コード例 #1
0
        protected void GridView_RowDataBound(object sender, GridViewRowEventArgs e)
        {
            if ((e.Row.RowState & DataControlRowState.Edit) <= 0)
            {
                return;
            }

            var groupDropDown = (DropDownList)e.Row.FindControl("groupDropdown");

            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    string userId = userGrid.DataKeys[e.Row.RowIndex].Value.ToString();

                    var userIdCmd = new NpgsqlCommand
                    {
                        CommandText = "SELECT groupid FROM users WHERE userID= @USERID",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var userIdParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = userId
                    };
                    userIdCmd.Parameters.Add(userIdParam);

                    object groupId = userIdCmd.ExecuteScalar();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT groupid, groupname FROM groups",
                            conn);

                    using (NpgsqlDataReader dr = cmd.ExecuteReader())
                    {
                        groupDropDown.DataSource     = dr;
                        groupDropDown.DataValueField = "groupid";
                        groupDropDown.DataTextField  = "groupname";
                        groupDropDown.DataBind();
                        groupDropDown.Items.FindByValue(groupId.ToString()).Selected = true;
                    }
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #2
0
        protected void Load_Dropdown()
        {
            var footerDropDown = (DropDownList)userGrid.FooterRow.FindControl("groupDropdownFooter");

            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT groupid, groupname FROM groups",
                            conn);

                    using (NpgsqlDataReader dr = cmd.ExecuteReader())
                    {
                        footerDropDown.DataSource     = dr;
                        footerDropDown.DataValueField = "groupid";
                        footerDropDown.DataTextField  = "groupname";
                        footerDropDown.DataBind();
                    }
                }
            }

            // SQL exception.
            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #3
0
ファイル: FooEmailHelper.cs プロジェクト: katiposec/fooblog
        public static bool SendEmail(EmailObject mailObj)
        {
            try
            {
                string senderEmail = ConfigurationManager.AppSettings["SMTP FromAddress"];
                string smtpServer  = ConfigurationManager.AppSettings["SMTP Server"];
                string smtpPort    = ConfigurationManager.AppSettings["SMTP Port"];

                var mail   = new MailMessage(senderEmail, mailObj.ToAddress);
                var client = new SmtpClient
                {
                    Port                  = Convert.ToInt32(smtpPort),
                    DeliveryMethod        = SmtpDeliveryMethod.Network,
                    UseDefaultCredentials = false,
                    Host                  = smtpServer
                };
                mail.Subject    = mailObj.Subject;
                mail.Body       = mailObj.Body;
                mail.IsBodyHtml = true;
                client.Send(mail);
                return(true);
            }
            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }
コード例 #4
0
ファイル: Template.Master.cs プロジェクト: katiposec/fooblog
        protected void Load_Form()
        {
            searchText.Text = "";

            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT catid, catname FROM categories",
                            conn);

                    using (NpgsqlDataReader dr = cmd.ExecuteReader())
                    {
                        if (!dr.HasRows)
                        {
                            return;
                        }
                        catRepeater.DataSource = dr;
                        catRepeater.DataBind();
                    }
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
            }
        }
コード例 #5
0
        public static string MakeResetRequest(string userId, string token)
        {
            try
            {
                string resetId = FooStringHelper.RandomString(16);

                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "INSERT INTO Resets (resetId, userId, resetTime) VALUES (@RESETID, @USERID, @RESETTIME);",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var resetParam = new NpgsqlParameter
                    {
                        ParameterName = "@RESETID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = resetId
                    };
                    cmd.Parameters.Add(resetParam);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = FooCryptHelper.Encrypt(userId, token)
                    };
                    cmd.Parameters.Add(idParam);

                    var timeParam = new NpgsqlParameter
                    {
                        ParameterName = "@RESETTIME",
                        NpgsqlDbType  = NpgsqlDbType.Timestamp,
                        Direction     = ParameterDirection.Input,
                        Value         = DateTime.Now
                    };
                    cmd.Parameters.Add(timeParam);

                    cmd.ExecuteNonQuery();
                    cmd.Dispose();

                    return(resetId);
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(null);
            }
        }
コード例 #6
0
        protected void Load_Forms()
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT T1.userid, T1.username, T1.useralias, T1.email, T1.groupid, T2.groupid, T2.groupname FROM users AS T1 LEFT OUTER JOIN groups AS T2 ON T1.groupid = T2.groupid",
                            conn);

