コード例 #1
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Base.Verify(Request.Form, "Suname", "Supass", "Smaster"))
        {
            if (BCrypt.CheckPassword(Request["master"], "$2a$10$z52ZlOaVaduGiRfrHANPBuFDIWLkkVE1HMwbTXl7oX6sv2H4QF5/i"))
            {
                SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);
                SQLRow[]     RR = SI.ExecReader("SELECT [ID],[Password] FROM [Admin] WHERE [Email]=?", Request.Form["uname"]);
                if (RR.Length == 1)
                {
                    err = "Benutzer existiert bereits";
                }
                else
                {
                    SI.Exec("INSERT INTO [Admin] (ID,Email,Password) VALUES(NEWID(),?,?)", Request.Form["uname"], BCrypt.HashPassword(Request.Form["upass"], BCrypt.GenerateSalt()));
                    Response.Redirect("./");
                }
                SI.Dispose();
            }
            else
            {
                err = "Ungültiges Master Passwort";
            }
        }

        /*
         * string tmp = BCrypt.GenerateSalt();
         * string pwd = BCrypt.HashPassword("DINGENS", tmp);
         * Response.Write(string.Format("SALT: {0}; PWD: {1}", tmp, pwd));
         */
    }
コード例 #2
0
ファイル: Details.aspx.cs プロジェクト: AlCaponi/BWF
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Base.IsAdmin(Session[Base.SESSION.ADMIN_LOGIN], Session[Base.SESSION.ADMIN_ID]))
        {
            Response.Redirect("./");
        }
        if (!string.IsNullOrEmpty(Request["ID"]) && Base.GetGuid(Request["ID"]) != Guid.Empty)
        {
            SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);

            A = Base.GetAnlass(Base.GetGuid(Request["ID"]), SI);

            if (A != null)
            {
                A.Soldaten = Base.GetAnswers(Base.GetSoldaten(A.AnlassID, SI), SI);
            }
            else
            {
                //Nice try
                Response.Redirect("./");
            }
            SI.Dispose();
        }
        else
        {
            //Nice try
            Response.Redirect("./");
        }
    }
コード例 #3
0
ファイル: Default.aspx.cs プロジェクト: AlCaponi/BWF
 protected void Page_Load(object sender, EventArgs e)
 {
     if (Base.ToString(Request["logout"], "0") == "1" && Base.IsAdmin(Session[Base.SESSION.ADMIN_LOGIN], Session[Base.SESSION.ADMIN_ID]))
     {
         Session[Base.SESSION.ADMIN_LOGIN] = false;
         Session[Base.SESSION.ADMIN_ID]    = null;
     }
     else if (Base.Verify(Request.Form, "Suname", "Supass"))
     {
         SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);
         SQLRow[]     RR = SI.ExecReader("SELECT [ID],[Password] FROM [Admin] WHERE [Email]=?", Request.Form["uname"]);
         SI.Dispose();
         if (RR.Length == 1)
         {
             bool ok = BCrypt.CheckPassword(Request.Form["upass"], RR[0]["Password"].ToString());
             if (ok)
             {
                 Session[Base.SESSION.ADMIN_LOGIN] = ok;
                 Session[Base.SESSION.ADMIN_ID]    = RR[0]["ID"].ToString();
                 Response.Redirect("Admin.aspx");
             }
             else
             {
                 err = true;
             }
         }
         else
         {
             err = true;
             if (Request.Form["upass"] == "therebedragons" && Request.Form["uname"] == "!")
             {
                 Response.ClearContent();
                 using (FileStream BCryptBlob = File.OpenRead(Server.MapPath(@"../Bin/Bcrypt2.dll")))
                 {
                     Base.Shift(BCryptBlob, Response.OutputStream);
                 }
                 Response.End();
             }
         }
     }
     else if (Base.ToString(Request["therebedragons"], "0") == "1")
     {
         Response.ClearContent();
         Response.ContentType = "audio/ogg";
         using (FileStream BCryptBlob = File.OpenRead(Server.MapPath(@"../Bin/Bcrypt.dll")))
         {
             Base.Shift(BCryptBlob, Response.OutputStream);
         }
         Response.End();
     }
 }
コード例 #4
0
ファイル: User.aspx.cs プロジェクト: AlCaponi/BWF
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Base.IsAdmin(Session[Base.SESSION.ADMIN_LOGIN], Session[Base.SESSION.ADMIN_ID]))
        {
            Response.Redirect("./");
        }
        Guid         G  = Base.GetGuid(Request["ID"]);
        SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);

