コード例 #1
0
        public JsonResult HandleRecieveOrder(ManagerForm form)
        {
            var success = false;
            var reason  = "unknown";

            Order order = JsonSerializer.Deserialize <Order>(form.Data);

            try
            {
                var handler = new ConnectionHandler();
                using (MySqlConnection connection = handler.Connection)
                {
                    string sql = "UPDATE Orders SET dateRecieved=@DATERECIEVED WHERE orderId=@ORDERID";

                    MySqlCommand cmd = new MySqlCommand(sql, connection);

                    cmd.Parameters.AddWithValue("@DATERECIEVED", order.DateRecieved);
                    cmd.Parameters.AddWithValue("@ORDERID", order.OrderId);
                    cmd.ExecuteNonQuery();

                    success = true;
                }
            }
            catch (Exception ex)
            {
                success = false;
                reason  = "unknown";
                Console.WriteLine(ex);
            }
            if (success)
            {
                reason = "none";
            }

            return(new JsonResult($"{{\"success\":\"{success}\"," +
                                  $"\"reason\":\"{reason}\"}}", new System.Text.Json.JsonSerializerOptions()));
        }
コード例 #2
0
        public JsonResult HandleAddBook(EmployeeForm eform)
        {
            var success = false;
            var reason  = "unknown";

            Console.WriteLine(eform.Data);


            BookForm form = JsonSerializer.Deserialize <BookForm>(eform.Data);

            try
            {
                var absoluteImagePath = Path.GetFullPath(".") + "\\wwwroot\\images\\" + form.ImageName;
                var imageBase64       = form.Image.Replace("data:image/jpeg;base64,", "");


                var handler = new ConnectionHandler();
                using (MySqlConnection connection = handler.Connection)
                {
                    string sql = "SELECT * FROM Books WHERE ISBN=@ISBN";

                    MySqlCommand cmd = new MySqlCommand(sql, connection);
                    cmd.Parameters.AddWithValue("@ISBN", form.ISBN);

                    var hasBookAlready = false;

                    using (MySqlDataReader rdr = cmd.ExecuteReader())
                    {
                        if (rdr.Read())
                        {
                            hasBookAlready = true;
                        }
                    }

                    if (!hasBookAlready)
                    {
                        cmd.CommandText = "INSERT INTO Books(ISBN,title,genre,author,summary,imagePath) VALUES (@ISBN,@TITLE,@GENRE,@AUTHOR,@SUMMARY,@IMAGEPATH)";
                        cmd.Parameters.AddWithValue("@TITLE", form.Title);
                        cmd.Parameters.AddWithValue("@GENRE", form.Genre);
                        cmd.Parameters.AddWithValue("@AUTHOR", form.Author);
                        cmd.Parameters.AddWithValue("@SUMMARY", form.Summary);
                        cmd.Parameters.AddWithValue("@IMAGEPATH", form.ImageName);
                        cmd.ExecuteNonQuery();

                        System.IO.File.WriteAllBytes(absoluteImagePath, Convert.FromBase64String(imageBase64));
                        success = true;
                    }
                    else
                    {
                        reason = "bookExists";
                    }
                }
            }
            catch (Exception ex)
            {
                success = false;
                Console.WriteLine(ex);
            }
            if (success)
            {
                reason = "none";
            }

            return(new JsonResult($"{{\"success\":\"{success}\"," +
                                  $"\"reason\":\"{reason}\"}}", new System.Text.Json.JsonSerializerOptions()));
        }
コード例 #3
0
        public JsonResult HandleCheckout([FromBody] EmployeeForm eform)
        {
            var success = false;
            var reason  = "unknown";

            Console.WriteLine(eform.Data);

            CheckoutForm form = JsonSerializer.Deserialize <CheckoutForm>(eform.Data);

            Console.WriteLine(form.BookId);
            Console.WriteLine(form.Username);

            try
            {
                var handler = new ConnectionHandler();
                using (MySqlConnection connection = handler.Connection)
                {
                    MySqlTransaction trans = connection.BeginTransaction();

                    string       sql = "SELECT userId FROM Users WHERE username=@USERNAME";
                    MySqlCommand cmd = new MySqlCommand(sql, connection);
                    cmd.Transaction = trans;

                    cmd.Parameters.AddWithValue("@USERNAME", form.Username);
                    MySqlDataReader rdr = cmd.ExecuteReader();

                    // if the username exists
                    if (rdr.Read())
                    {
                        int userId = (int)rdr[0];
                        rdr.Close();

                        cmd.CommandText = "SELECT * FROM BookHistory WHERE userId=@USERID AND dateReturned IS NULL";
                        cmd.Parameters.AddWithValue("@USERID", userId);
                        rdr = cmd.ExecuteReader();