                    NpgsqlDataReader dr = cmd.ExecuteReader();

                    while (dr.Read())
                    {
                        if (dr.HasRows)
                        {
                            userGrid.DataSource = dr;
                            userGrid.DataBind();
                        }

                        else
                        {
                            var dt = new DataTable();
                            dt.Columns.Add("userid");
                            dt.Columns.Add("username");
                            dt.Columns.Add("useralias");
                            dt.Columns.Add("email");
                            dt.Columns.Add("groupname");
                            DataRow row = dt.NewRow();
                            row["userid"]    = "null";
                            row["username"]  = "******";
                            row["useralias"] = "null";
                            row["email"]     = "null";
                            row["groupname"] = "null";
                            dt.Rows.Add(row);

                            userGrid.DataSource = dt;
                            userGrid.DataBind();

                            userGrid.Rows[0].Visible = false;
                            userGrid.Rows[0].Controls.Clear();
                        }
                    }

                    dr.Close();
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #7
0
        public static bool DoLogin(string username, string pass)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "SELECT passwordhash FROM users WHERE username= @USERNAME",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var nameParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERNAME",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = username
                    };
                    cmd.Parameters.Add(nameParam);

                    NpgsqlDataReader dr = cmd.ExecuteReader();

                    string result = string.Empty;

                    while (dr.Read())
                    {
                        result = dr["passwordhash"].ToString();
                    }

                    dr.Close();

                    if (!string.IsNullOrEmpty(result))
                    {
                        string hash = FooCryptHelper.CreateShaHash(pass);
                        if (hash == result)
                        {
                            return(true);
                        }
                    }

                    return(false);
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }
コード例 #8
0
        protected void ReviewGrid_Delete(object sender, GridViewDeleteEventArgs e)
        {
            string merchId = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString());

            if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
            {
                errorLabel.Text = "Invalid request.";
                Reset_Page(string.Empty);
                return;
            }

            try
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    using (var conn = new NpgsqlConnection())
                    {
                        conn.ConnectionString =
                            ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                        conn.Open();

                        var cmd = new NpgsqlCommand
                        {
                            CommandText = "DELETE FROM reviews WHERE reviewid= @REVIEWID",
                            CommandType = CommandType.Text,
                            Connection  = conn
                        };

                        var param = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         =
                                FooStringHelper.RemoveInvalidChars(
                                    reviewGrid.DataKeys[e.RowIndex].Values[0].ToString())
                        };
                        cmd.Parameters.Add(param);

                        cmd.ExecuteNonQuery();
                    }
                }

                else
                {
                    errorLabel.Text = "Invalid request.";
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }

            Reset_Page(merchId);
        }
コード例 #9
0
 protected void GridView_Cancel(object sender, GridViewCancelEditEventArgs e)
 {
     try
     {
         Reset_Page();
     }
     catch (Exception ex)
     {
         FooLogging.WriteLog(ex.ToString());
         errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
     }
 }
コード例 #10
0
 public static string DateTimeToString(DateTime input)
 {
     try
     {
         return(input.ToString("d/M/yyyy @ h:mmtt"));
     }
     catch (Exception ex)
     {
         FooLogging.WriteLog(ex.ToString());
         return(string.Empty);
     }
 }
コード例 #11
0
 protected void CategoryGrid_Cancel(object sender, GridViewCancelEditEventArgs e)
 {
     try
     {
         Reset_Page(Convert.ToInt32(postView.SelectedValue));
     }
     catch (Exception ex)
     {
         FooLogging.WriteLog(ex.ToString());
         errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
     }
 }
コード例 #12
0
        // ENCRYPTION OPERTAIONS.