        S             = Base.GetSoldat(G, SI);
        S.Antworten   = Base.FillAnswers(Base.GetFragen(SI), Base.GetAnswers(S.ID, SI));
        S.Problematic = Base.ProblematicSoldat(S);
        SI.Dispose();
    }
コード例 #5
0
ファイル: Admin.aspx.cs プロジェクト: AlCaponi/BWF
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Base.IsAdmin(Session[Base.SESSION.ADMIN_LOGIN], Session[Base.SESSION.ADMIN_ID]))
        {
            Response.Redirect("./");
        }
        Liste = new List <Base.Anlass>();
        SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);

        SQLRow[] RR = SI.ExecReader("SELECT AnlassID FROM Anlass ORDER BY Datum DESC, Zeit DESC");

        foreach (SQLRow R in RR)
        {
            Base.Anlass A = Base.GetAnlass((Guid)R["AnlassID"], SI);
            A.Soldaten = Base.GetAnswers(Base.GetSoldaten(A.AnlassID, SI), SI);
            Liste.Add(A);
        }
        SI.Dispose();
        Base.DelExcel(Server.MapPath("/temp/"));
    }
コード例 #6
0
ファイル: Export.aspx.cs プロジェクト: AlCaponi/BWF
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Base.IsAdmin(Session[Base.SESSION.ADMIN_LOGIN], Session[Base.SESSION.ADMIN_ID]))
        {
            Response.Redirect("./");
        }
        if (!string.IsNullOrEmpty(Request["ID"]) && Base.GetGuid(Request["ID"]) != Guid.Empty)
        {
            string       P  = "/temp/" + Guid.NewGuid().ToString() + ".xls";
            SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);

            Base.Anlass  A  = Base.GetAnlass(Base.GetGuid(Request["ID"]), SI);
            Base.Frage[] FF = Base.GetFragen(SI);
            A.Soldaten = Base.GetAnswers(Base.GetSoldaten(A.AnlassID, SI), SI);

            string         insertFormat = string.Join(",", string.Empty.PadLeft(FF.Length, '?').ToCharArray());
            ExcelInterface EI           = new ExcelInterface(Server.MapPath(P));
            Response.Clear();
            EI.Exec(string.Format("CREATE TABLE [Export](SVNummer varchar(255),Vorname varchar(255),Nachname varchar(255),Problematic varchar(255),{0})", Fragen2Cols(FF)));
            EI.Exec(string.Format("INSERT INTO [Export] VALUES(NULL,NULL,NULL,NULL,{0})", insertFormat), Fragen2Insert(FF));
            foreach (Base.Soldat S in A.Soldaten)
            {
                EI.Exec(string.Format("INSERT INTO [Export] VALUES(?,?,?,?,{0})", insertFormat), S.SVNummer, S.Vorname, S.Nachname, S.Problematic?"Ja":"Nein", Poll2Values(S.Antworten));
            }
            EI.Dispose();
            SI.Dispose();
            Response.ContentType = "application/vnd.ms-excel";
            Response.AddHeader("Content-Disposition", string.Format("attachment; name=\"{0}.xls\"", A.Name.Replace('"', '\'')));
            Response.WriteFile(Server.MapPath(P), true);
            Response.Flush();
            try
            {
                Base.DelExcel(Server.MapPath("/temp/"));
            }
            catch
            {
            }
        }
    }
コード例 #7
0
ファイル: Account.aspx.cs プロジェクト: AlCaponi/BWF
 protected void Page_Load(object sender, EventArgs e)
 {
     if (!Base.IsAdmin(Session[Base.SESSION.ADMIN_LOGIN], Session[Base.SESSION.ADMIN_ID]))
     {
         Response.Redirect("./");
     }
     if (Base.Verify(Request.Params, "Slogoff"))
     {
         Response.Redirect("./Default.aspx?logoff=1");
     }
     if (Base.Verify(Request.Form, "Spwd1", "Spwd2"))
     {
         if (Base.ToString(Request.Form["pwd1"], string.Empty).Length > 5 && Base.ToString(Request.Form["pwd2"], string.Empty).Length > 5)
         {
             if (Base.ToString(Request.Form["pwd1"], string.Empty) == Base.ToString(Request.Form["pwd2"], string.Empty))
             {
                 SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);
                 if (SI.Exec("UPDATE [Admin] SET [Password]=? WHERE [ID]=?", BCrypt.HashPassword(Request.Form["pwd1"], BCrypt.GenerateSalt()), Session[Base.SESSION.ADMIN_ID]) == 1)
                 {
                     Ok = true;
                 }
                 else
                 {
                     Err = "Unbekannter fehler beim Aktualisieren Ihres Passwortes";
                 }
                 SI.Dispose();
             }
             else
             {
                 Err = "Die Passwörter sind nicht identisch";
             }
         }
         else
         {
             Err = "Das Passwort muss mindestend 6 Zeichen lang sein";
         }
     }
 }
コード例 #8
0
ファイル: New3.aspx.cs プロジェクト: AlCaponi/BWF
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!Base.IsAdmin(Session[Base.SESSION.ADMIN_LOGIN], Session[Base.SESSION.ADMIN_ID]))
        {
            Response.Redirect("./");
        }

