protected bool isTopicCorrect()
{
bool correct = true;
CheckErrors errors = new CheckErrors();
//check if id contains a special character:
if (!errors.isDigit(topicId))
{
correct = false;
}
//check if id contains an id that does not exist in DB:
else if (errors.ContainsSpecialChars(topicId))
{
correct = false;
}
if (correct)
{
connect.Open();
SqlCommand cmd = connect.CreateCommand();
//Count the existance of the topic:
cmd.CommandText = "select count(*) from Topics where topicId = '" + topicId + "' ";
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count > 0)//if count > 0, then the topic ID exists in DB.
{
cmd.CommandText = "select topic_createdBy from Topics where topicId = '" + topicId + "' ";
string creatorId = cmd.ExecuteScalar().ToString();
cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' ";
string userId = cmd.ExecuteScalar().ToString();
cmd.CommandText = "select topic_isDeleted from Topics where topicId = '" + topicId + "' ";
int isDeleted = Convert.ToInt32(cmd.ExecuteScalar());
cmd.CommandText = "select topic_isTerminated from Topics where topicId = '" + topicId + "' ";
int isTerminated = Convert.ToInt32(cmd.ExecuteScalar());
cmd.CommandText = "select topic_type from topics where topicId = '" + topicId + "' ";
string topic_type = cmd.ExecuteScalar().ToString();
//check if id belongs to a different user:
//if (!userId.Equals(creatorId))
// correct = false;
//else
if (isDeleted == 1)
{
correct = false;
}
else if (isTerminated == 1)
{
correct = false;
}
if (topic_type.Equals("Dissemination"))
{
correct = false;
}
}
else
{
correct = false; // means that the topic ID does not exists in DB.
}
connect.Close();
}
return(correct);
}
protected static bool isMessageCorrect(string messageId, string creatorId)
{
Configuration config = new Configuration();
SqlConnection connect = new SqlConnection(config.getConnectionString());
bool correct = true;
CheckErrors errors = new CheckErrors();
//check if id contains a special character:
if (!errors.isDigit(messageId))
{
correct = false;
}
//check if id contains an id that does not exist in DB:
else if (errors.ContainsSpecialChars(messageId))
{
correct = false;
}
if (correct)
{
connect.Open();
SqlCommand cmd = connect.CreateCommand();
//Count the existance of the message:
cmd.CommandText = "select count(*) from Entries where entryId = '" + messageId + "' ";
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count > 0)//if count > 0, then the message ID exists in DB.
{
//Get creator ID:
cmd.CommandText = "select userId from Entries where entryId = '" + messageId + "' ";
string actual_creatorId = cmd.ExecuteScalar().ToString();
//Get the current user's ID who is trying to access the message:
//cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' ";
//string userId = cmd.ExecuteScalar().ToString();
//Get the deletion's status:
cmd.CommandText = "select entry_isDeleted from Entries where entryId = '" + messageId + "' ";
int isDeleted = Convert.ToInt32(cmd.ExecuteScalar());
//check if id belongs to a different user:
//Admins can delete anything!
//if (!userId.Equals(creatorId))
// correct = false;
//else
if (isDeleted == 1)
{
correct = false;
}
}
else
{
correct = false; // means that the topic ID does not exists in DB.
}
connect.Close();
}
return(correct);
}
protected bool isAccountCorrect()
{
bool correct = true;
CheckErrors errors = new CheckErrors();
//check if id contains a special character:
if (!errors.isDigit(accountId))
{
correct = false;
}
//check if id contains an id that does not exist in DB:
else if (errors.ContainsSpecialChars(accountId))
{
correct = false;
}
if (correct)
{
connect.Open();
SqlCommand cmd = connect.CreateCommand();
//Count the existance of the user:
cmd.CommandText = "select count(*) from Users where userId = '" + accountId + "' ";
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count > 0)//if count > 0, then the user ID exists in DB.