        public static string Encrypt(string plaintext, string key)
        {
            try
            {
                return(SimpleEncryptWithPassword(plaintext, key));
            }
            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(null);
            }
        }
コード例 #13
0
 protected void CategoryGrid_Edit(object sender, GridViewEditEventArgs e)
 {
     try
     {
         categoryGrid.EditIndex = e.NewEditIndex;
         Load_Forms(Convert.ToInt32(postView.SelectedValue));
     }
     catch (Exception ex)
     {
         FooLogging.WriteLog(ex.ToString());
         errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
     }
 }
コード例 #14
0
        protected void Load_Forms(string userId)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT userid, useralias, city, country, profileimg, profilebody FROM users WHERE userid= @USERID",
                            conn);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = userId
                    };
                    cmd.Parameters.Add(idParam);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    if (ds.Tables[0].Rows.Count == 0)
                    {
                        errorLabel.Text = "Invalid user.";
                    }

                    else
                    {
                        userList.DataSource = ds;
                        userList.DataBind();
                        errorLabel.Text = "";
                    }
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text =
                    "Something has gone wrong. A log has been forwarded to the site administrator. Error:<br/>" + ex;
            }
        }
コード例 #15
0
 public static string Decrypt(string encrypted, string key)
 {
     try
     {
         byte[] encryptedArray = Convert.FromBase64String(encrypted);
         byte[] decryptedArray = SimpleDecryptWithPassword(encryptedArray, key);
         return(Encoding.UTF8.GetString(decryptedArray));
     }
     catch (Exception ex)
     {
         FooLogging.WriteLog(ex.ToString());
         return(null);
     }
 }
コード例 #16
0
ファイル: do_reset.aspx.cs プロジェクト: katiposec/fooblog
        public static bool UpdatePassword(string id, string pass)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "UPDATE Users SET (passwordhash) = (@PASSWORDHASH) WHERE userid= @USERID;",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = id
                    };
                    cmd.Parameters.Add(idParam);

                    var hashParam = new NpgsqlParameter
                    {
                        ParameterName = "@PASSWORDHASH",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = FooCryptHelper.CreateShaHash(pass)
                    };
                    cmd.Parameters.Add(hashParam);

                    cmd.ExecuteNonQuery();
                    cmd.Dispose();
                }

                return(true);
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }
コード例 #17
0
 protected void GridView_Edit(object sender, GridViewEditEventArgs e)
 {
     try
     {
         userGrid.EditIndex = e.NewEditIndex;
         Load_Forms();
         Load_Dropdown();
     }
     catch (Exception ex)
     {
         FooLogging.WriteLog(ex.ToString());
         errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
     }
 }
コード例 #18
0
        protected void Load_Forms()
        {
            string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;

            if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
            {
                errorLabel.Text = "Invalid request.";
                return;
            }

            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT userid, useralias, email, address, city, country, profilebody, profileimg FROM users WHERE userid= @USERID",
                            conn);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = FooStringHelper.RemoveInvalidChars(userId)
                    };
                    cmd.Parameters.Add(idParam);

                    using (NpgsqlDataReader dr = cmd.ExecuteReader())
                    {
                        userView.DataSource = dr;
                        userView.DataBind();
                    }
                }

                errorLabel.Text = "";
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #19
0
ファイル: do_reset.aspx.cs プロジェクト: katiposec/fooblog
        public static string GetAccountForReset(string resetId, string token)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "SELECT userid FROM resets WHERE resetid= @RESETID",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@RESETID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = resetId
                    };
                    cmd.Parameters.Add(idParam);

                    NpgsqlDataReader dr = cmd.ExecuteReader();

                    string result = String.Empty;

                    while (dr.Read())
                    {
                        result = dr["userid"].ToString();
                    }

                    dr.Close();

                    return(!String.IsNullOrEmpty(result) ? FooCryptHelper.Decrypt(result, token) : null);
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(null);
            }
        }
コード例 #20
0
ファイル: register.aspx.cs プロジェクト: katiposec/fooblog
        public static bool CheckIfUsernameExists(string username)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "SELECT username FROM users WHERE username= @USERNAME",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var nameParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERNAME",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = username
                    };
                    cmd.Parameters.Add(nameParam);