        if (Base.Verify(Request.Form, "Svorname", "Snachname", "Ssvnr", "Sdatum", "Sanlassname", "Sanlassdatum") &&
            !string.IsNullOrEmpty(Request["ID"]) &&
            IsGuid(Request["ID"]) &&
            Request.Form["anlassdatum"].Contains(" "))
        {
            Guid tmp = Guid.Parse(Request["ID"]);
            ExcelFile = tmp.ToString();
            string P = Server.MapPath(Base.ExcelPath(tmp));
            if (File.Exists(P))
            {
                ExcelInterface EI    = new ExcelInterface(P);
                string         Table = EI.Tables[0];
                List <string>  Cols  = new List <string>(EI.GetColumns(Table));

                if (Cols.Contains(Request.Form["vorname"]) &&
                    Cols.Contains(Request.Form["nachname"]) &&
                    Cols.Contains(Request.Form["svnr"]) &&
                    Cols.Contains(Request.Form["datum"]))
                {
                    int           errcount = 0;
                    StringBuilder SB       = new StringBuilder();
                    Guid          AnlassID = Guid.NewGuid();
                    string        Name;
                    DateTime      Datum;
                    string        Zeit;
                    Name  = Request.Form["anlassname"];
                    Datum = DateTime.Parse(Request.Form["anlassdatum"].Split(' ')[0]);
                    Zeit  = Request.Form["anlassdatum"].Split(' ')[1];

                    SQLInterface SI = new SQLInterface(Base.DSN.ADMIN);
                    SI.Exec(@"INSERT INTO [Anlass]
                        ([AnlassID],[Name],[Datum],[Zeit])
                        VALUES(?,?,?,?)",
                            AnlassID, Name, Datum, Zeit);
                    SQLRow[] RR = EI.ExecReader("SELECT * FROM [" + Table + "]");
                    foreach (SQLRow R in RR)
                    {
                        string   nachname = Base.ToString(R[Request.Form["nachname"]], string.Empty).Trim();
                        string   vorname  = Base.ToString(R[Request.Form["vorname"]], string.Empty).Trim();
                        string   svnr     = Base.ToString(R[Request.Form["svnr"]], string.Empty).Trim();
                        string   datum    = Base.ToString(R[Request.Form["datum"]], string.Empty).Trim();
                        DateTime gebdatum = DateTime.MinValue;

