public HttpResponseMessage Put(int id, [FromBody] Series com) { MySqlConnection conn = new MySqlConnection(ConnnectData.connectionString); var res = Request.CreateResponse(HttpStatusCode.OK); conn.Open(); int id_user = Convert.ToInt32(Thread.CurrentPrincipal.Identity.Name); string sql = "select t0.level from t_user t0 join t_series t1 on t0.id = t1.user_creat or t0.id=t1.user_update or t0.level >= 7" + " where t0.id ='" + id_user + "' and t1.id = '" + id + "'"; MySqlCommand cmd = new MySqlCommand(sql, conn); MySqlDataAdapter adap = new MySqlDataAdapter(cmd); DataSet ds = new DataSet(); adap.Fill(ds); Tag t = new Tag(); if (ds.Tables[0].Rows.Count > 0) { int level = Convert.ToInt32(ds.Tables[0].Rows[0]["level"].ToString()); try { int cc = 0; sql = "select status,warning,id from t_series where status=0 and name='" + com.name + "'"; cmd = new MySqlCommand(sql, conn); adap = new MySqlDataAdapter(cmd); ds = new DataSet(); adap.Fill(ds); int warning = 0; if (ds.Tables[0].Rows.Count > 0) { if ((Convert.ToInt32(ds.Tables[0].Rows[0]["id"].ToString()) != id)) { return(res = Request.CreateResponse(HttpStatusCode.NotModified, com)); } else { cc = 1; } warning = Convert.ToInt32(ds.Tables[0].Rows[0]["warning"].ToString()); } else { cc = 1; } if (cc == 1) { UsingFunction.update_list_tag(com.id, com.list_tag.ToList(), 1, id_user); UsingFunction.update_list_catalog(com.id, com.list_cata.ToList(), 1, id_user); UsingFunction.update_list_actor(com.id, com.list_actor.ToList(), 1, id_user); if (level >= 7) { warning = com.warning; } sql = " update t_series set name=N'" + com.name + "',content=N'" + MySqlHelper.EscapeString(com.content) + "',count_movie = 0,year_str='" + com.year_str + "',year_end='" + com.year_end + "'" + ",warning='" + warning + "',id_company='" + com.company.id + "'" + ",status=0,updatetime='" + DateTime.Now.ToString("yyyy/MM/dd") + "',user_update='" + id_user + "'" + "where id='" + id + "' "; cmd = new MySqlCommand(sql, conn); int i = cmd.ExecuteNonQuery(); com.creattime = DateTime.Now; com.user_creat = id_user; res = Request.CreateResponse(HttpStatusCode.OK, com); if (warning != com.warning) { MySqlCommand cmd2 = conn.CreateCommand(); MySqlTransaction myTrans; myTrans = conn.BeginTransaction(); cmd2.Connection = conn; cmd2.Transaction = myTrans; try { sql = "SELECT AUTO_INCREMENT s FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'xemphim' AND TABLE_NAME = 't_approved' "; cmd2 = new MySqlCommand(sql, conn); adap = new MySqlDataAdapter(cmd2); ds = new DataSet(); adap.Fill(ds); int id_app = Convert.ToInt32(ds.Tables[0].Rows[0]["s"].ToString()); sql = "INSERT INTO t_approved (id, name, content, user_creat, createtime, type, status) " + "VALUES ('" + id_app + "', N'Phê duyệt warning', '', '" + id_user + "', CURRENT_TIME(),'0', '0');"; cmd2 = new MySqlCommand(sql, conn); i = cmd2.ExecuteNonQuery(); sql = "INSERT INTO t_approved_value ( id_app, table_name, filed_name,key_id, value) VALUES ( '" + id_app + "', 't_series', 'warning','" + com.id + "', '" + com.warning + "');"; cmd2 = new MySqlCommand(sql, conn); i = cmd2.ExecuteNonQuery(); myTrans.Commit(); } catch (Exception e) { myTrans.Rollback(); } } } } catch (Exception e) { res = Request.CreateResponse(HttpStatusCode.BadRequest); } } else { res = Request.CreateResponse(HttpStatusCode.Unauthorized); } return(res); }