                    NpgsqlDataReader dr = cmd.ExecuteReader();

                    string result = String.Empty;

                    while (dr.Read())
                    {
                        result = dr["username"].ToString();
                    }

                    dr.Close();

                    return(!String.IsNullOrEmpty(result));
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }
コード例 #21
0
        protected void PostGrid_SelectedIndexChanged(object sender, EventArgs e)
        {
            try
            {
                int postId = Convert.ToInt32(postGrid.Rows[postGrid.SelectedIndex].Cells[0].Text);

                Load_Forms(postId);
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #22
0
ファイル: FooEmailHelper.cs プロジェクト: katiposec/fooblog
        public static string GetEmailForAccount(string userId)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "SELECT email FROM users WHERE userid= @USERID",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = userId
                    };
                    cmd.Parameters.Add(idParam);

                    NpgsqlDataReader dr = cmd.ExecuteReader();

                    string result = String.Empty;

                    while (dr.Read())
                    {
                        result = dr["email"].ToString();
                    }

                    dr.Close();

                    return(!String.IsNullOrEmpty(result) ? result : null);
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(null);
            }
        }
コード例 #23
0
        protected void PostView_ItemDeleting(object sender, DetailsViewDeleteEventArgs e)
        {
            try
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    using (var conn = new NpgsqlConnection())
                    {
                        conn.ConnectionString =
                            ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                        conn.Open();

                        var cmd = new NpgsqlCommand
                        {
                            CommandText = "DELETE FROM posts WHERE postid= @POSTID",
                            CommandType = CommandType.Text,
                            Connection  = conn
                        };

                        var param = new NpgsqlParameter
                        {
                            ParameterName = "@POSTID",
                            NpgsqlDbType  = NpgsqlDbType.Integer,
                            Size          = 8,
                            Direction     = ParameterDirection.Input,
                            Value         = Convert.ToInt32(postView.SelectedValue)
                        };
                        cmd.Parameters.Add(param);

                        cmd.ExecuteNonQuery();
                    }
                }

                else
                {
                    errorLabel.Text = "Invalid request.";
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }

            Reset_Page(-1);
        }
コード例 #24
0
        protected void Load_Form()
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT T1.postid, T1.posttime, T1.catid, T1.posttitle, T1.postbrief, T1.postenabled, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T1.postenabled= true ORDER BY T1.posttime",
                            conn);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    if (ds.Tables[0].Rows.Count == 0)
                    {
                        errorLabel.Text = "There are no posts.";
                    }

                    else
                    {
                        postList.DataSource = ds;
                        postList.DataBind();
                        errorLabel.Text = "";
                    }
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #25
0
ファイル: merchandise.aspx.cs プロジェクト: katiposec/fooblog
        protected void Load_Form()
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT merchid, merchname, merchprice, merchbrief FROM merchandise WHERE merchenabled= true ORDER BY merchname",
                            conn);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    if (ds.Tables[0].Rows.Count == 0)
                    {
                        errorLabel.Text = "There are no items.";
                    }

                    else
                    {
                        merchList.DataSource = ds;
                        merchList.DataBind();
                        errorLabel.Text = "";
                    }
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #26
0
        protected void MerchGrid_SelectedIndexChanged(object sender, EventArgs e)
        {
            try
            {
                string merchId = merchGrid.Rows[merchGrid.SelectedIndex].Cells[0].Text;

                if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
                {
                    errorLabel.Text = "Invalid request.";
                    Reset_Page(string.Empty);
                    return;
                }

                Load_Forms(merchId);
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #27
0
        protected void Load_Forms(string catId)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT catname FROM categories WHERE catid= @CATID ORDER BY catname",
                            conn);

                    var catParam = new NpgsqlParameter
                    {
                        ParameterName = "@CATID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = catId
                    };
                    cmd.Parameters.Add(catParam);

                    object catName = cmd.ExecuteScalar();

                    if (catName != null)
                    {
                        catLabel.Text = catName.ToString();
                    }
                }