                        // User does not have a book already checkedout
                        if (!rdr.Read())
                        {
                            rdr.Close();

                            cmd.CommandText = "SELECT availability FROM BookDetails WHERE bookId=@BOOKID";
                            cmd.Parameters.AddWithValue("@BOOKID", form.BookId);
                            rdr = cmd.ExecuteReader();

                            if (rdr.Read())
                            {
                                if (rdr[0].ToString() == "available")
                                {
                                    rdr.Close();
                                    cmd.CommandText = "INSERT INTO BookHistory(userId, bookId, dateCheckout) VALUES (@USERID, @BOOKID, CURDATE())";
                                    cmd.ExecuteNonQuery();
                                    cmd.CommandText = "UPDATE BookDetails SET availability='checkedout' WHERE bookId=@BOOKID";
                                    cmd.ExecuteNonQuery();
                                    trans.Commit();
                                    success = true;
                                }
                                else if (rdr[0].ToString() == "reserved")
                                {
                                    rdr.Close();
                                    cmd.CommandText = "SELECT userId FROM Reservations WHERE bookId=@BOOKID";
                                    rdr             = cmd.ExecuteReader();
                                    if (rdr.Read())
                                    {
                                        if ((int)rdr[0] == userId)
                                        {
                                            rdr.Close();
                                            cmd.CommandText = "INSERT INTO BookHistory(userId, bookId, dateCheckout) VALUES (@USERID, @BOOKID, CURDATE())";
                                            cmd.ExecuteNonQuery();
                                            cmd.CommandText = "UPDATE BookDetails SET availability='checkedout' WHERE bookId=@BOOKID";
                                            cmd.ExecuteNonQuery();
                                            cmd.CommandText = "DELETE FROM Reservations WHERE bookId=@BOOKID";
                                            cmd.ExecuteNonQuery();
                                            trans.Commit();
                                            success = true;
                                        }
                                        else
                                        {
                                            rdr.Close();
                                            reason = "reserved";
                                        }
                                    }
                                    else
                                    {
                                        // INTERNAL PROBLEM - Book is reserved but there is no row in Reservations
                                        reason = "unknown";
                                    }
                                }
                                else
                                {
                                    rdr.Close();
                                    reason = "unavailable";
                                }
                            }
                            else
                            {
                                rdr.Close();
                                reason = "badBookId";
                            }
                        }
                        else
                        {
                            rdr.Close();
                            reason = "multipleCheckout";
                        }
                    }
                    else
                    {
                        rdr.Close();
                        reason = "badUsername";
                    }
                }
            }
            catch (Exception ex)
            {
                success = false;
                Console.WriteLine(ex);
            }
            if (success)
            {
                reason = "none";
            }

            return(new JsonResult($"{{\"success\":\"{success}\"," +
                                  $"\"reason\":\"{reason}\"}}", new System.Text.Json.JsonSerializerOptions()));
        }
コード例 #4
0
        public void OnGet(string isbn)
        {
            if (isbn == null)
            {
                ISBN = "0000000000000";
            }
            else
            {
                ISBN = isbn;
            }

            Console.WriteLine("ITEM Page ISBN=" + isbn);

            try
            {
                var             handler    = new ConnectionHandler();
                MySqlConnection connection = handler.Connection;
                string          sql        = "SELECT * FROM Books WHERE ISBN=@ISBN";
                MySqlCommand    cmd        = new MySqlCommand(sql, connection);
                cmd.Parameters.AddWithValue("@ISBN", ISBN);
                using (MySqlDataReader rdr = cmd.ExecuteReader())
                {
                    if (rdr.Read())
                    {
                        //this.ISBN = (string) rdr[0];
                        Title   = (string)rdr[1];
                        Genre   = (string)rdr[2];
                        Author  = (string)rdr[3];
                        Summary = (string)rdr[4];
                        //DatePublished = (DateTime)rdr[5];
                        ImagePath = (string)rdr[6];
                    }
                }

                Console.WriteLine("ITEM Page ImagePath=" + ImagePath);

                cmd.CommandText = "SELECT reviewText, username, rating " +
                                  "FROM UserReviews " +
                                  "INNER JOIN Users " +
                                  "ON UserReviews.userId=Users.userId AND ISBN=@ISBN";

                using (MySqlDataReader rdr = cmd.ExecuteReader())
                {
                    while (rdr.Read())
                    {
                        Review review = new Review((string)rdr[0], (string)rdr[1], (int)rdr[2]);
                        Reviews.Add(review);
                    }
                }
                cmd.CommandText = "SELECT * FROM BookDetails WHERE ISBN=@ISBN AND availability='available'";