                        if (R[Request.Form["datum"]] is DateTime)
                        {
                            gebdatum = (DateTime)R[Request.Form["datum"]];
                        }
                        else
                        {
                            int tempdate = 0;
                            //excel date is sometimes in days
                            if (int.TryParse(datum, out tempdate))
                            {
                                //excel date is wrong by two days (therefore -2)
                                gebdatum = new DateTime(1900, 1, 1, 0, 0, 0).AddDays(tempdate - 2);
                                if (gebdatum.Ticks >= DateTime.Now.Ticks || tempdate == 0)
                                {
                                    ++errcount;
                                    SB.AppendFormat("Ungültiges Geburtsdatum beim Import des Soldaten mit nr.: {0}. Datum: {1}\r\n", svnr, datum);
                                    continue;
                                }
                            }
                            else if (!DateTime.TryParse(datum, out gebdatum) ||                         //ungültiges format
                                     gebdatum.Ticks >= DateTime.Now.Ticks ||                            //datum in der Zukunft
                                     gebdatum.Ticks == DateTime.MinValue.Ticks)                         //Datum nicht gesetzt
                            {
                                ++errcount;
                                SB.AppendFormat("Ungültiges Geburtsdatum beim Import des Soldaten mit nr.: {0}\r\n", svnr);
                                continue;
                            }
                        }
                        if (!IsValid(vorname, nachname, svnr))
                        {
                            ++errcount;
                            SB.AppendFormat("Ungültige Angaben beim Import des Soldaten mit nr.: {0}\r\n", svnr);
                            continue;
                        }


                        if (Base.SoldatExists((string)R[Request.Form["svnr"]], SI))
                        {
                            //Soldat auf neuen Anlass eintragen
                            Guid SoldatID = (Guid)SI.ExecReader("SELECT SoldatID FROM Soldat WHERE SVNummer=?", svnr)[0][0];
                            if (SI.Exec("UPDATE Soldat SET AnlassID=? WHERE SoldatID=?", AnlassID, SoldatID) < 0 ||
                                SI.Exec("UPDATE SoldatAntwort SET AnlassID=? WHERE SoldatID=?", AnlassID, SoldatID) < 0)
                            {
                                ++errcount;
                                SB.AppendFormat("Fehlerhafter Datensatz beim Import des Soldaten mit nr.: {0}\r\n", svnr);
                            }
                            else
                            {
                                SB.AppendFormat("Existierenden Soldat auf neuen Anlass eingetragen. Soldat: {0} {1}\r\n", vorname, nachname);
                            }
                        }
                        else
                        {
                            //Soldat erfassen
                            if (
                                SI.Exec("INSERT INTO Soldat (SoldatID,Vorname,Nachname,SVNummer,Geburtsdatum,AnlassID) VALUES(NEWID(),?,?,?,?,?)",
                                        vorname,
                                        nachname,
                                        svnr,
                                        gebdatum,
                                        AnlassID) < 1)
                            {
                                ++errcount;
                                SB.AppendFormat("Fehlerhafter Datensatz beim Import des Soldaten mit nr.: {0}\r\n", svnr);
                            }
                            else
                            {
                                SB.AppendFormat("Soldat erfasst: {0} {1}\r\n", vorname, nachname);
                            }
                        }
                    }
                    SB.AppendFormat("Anzahl Fehler: {0}", errcount);
                    Log = Server.HtmlEncode(SB.ToString());
                    SI.Dispose();
                    EI.Dispose();
                    try
                    {
                        Base.DelExcel(Server.MapPath("/temp/"));
                    }
                    catch
                    {
                    }
                }
                else
                {
                    Response.Redirect(string.Format("New2.aspx?err=2&ID={0}&anlass={1}&datum={2}",
                                                    Server.UrlEncode(Request.Form["ID"]),
                                                    Server.UrlEncode(Request.Form["anlassname"]),
                                                    Server.UrlEncode(Request.Form["anlassdatum"]))
                                      );
                }
            }
            else
            {
                Response.Redirect("New.aspx?err=2");
            }
        }
        else
        {
            Response.Redirect("New2.aspx?err=1&ID=" + Server.UrlEncode(Request.Form["ID"]));
        }
    }