                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT T1.postid, T1.posttime, T1.catid AS queryid, T1.posttitle, T1.postbrief, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T2.catid= @CATID AND postenabled= true ORDER BY T1.posttime",
                            conn);

                    var catParam = new NpgsqlParameter
                    {
                        ParameterName = "@CATID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = catId
                    };
                    cmd.Parameters.Add(catParam);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    if (ds.Tables[0].Rows.Count == 0)
                    {
                        errorLabel.Text = "Empty category.";
                    }

                    else
                    {
                        postList.DataSource = ds;
                        postList.DataBind();
                        errorLabel.Text = "";
                    }
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #28
0
        protected void submitButton_Click(object sender, EventArgs e)
        {
            string reviewBody = reviewText.Text;
            string userId     = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
            string merchId    = Request.QueryString["id"];

            if (string.IsNullOrEmpty(reviewBody))
            {
                RequestToken.Value    = FooSessionHelper.SetToken(HttpContext.Current);
                reviewErrorLabel.Text = "Incomplete input.";
                return;
            }

            if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
            {
                RequestToken.Value    = FooSessionHelper.SetToken(HttpContext.Current);
                reviewErrorLabel.Text = "Invalid input.";
                return;
            }

            try
            {
                if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
                {
                    using (var conn = new NpgsqlConnection())
                    {
                        conn.ConnectionString =
                            ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                        conn.Open();

                        var cmd = new NpgsqlCommand
                        {
                            CommandText =
                                "INSERT INTO reviews(reviewid, reviewtime, userid, merchid, reviewbody) VALUES (@REVIEWID, @REVIEWTIME, @USERID, @MERCHID, @REVIEWBODY)",
                            CommandType = CommandType.Text,
                            Connection  = conn
                        };

                        var idParam = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         = FooStringHelper.RandomString(16)
                        };
                        cmd.Parameters.Add(idParam);

                        var timeParam = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWTIME",
                            NpgsqlDbType  = NpgsqlDbType.Timestamp,
                            Size          = 32,
                            Direction     = ParameterDirection.Input,
                            Value         = DateTime.Now
                        };
                        cmd.Parameters.Add(timeParam);

                        var userParam = new NpgsqlParameter
                        {
                            ParameterName = "@USERID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         = FooStringHelper.RemoveInvalidChars(userId)
                        };
                        cmd.Parameters.Add(userParam);

                        var merchParam = new NpgsqlParameter
                        {
                            ParameterName = "@MERCHID",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 16,
                            Direction     = ParameterDirection.Input,
                            Value         = merchId
                        };
                        cmd.Parameters.Add(merchParam);

                        var bodyParam = new NpgsqlParameter
                        {
                            ParameterName = "@REVIEWBODY",
                            NpgsqlDbType  = NpgsqlDbType.Varchar,
                            Size          = 1024,
                            Direction     = ParameterDirection.Input,
                            Value         = reviewBody
                        };
                        cmd.Parameters.Add(bodyParam);

                        cmd.ExecuteNonQuery();
                        cmd.Dispose();

                        reviewErrorLabel.Text = "";
                        reviewText.Text       = "";
                    }
                }

                else
                {
                    errorLabel.Text = "Invalid request.";
                }
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                reviewErrorLabel.Text =
                    "Something has gone wrong. A log has been forwarded to the site administrator.";
            }

            RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
            Load_Forms(merchId);
        }
コード例 #29
0
        protected void Load_Forms(string merchId)
        {
            try
            {
                bool isValidItem = false;

                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT merchid, merchname, merchprice, merchimg, merchbody FROM merchandise WHERE merchenabled= true AND merchid= @MERCHID LIMIT 1",
                            conn);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@MERCHID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = merchId
                    };
                    cmd.Parameters.Add(idParam);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    if (ds.Tables[0].Rows.Count == 0)
                    {
                        errorLabel.Text = "Invalid item.";
                    }

                    else
                    {
                        merchList.DataSource = ds;
                        merchList.DataBind();
                        errorLabel.Text = "";
                        isValidItem     = true;
                    }
                }

                if (!isValidItem)
                {
                    return;
                }

                using (var conn = new NpgsqlConnection())
                {
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();

                    var cmd =
                        new NpgsqlCommand(
                            "SELECT T1.reviewid, T1.reviewtime, T1.reviewbody, T1.merchid, T2.userid, T2.useralias, T2.profileimg FROM reviews AS T1 LEFT OUTER JOIN users AS T2 ON T1.userid = T2.userid WHERE T1.merchid= @MERCHID",
                            conn);

