// grants a user request for a specific user type public string grantUserTypeRequest(string username) { // getting the user who made the request User userWhoRequested = (User)getObjectFromDbByName(new User(), username); UserTypeRequest requestCopy = new UserTypeRequest(); // getting all user requests List <UserTypeRequest> requests = getAllFromTable(new UserTypeRequest()).Cast <UserTypeRequest>().ToList(); // if the user who requested the type is in the user requests then copy that username to request copy foreach (UserTypeRequest request in requests) { if (userWhoRequested.userID == request.userID) { userWhoRequested.userTypeName = request.userTypeName; requestCopy = request; } } // updating user with the new user type that they requested to have db.updateDbFromObjectByName(userWhoRequested); // deleting the user request db.deleteObjectFromDb(requestCopy, requestCopy.userID.ToString()); // email informing request has been granted sendEmail(userWhoRequested.userEmail, "Venzi: Your User Type Request", "Your request to become a " + userWhoRequested.userTypeName + " user has been granted. This change is already in effect."); return("Request granted successfully."); }
// denies a user request for a specific user type public string denyUserTypeRequest(string username) { // getting the user who made the request User userWhoRequested = (User)getObjectFromDbByName(new User(), username); UserTypeRequest requestCopy = new UserTypeRequest(); // getting all user requests List <UserTypeRequest> requests = getAllFromTable(new UserTypeRequest()).Cast <UserTypeRequest>().ToList(); // if the user who requested the type is in the user requests then copy that username to request copy foreach (UserTypeRequest request in requests) { if (userWhoRequested.userID == request.userID) { requestCopy = request; } } // delete user request db.deleteObjectFromDb(requestCopy, requestCopy.userID.ToString()); // email informing request has been denied sendEmail(userWhoRequested.userEmail, "Venzi: Your User Type Request", "Your request to become a " + requestCopy.userTypeName + " user has been denied. If you feel this is an error " + "on our part please contact the administrator."); return("Request denied successfully."); }
// creates a new user, returns string indicating success or type of error public string createNewUser(string username, string firstName, string lastName, string password, string usertype, string email) { // flags for each condition bool upper = false; bool lower = false; bool special = false; bool spaces = false; // validating user entry lengths if (valEntry(password, PASSWORDMIN, DEFAULTMAX) && valEntry(username, USERNAMEMIN, DEFAULTMAX) && valEntry(email, DEFAULTMIN, DEFAULTMAX) && valEntry(firstName, DEFAULTMIN, DEFAULTMAX) && valEntry(lastName, DEFAULTMIN, DEFAULTMAX)) { // for every char in password check to see if it meets each condition foreach (char ch in password) { if (Char.IsUpper(ch)) { upper = true; } if (Char.IsLower(ch)) { lower = true; } if (!Char.IsLetterOrDigit(ch)) { special = true; } } if (upper && lower && special) { // making sure username does not contain spaces foreach (char ch in username) { if (Char.IsWhiteSpace(ch)) { spaces = true; } } if (!spaces) { // validating email address if (sendEmail(email, "Venzi: Test", "This is a test email to validate your email address.") == "The email has been sent successfully") { // SaltingHashing is used to encrypt the password // First variable in CreateSaltHash can be changed to increase or decrease length of hash SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, password); string passwordHash = userHashSalt.passHash; string passwordSalt = userHashSalt.passSalt; // creating new user object User newUser = new User(); newUser.userName = username; newUser.userFirstName = firstName; newUser.userLastName = lastName; newUser.userPass = passwordHash; newUser.userTypeName = usertype; newUser.userEmail = email; newUser.userSalt = passwordSalt; // making sure email is unique if (!db.isObjectNameInDb(newUser, username)) { bool doesEmailAlreadyExist = false; List <User> allUsers = db.getAllFromTable(new User()).Cast <User>().ToList(); foreach (User i in allUsers) { if (i.userEmail.ToString() == newUser.userEmail) { doesEmailAlreadyExist = true; } } // if email is unique if (!doesEmailAlreadyExist) { // getting new user's type to check permissions UserType newUsersType = (UserType)ApplicationManager.i.getObjectFromDbByName(new UserType(), newUser.userTypeName); string returnMessage; // if the user is attempting to pick a user type with permissions above a 2 // it must be sent for approval. in the meantime it will be created as a Basic user if (newUsersType.userPermissionsLevel == 3 || newUsersType.userPermissionsLevel == 4) { UserTypeRequest request = new UserTypeRequest(); request.userTypeName = newUser.userTypeName; newUser.userTypeName = "Basic"; db.insertObjectIntoDb(newUser); newUser = (User)db.getObjectFromDbByName(newUser, username); request.userID = newUser.userID; db.insertObjectIntoDb(request); returnMessage = "The user has been created successfully. The user type selected requires " + "special permission from the administrator. A request has been made. In the meantime events " + "can be viewed under our basic user type. Please check your email for the result of the request."; } else { // if the user is attempting to pick a user type with permissions of 1 or 2 then let them db.insertObjectIntoDb(newUser); newUser = (User)db.getObjectFromDbByName(newUser, username); returnMessage = "The user has been created successfully."; } db.createItinerary(newUser); // send welcome email sendEmail(newUser.userEmail, "Venzi: Welcome", "Welcome! You will find our app to be the go-to software for planning and running a convention. " + "If you are a convention attendee you will find our app is great for scheduling " + "your own convention experience. " + "We hope you have a wonderful time."); return(returnMessage); } else { return("This email address is already in use."); } } else { return("This username already exists."); } } else { return("A valid email address must be used."); } } else { return("The username cannot contain spaces."); } } else { return("The password does not meet criteria."); } } else { return("The username, password, or email is not the correct length"); } }