public HttpResponseMessage Post([FromBody] Movie com) { MySqlConnection conn = new MySqlConnection(ConnnectData.connectionString); var res = Request.CreateResponse(HttpStatusCode.OK); conn.Open(); int id_user = Convert.ToInt32(Thread.CurrentPrincipal.Identity.Name); int cc = 0; string sql = ""; sql = "select level from t_user where id ='" + id_user + "' "; MySqlCommand cmd = new MySqlCommand(sql, conn); MySqlDataAdapter adap = new MySqlDataAdapter(cmd); DataSet ds = new DataSet(); adap.Fill(ds); int warning = 0; bool isgetotken = false; int level = Convert.ToInt32(ds.Tables[0].Rows[0]["level"].ToString()); if (level >= 3) { if (level >= 7) { warning = com.warning; } else { warning = 0; } while (!isgetotken) { try { sql = "SELECT AUTO_INCREMENT s FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'xemphim' AND TABLE_NAME = 't_movie' "; cmd = new MySqlCommand(sql, conn); adap = new MySqlDataAdapter(cmd); ds = new DataSet(); adap.Fill(ds); int id_mov = Convert.ToInt32(ds.Tables[0].Rows[0]["s"].ToString()); sql = "INSERT INTO t_movie (id, name, name_re, name_en, n_view, n_like, year_movie, creattime, user_creat, " + " time_thoiluong, warning, content, content_re, urlavatar, id_company, is_series, type_mov)" + " VALUES (" + id_mov + ", N'" + com.name + "', N'" + com.name_re + "', N'" + com.name_en + "', '0', '0', '" + com.year_movie + "', CURRENT_TIME(), '" + id_user + "'," + " '" + com.time_thoiluong + "', '" + warning + "', N'" + com.content + "', N'" + com.content_re + "', ' ', '" + com.company.id + "', '0', '" + com.type_mov + "');"; cmd = new MySqlCommand(sql, conn); int i = cmd.ExecuteNonQuery(); isgetotken = true; com.id = id_mov; res = Request.CreateResponse(HttpStatusCode.OK, com); cc = 1; } catch (MySqlException e) { if (e.Number != 1062) { isgetotken = true; } } catch (Exception e) { isgetotken = true; } } if (cc == 1) { UsingFunction.update_list_tag(com.id, com.tag.ToList(), 0, id_user); UsingFunction.update_list_catalog(com.id, com.catalog.ToList(), 0, id_user); UsingFunction.update_list_actor(com.id, com.actor.ToList(), 0, id_user); //------------------------------------------------Thêm Serve------------------------------------------------------------------------ UsingFunction.update_list_serve(com.id, com.serve.ToList(), 0, id_user); if (com.company.id != -1) { try { sql = "SELECT count_movie c FROM t_series WHERE id=1"; cmd = new MySqlCommand(sql, conn); adap = new MySqlDataAdapter(cmd); ds = new DataSet(); adap.Fill(ds); if (ds.Tables[0].Rows.Count > 0) { int count_mov = Convert.ToInt32(ds.Tables[0].Rows[0]["c"].ToString()) + 1; sql = "INSERT INTO t_mov_series (id, id_series, n_movie) VALUES ('" + com.id + "', '" + com.series.id + "', '" + count_mov + "');"; cmd = new MySqlCommand(sql, conn); int i = cmd.ExecuteNonQuery(); } } catch (Exception e) { } } if (com.warning != 0 && level < 7) { MySqlCommand cmd2 = conn.CreateCommand(); MySqlTransaction myTrans; myTrans = conn.BeginTransaction(); cmd2.Connection = conn; cmd2.Transaction = myTrans; try { sql = "SELECT AUTO_INCREMENT s FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'xemphim' AND TABLE_NAME = 't_approved' "; cmd2 = new MySqlCommand(sql, conn); adap = new MySqlDataAdapter(cmd2); ds = new DataSet(); adap.Fill(ds); int id_app = Convert.ToInt32(ds.Tables[0].Rows[0]["s"].ToString()); sql = "INSERT INTO t_approved (id, name, content, user_creat, createtime, type, status) " + "VALUES ('" + id_app + "', N'Phê duyệt warning', '', '" + id_user + "', CURRENT_TIME(),'0', '0');"; cmd2 = new MySqlCommand(sql, conn); int i = cmd2.ExecuteNonQuery(); sql = "INSERT INTO t_approved_value ( id_app, table_name, filed_name,key_id, value) VALUES ( '" + id_app + "', 't_movie', 'warning','" + com.id + "', '" + com.warning + "');"; cmd2 = new MySqlCommand(sql, conn); i = cmd2.ExecuteNonQuery(); myTrans.Commit(); } catch (Exception e) { myTrans.Rollback(); } } } } else { res = Request.CreateResponse(HttpStatusCode.Unauthorized); } return(res); }