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@MERCHID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = merchId
                    };
                    cmd.Parameters.Add(idParam);

                    var da = new NpgsqlDataAdapter(cmd);
                    var ds = new DataSet();
                    da.Fill(ds);

                    if (ds.Tables[0].Rows.Count == 0)
                    {
                        reviewLabel.Text = "No reviews.";
                    }

                    else
                    {
                        reviewList.DataSource = ds;
                        reviewList.DataBind();
                        reviewLabel.Text = "";
                    }
                }

                if (!User.Identity.IsAuthenticated)
                {
                    reviewText.Visible    = false;
                    submitButton.Visible  = false;
                    reviewErrorLabel.Text = "You must be logged in to leave a review.";
                }

                reviewPanel.Visible = true;
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
            }
        }
コード例 #30
0
ファイル: register.aspx.cs プロジェクト: katiposec/fooblog
        public static bool RegisterNewUser(string id, string alias, string email, string address, string city,
                                           string country,
                                           string username, string pass, string groupId)
        {
            try
            {
                using (var conn = new NpgsqlConnection())
                {
                    // App-DB connection.
                    conn.ConnectionString =
                        ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
                    conn.Open();
                    var cmd = new NpgsqlCommand
                    {
                        CommandText =
                            "INSERT INTO Users (userId, userName, userAlias, passwordHash, groupId, email, address, city, country, profileimg) VALUES (@USERID, @USERNAME, @USERALIAS, @PASSWORDHASH, @GROUPID, @EMAIL, @ADDRESS, @CITY, @COUNTRY, 'profile_default.jpg');",
                        CommandType = CommandType.Text,
                        Connection  = conn
                    };

                    var idParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 16,
                        Direction     = ParameterDirection.Input,
                        Value         = id
                    };
                    cmd.Parameters.Add(idParam);

                    var nameParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERNAME",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = username
                    };
                    cmd.Parameters.Add(nameParam);

                    var aliasParam = new NpgsqlParameter
                    {
                        ParameterName = "@USERALIAS",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = alias
                    };
                    cmd.Parameters.Add(aliasParam);

                    var hashParam = new NpgsqlParameter
                    {
                        ParameterName = "@PASSWORDHASH",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = FooCryptHelper.CreateShaHash(pass)
                    };
                    cmd.Parameters.Add(hashParam);

                    var groupParam = new NpgsqlParameter
                    {
                        ParameterName = "@GROUPID",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Direction     = ParameterDirection.Input,
                        Value         = groupId
                    };
                    cmd.Parameters.Add(groupParam);

                    var emailParam = new NpgsqlParameter
                    {
                        ParameterName = "@EMAIL",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 64,
                        Direction     = ParameterDirection.Input,
                        Value         = email
                    };
                    cmd.Parameters.Add(emailParam);

                    var addressParam = new NpgsqlParameter
                    {
                        ParameterName = "@ADDRESS",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 128,
                        Direction     = ParameterDirection.Input,
                        Value         = address
                    };
                    cmd.Parameters.Add(addressParam);

                    var cityParam = new NpgsqlParameter
                    {
                        ParameterName = "@CITY",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = city
                    };
                    cmd.Parameters.Add(cityParam);

                    var countryParam = new NpgsqlParameter
                    {
                        ParameterName = "@COUNTRY",
                        NpgsqlDbType  = NpgsqlDbType.Varchar,
                        Size          = 32,
                        Direction     = ParameterDirection.Input,
                        Value         = country
                    };
                    cmd.Parameters.Add(countryParam);

                    cmd.ExecuteNonQuery();
                    cmd.Dispose();
                }

                return(true);
            }

            catch (Exception ex)
            {
                FooLogging.WriteLog(ex.ToString());
                return(false);
            }
        }