{
//Get the current user's ID who is trying to access the profile:
cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' ";
string current_userId = cmd.ExecuteScalar().ToString();
cmd.CommandText = "select loginId from users where userId = '" + accountId + "' ";
string account_loginId = cmd.ExecuteScalar().ToString();
cmd.CommandText = "select login_isActive from Logins where loginId = '" + account_loginId + "' ";
int isActive = Convert.ToInt32(cmd.ExecuteScalar());
if (isActive == 0)
{
correct = false;
}
//Maybe later use the current user's ID to check if the current user has access to view the selected profile.
if (account_loginId == loginId)
{
correct = false;
}
}
else
{
correct = false; // means that the user ID does not exists in DB.
}
connect.Close();
}
return(correct);
}
protected static bool isTestCaseCorrect(string testCaseId, string creatorId)
{
bool correct = true;
CheckErrors errors = new CheckErrors();
//check if id contains a special character:
if (!errors.isDigit(testCaseId))
{
correct = false;
}
//check if id contains an id that does not exist in DB:
else if (errors.ContainsSpecialChars(testCaseId))
{
correct = false;
}
if (correct)
{
Configuration config = new Configuration();
SqlConnection connect = new SqlConnection(config.getConnectionString());
SqlCommand cmd = connect.CreateCommand();
connect.Open();
//Count the existance of the topic:
cmd.CommandText = "select count(*) from TestCases where testCaseId = '" + testCaseId + "' ";
int count = Convert.ToInt32(cmd.ExecuteScalar());
if (count > 0)//if count > 0, then the project ID exists in DB.
{
cmd.CommandText = "select testCase_createdBy from TestCases where testCaseId = '" + testCaseId + "' ";
string actual_creatorId = cmd.ExecuteScalar().ToString();
cmd.CommandText = "select testCase_isDeleted from TestCases where testCaseId = '" + testCaseId + "' ";
int isDeleted = Convert.ToInt32(cmd.ExecuteScalar());
if (isDeleted == 1)
{
correct = false;
}
}
else
{
correct = false; // means that the project ID does not exists in DB.
}
connect.Close();
}
return(correct);
}
protected void Page_Load(object sender, EventArgs e)
{
Configuration config = new Configuration();
conn = config.getConnectionString();
connect = new SqlConnection(conn);
getSession();
//Get from and to pages:
string current_page = "", previous_page = "";
if (HttpContext.Current.Request.Url.AbsoluteUri != null)
{
current_page = HttpContext.Current.Request.Url.AbsoluteUri;
}
if (Request.UrlReferrer != null)
{
previous_page = Request.UrlReferrer.ToString();
}
//Get current time:
DateTime currentTime = DateTime.Now;
//Get user's IP:
string userIP = GetIPAddress();
CheckAdminSession session = new CheckAdminSession();
bool correctSession = session.sessionIsCorrect(username, roleId, token, current_page, previous_page, currentTime, userIP);
if (!correctSession)
{
clearSession();
}
topicId = Request.QueryString["id"];
CheckErrors check = new CheckErrors();
if (!check.isDigit(topicId))
{
goBack();
}
int pageNum = Convert.ToInt32(Request.QueryString["page"]);
bool topicApproved = isTopicApproved();
if (!topicApproved)
{
topicNotApproved();
}
bool authorized = isUserAuthorizedToView();
if (!authorized)
{
unauthorized();
}
showInformation(pageNum);
checkIfTerminated();
checkIfDeleted();
if (!IsPostBack)
{
if (!requestedRemoveTopic && !requestedRemoveMessage && !requestedReportMessage)
{
if (HttpContext.Current.Request.Url.AbsoluteUri != null)
{
currentPage = HttpContext.Current.Request.Url.AbsoluteUri;
}
else
{
currentPage = "Home.aspx";
}
if (Request.UrlReferrer != null)
{
previousPage = Request.UrlReferrer.ToString();
}
else
{
previousPage = "Home.aspx";
}
if (currentPage.Equals(previousPage))
{
previousPage = "Home.aspx";
}
}
}
}
