecontent.func_select == 5)
{
try
{
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
string temp_command = "Select PB14000314_bookinfo_1.Book_id, Book_name, Book_author, Book_publisher, Book_saletime, Book_status from PB14000314_bookinfo_1, PB14000314_user_1, PB14000314_rent Where PB14000314_bookinfo_1.Book_id = PB14000314_rent.Book_id and PB14000314_user_1.user_id = PB14000314_rent.user_id and username = @username";
cmd.CommandText = temp_command;
cmd.Parameters.AddWithValue("@username", receivecontent.personalinfo.username);
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
PublicInfo.sda.Fill(dt);
sendcontent.data = Model.ConvertToList(dt);
SqlCommand cmd1 = PublicInfo.currentconnection.CreateCommand();
temp_command = System.String.Format("Select email from PB14000314_user_1 where user_id = '{0}'", PublicInfo.user_id);
cmd1.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd1);
dt = new DataTable();
PublicInfo.sda.Fill(dt);
DataRow dr = dt.Rows[0];
string temp_email = dr["email"] as string;
sendcontent.content = temp_email;
sendcontent.func_select = 3;
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
if (receivecontent.func_select == 6)
{
try
{
string temp_command = System.String.Format("update PB14000314_user_1 set username = @username where user_id='{0}'", PublicInfo.user_id);
SqlCommand cmdtemp1 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp1.Parameters.AddWithValue("@username", receivecontent.personalinfo.username);
cmdtemp1.CommandType = CommandType.Text;
cmdtemp1.ExecuteNonQuery();
sendcontent.func_select = 1;
sendcontent.content = "Username edit completed.";
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
if (receivecontent.func_select == 7)
{
try
{
string temp_command = System.String.Format("update PB14000314_user_1 set email = @email where user_id='{0}'", PublicInfo.user_id);
SqlCommand cmdtemp1 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp1.Parameters.AddWithValue("@email", receivecontent.personalinfo.email);
cmdtemp1.CommandType = CommandType.Text;
cmdtemp1.ExecuteNonQuery();
sendcontent.func_select = 1;
sendcontent.content = "Email address edit completed.";
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
if (receivecontent.func_select == 8)
{
try
{
string temp_command = System.String.Format("Select count(Book_id) as num from PB14000314_bookinfo_1");
SqlCommand cmd = PublicInfo.currentconnection.CreateCommand();
cmd.CommandText = temp_command;
PublicInfo.sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
dt = new DataTable();
PublicInfo.sda.Fill(dt);
DataRow dr = dt.Rows[0];
int temp_usernum = (dr["num"] as int?) ?? 0 + 1;
temp_usernum += 1;
string user_id;
if (temp_usernum < 10)
{
user_id = System.String.Format("B000{0}", temp_usernum.ToString());
}
else if (temp_usernum < 100)
{
user_id = System.String.Format("B00{0}", temp_usernum.ToString());
}
else
{
sendcontent.func_select = 1;
sendcontent.content = "Sorry, database is full.";
return(sendcontent);
}
temp_command = System.String.Format("Insert into PB14000314_bookinfo_1 values('{0}', @bookname, @price, @author, @publisher, @publish_year, 0)", user_id);
SqlCommand cmdtemp1 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp1.Parameters.AddWithValue("@bookname", receivecontent.newbook.name);
cmdtemp1.Parameters.AddWithValue("@price", receivecontent.newbook.price);
cmdtemp1.Parameters.AddWithValue("@author", receivecontent.newbook.author);
cmdtemp1.Parameters.AddWithValue("@publisher", receivecontent.newbook.publisher);
cmdtemp1.Parameters.AddWithValue("@publish_year", receivecontent.newbook.publish_year);
cmdtemp1.CommandType = CommandType.Text;
cmdtemp1.ExecuteNonQuery();
sendcontent.func_select = 1;
sendcontent.content = "Book addition succeed.";
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
if (receivecontent.func_select == 9)
{
try
{
string temp_command = "delete from PB14000314_bookinfo_1 where Book_id = @book_id";
SqlCommand cmdtemp1 = new SqlCommand(temp_command, PublicInfo.currentconnection);
cmdtemp1.Parameters.AddWithValue("@book_id", receivecontent.bookelimination.book_id);
cmdtemp1.CommandType = CommandType.Text;
cmdtemp1.ExecuteNonQuery();
sendcontent.func_select = 1;
sendcontent.content = "Book elimination succeed.";
}
catch (Exception ex)
{
sendcontent.func_select = 0;
sendcontent.errormessage = ex.ToString();
}
}
}
current_time = new DateTime();
current_time = DateTime.Now;
actionlog.action_type = (sendcontent.func_select == 0) ? receivecontent.func_select : 0;
actionlog.Book_id = receivecontent.update.book_id;
actionlog.user_id = PublicInfo.user_id;
actionlog.time = current_time.ToString("u");
Model.WriteLog(actionlog);
return(sendcontent);
}