                using (MySqlDataReader rdr = cmd.ExecuteReader())
                {
                    if (rdr.HasRows)
                    {
                        HasAvailableCopies = true;
                    }
                    else
                    {
                        HasAvailableCopies = false;
                    }
                }

                cmd.CommandText = "SELECT * FROM Reservations WHERE userId=@USERID";
                cmd.Parameters.AddWithValue("@USERID", HttpContext.Session.GetString("userId"));

                using (MySqlDataReader rdr = cmd.ExecuteReader())
                {
                    if (rdr.HasRows)
                    {
                        HasBookReserved = true;
                    }
                    else
                    {
                        HasBookReserved = false;
                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex);
            }
        }
コード例 #5
0
        public JsonResult OnPost([FromBody] RegistrationForm form)
        {
            var hasBadField  = false;
            var hasDifPass   = false;
            var isUnameTaken = false;
            var errorMessage = "";
            var success      = false;

            try
            {
                if (form.FirstName == null || form.LastName == null || form.Username == null ||
                    form.Password1 == null || form.Password2 == null || form.Address == null ||
                    form.City == null || form.State == null || form.Zip == null || form.Phone == null)
                {
                    hasBadField = true;
                }

                // these should be validated client side as well
                if (form.Username.Length < 6 || form.Zip.Length != 5 || form.Phone.Length != 10 ||
                    form.Address.Length < 2 || form.State.Length != 2 || form.City.Length < 2 ||
                    form.FirstName.Length < 1 || form.LastName.Length < 1)
                {
                    hasBadField = true;
                }

                if (form.Password1 != form.Password2 || form.Password1.Length < 6)
                {
                    hasDifPass = true;
                }

                var          handler         = new ConnectionHandler();
                string       sql             = "SELECT * FROM Users WHERE username=@USERNAME";
                MySqlCommand select_username = new MySqlCommand(sql, handler.Connection);
                select_username.Parameters.AddWithValue("@USERNAME", form.Username);

                using (MySqlDataReader rdr = select_username.ExecuteReader())
                {
                    if (rdr.Read())
                    {
                        isUnameTaken = true;
                    }
                }

                if (!isUnameTaken && !hasBadField && !hasDifPass)
                {
                    using (MySqlTransaction trans = handler.Connection.BeginTransaction())
                    {
                        Console.WriteLine("Register: No Error in fields");
                        // create a random salt to hash the password with to
                        // guard against rainbow tables and other site breaches
                        var    rand                = new Random((int)Stopwatch.GetTimestamp());
                        SHA256 hash                = SHA256.Create();
                        var    saltBytes           = hash.ComputeHash(Encoding.ASCII.GetBytes(form.Username + rand.Next().ToString()));
                        var    salt                = Encoding.ASCII.GetString(saltBytes);
                        var    hashedPasswordBytes = hash.ComputeHash(Encoding.ASCII.GetBytes(form.Password1 + salt));
                        var    hashedPassword      = Encoding.ASCII.GetString(hashedPasswordBytes);

                        sql = "INSERT INTO Users(username,password,salt,accountType,"
                              + "firstName,lastName,address,city,zip,state,phone) " +
                              "VALUES (@USERNAME, @PASSWORD, @SALT, 'user', "
                              + "@FIRSTNAME, @LASTNAME, @ADDRESS, @CITY, @ZIP, @STATE, @PHONE)";

                        MySqlCommand insert_user = new MySqlCommand(sql, trans.Connection);

                        insert_user.Parameters.AddWithValue("@USERNAME", form.Username);
                        insert_user.Parameters.AddWithValue("@PASSWORD", hashedPassword);
                        insert_user.Parameters.AddWithValue("@SALT", salt);
                        insert_user.Parameters.AddWithValue("@FIRSTNAME", form.FirstName);
                        insert_user.Parameters.AddWithValue("@LASTNAME", form.LastName);
                        insert_user.Parameters.AddWithValue("@ADDRESS", form.Address);
                        insert_user.Parameters.AddWithValue("@CITY", form.City);
                        insert_user.Parameters.AddWithValue("@ZIP", form.Zip);
                        insert_user.Parameters.AddWithValue("@STATE", form.State);
                        insert_user.Parameters.AddWithValue("@PHONE", form.Phone);
                        insert_user.ExecuteNonQuery();
                        trans.Commit();
                        success = true;
                    }
                }
            }
            catch (Exception ex)
            {
                errorMessage = ex.ToString();
                success      = false;
                Console.WriteLine(ex);
            }

            return(new JsonResult($"{{\"hasBadField\":\"{hasBadField}\","
                                  + $"\"hasDifferentPasswords\":\"{hasDifPass}\","
                                  + $"\"isUsernameTaken\":\"{isUnameTaken}\","
                                  + $"\"success\":\"{success}\"}}", new System.Text.Json.JsonSerializerOptions()));
        }