protected bool isTopicCorrect() { bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(topicId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(topicId)) { correct = false; } if (correct) { connect.Open(); SqlCommand cmd = connect.CreateCommand(); //Count the existance of the topic: cmd.CommandText = "select count(*) from Topics where topicId = '" + topicId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the topic ID exists in DB. { cmd.CommandText = "select topic_createdBy from Topics where topicId = '" + topicId + "' "; string creatorId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' "; string userId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select topic_isDeleted from Topics where topicId = '" + topicId + "' "; int isDeleted = Convert.ToInt32(cmd.ExecuteScalar()); cmd.CommandText = "select topic_isTerminated from Topics where topicId = '" + topicId + "' "; int isTerminated = Convert.ToInt32(cmd.ExecuteScalar()); cmd.CommandText = "select topic_type from topics where topicId = '" + topicId + "' "; string topic_type = cmd.ExecuteScalar().ToString(); //check if id belongs to a different user: //if (!userId.Equals(creatorId)) // correct = false; //else if (isDeleted == 1) { correct = false; } else if (isTerminated == 1) { correct = false; } if (topic_type.Equals("Dissemination")) { correct = false; } } else { correct = false; // means that the topic ID does not exists in DB. } connect.Close(); } return(correct); }
protected static bool isMessageCorrect(string messageId, string creatorId) { Configuration config = new Configuration(); SqlConnection connect = new SqlConnection(config.getConnectionString()); bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(messageId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(messageId)) { correct = false; } if (correct) { connect.Open(); SqlCommand cmd = connect.CreateCommand(); //Count the existance of the message: cmd.CommandText = "select count(*) from Entries where entryId = '" + messageId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the message ID exists in DB. { //Get creator ID: cmd.CommandText = "select userId from Entries where entryId = '" + messageId + "' "; string actual_creatorId = cmd.ExecuteScalar().ToString(); //Get the current user's ID who is trying to access the message: //cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' "; //string userId = cmd.ExecuteScalar().ToString(); //Get the deletion's status: cmd.CommandText = "select entry_isDeleted from Entries where entryId = '" + messageId + "' "; int isDeleted = Convert.ToInt32(cmd.ExecuteScalar()); //check if id belongs to a different user: //Admins can delete anything! //if (!userId.Equals(creatorId)) // correct = false; //else if (isDeleted == 1) { correct = false; } } else { correct = false; // means that the topic ID does not exists in DB. } connect.Close(); } return(correct); }
protected bool isAccountCorrect() { bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(accountId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(accountId)) { correct = false; } if (correct) { connect.Open(); SqlCommand cmd = connect.CreateCommand(); //Count the existance of the user: cmd.CommandText = "select count(*) from Users where userId = '" + accountId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the user ID exists in DB. { //Get the current user's ID who is trying to access the profile: cmd.CommandText = "select userId from Users where loginId = '" + loginId + "' "; string current_userId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select loginId from users where userId = '" + accountId + "' "; string account_loginId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select login_isActive from Logins where loginId = '" + account_loginId + "' "; int isActive = Convert.ToInt32(cmd.ExecuteScalar()); if (isActive == 0) { correct = false; } //Maybe later use the current user's ID to check if the current user has access to view the selected profile. if (account_loginId == loginId) { correct = false; } } else { correct = false; // means that the user ID does not exists in DB. } connect.Close(); } return(correct); }
protected static bool isTestCaseCorrect(string testCaseId, string creatorId) { bool correct = true; CheckErrors errors = new CheckErrors(); //check if id contains a special character: if (!errors.isDigit(testCaseId)) { correct = false; } //check if id contains an id that does not exist in DB: else if (errors.ContainsSpecialChars(testCaseId)) { correct = false; } if (correct) { Configuration config = new Configuration(); SqlConnection connect = new SqlConnection(config.getConnectionString()); SqlCommand cmd = connect.CreateCommand(); connect.Open(); //Count the existance of the topic: cmd.CommandText = "select count(*) from TestCases where testCaseId = '" + testCaseId + "' "; int count = Convert.ToInt32(cmd.ExecuteScalar()); if (count > 0)//if count > 0, then the project ID exists in DB. { cmd.CommandText = "select testCase_createdBy from TestCases where testCaseId = '" + testCaseId + "' "; string actual_creatorId = cmd.ExecuteScalar().ToString(); cmd.CommandText = "select testCase_isDeleted from TestCases where testCaseId = '" + testCaseId + "' "; int isDeleted = Convert.ToInt32(cmd.ExecuteScalar()); if (isDeleted == 1) { correct = false; } } else { correct = false; // means that the project ID does not exists in DB. } connect.Close(); } return(correct); }
protected void Page_Load(object sender, EventArgs e) { Configuration config = new Configuration(); conn = config.getConnectionString(); connect = new SqlConnection(conn); getSession(); //Get from and to pages: string current_page = "", previous_page = ""; if (HttpContext.Current.Request.Url.AbsoluteUri != null) { current_page = HttpContext.Current.Request.Url.AbsoluteUri; } if (Request.UrlReferrer != null) { previous_page = Request.UrlReferrer.ToString(); } //Get current time: DateTime currentTime = DateTime.Now; //Get user's IP: string userIP = GetIPAddress(); CheckAdminSession session = new CheckAdminSession(); bool correctSession = session.sessionIsCorrect(username, roleId, token, current_page, previous_page, currentTime, userIP); if (!correctSession) { clearSession(); } topicId = Request.QueryString["id"]; CheckErrors check = new CheckErrors(); if (!check.isDigit(topicId)) { goBack(); } int pageNum = Convert.ToInt32(Request.QueryString["page"]); bool topicApproved = isTopicApproved(); if (!topicApproved) { topicNotApproved(); } bool authorized = isUserAuthorizedToView(); if (!authorized) { unauthorized(); } showInformation(pageNum); checkIfTerminated(); checkIfDeleted(); if (!IsPostBack) { if (!requestedRemoveTopic && !requestedRemoveMessage && !requestedReportMessage) { if (HttpContext.Current.Request.Url.AbsoluteUri != null) { currentPage = HttpContext.Current.Request.Url.AbsoluteUri; } else { currentPage = "Home.aspx"; } if (Request.UrlReferrer != null) { previousPage = Request.UrlReferrer.ToString(); } else { previousPage = "Home.aspx"; } if (currentPage.Equals(previousPage)) { previousPage = "Home.aspx"; } } } }