private static string FixUsername(string username) { //Since the hashPassword function is case sensitive, recv the real thing from db. //HACK, this needs password recovery to be solved. using(Db db = new Db()) { db.CommandText = "SELECT username FROM tMember WHERE lower(username) = @username"; db.AddParameter("@username", username); username = db.ExecuteScalar() as string; return username; } }
private static void HandleDetailsUpdate(HttpRequest Request, HttpResponse Response, Guid userId) { BinaryReader r = new BinaryReader(Request.InputStream); int responseVersion = 0; int responseCode = -1; Encoding e = Encoding.Unicode; try { int clientVersion = r.ReadInt32(); responseVersion = clientVersion; if(userId == Guid.Empty) { responseCode = -2; return; } int itemcount = r.ReadInt32(); using(Db db = new Db()) { db.CommandText = "UPDATE tPhoto SET name=@title, comment=@text WHERE id=@photoId"; IDataParameter pid = db.AddParameter("@photoId", Guid.Empty); IDataParameter ptitle = db.AddParameter("@title", string.Empty); IDataParameter ptext = db.AddParameter("@text", string.Empty); for(int i=0;i<itemcount;i++) { Guid photoId = new Guid(r.ReadBytes(16)); int len; byte[] raw; len = r.ReadInt32(); raw = r.ReadBytes(len); string title = e.GetString(raw, 0, raw.Length-2); len = r.ReadInt32(); raw = r.ReadBytes(len); string text = e.GetString(raw, 0, raw.Length-2); bool ok; try { Database.EnforcePhotoPermission(userId, photoId, Permission.Change); pid.Value = photoId; ptitle.Value = title; ptext.Value = text; ok = db.ExecuteNonQuery(0)==1; } catch(System.Data.SqlClient.SqlException exc) { string debug = exc.ToString(); throw; } catch(Error_AccessDenied) { ok = false; Log.LogSecurity(2, "Denied access to edit photo details with client control. userId:{0}, photoId:{1}, title{2}, text:{3}.", userId, photoId, title, text); } } } responseCode = 0; Log.LogStatistics(2, "Updated details for {0} photos.", itemcount); } catch { responseCode = -1; throw; } finally { BinaryWriter writer = new BinaryWriter(Response.OutputStream); writer.Write(responseVersion); writer.Write(responseCode); writer.Flush(); } }
public static void HandleUserLookup(HttpRequest Request, HttpResponse Response, Guid userId) { try { ClientControlsReader r = new ClientControlsReader(Request.InputStream); Response.ClearContent(); ClientControlsWriter w = new ClientControlsWriter(Response.OutputStream); w.Write(1); string query = Request["userquery"]; //Write result code if(query == null || query.Length == 0) { w.Write(-1); return; } else w.Write(0); query = "%"+query+"%"; ArrayList data = new ArrayList(); using(Db db = new Db()) { db.CommandText = @" SELECT id, fullNameClean as fullName, username, email FROM tMember WHERE fullName LIKE @q OR email LIKE @q OR username LIKE @q ORDER BY fullNameClean ASC "; db.AddParameter("@q", query); while(db.Read()) { UserInfo user = new UserInfo(); user.username = (string)db["username"]; user.id = (Guid)db["id"]; user.email = db["email"] as string; user.name = (string)db["fullName"]; data.Add(user); } } w.Write((int)data.Count); foreach(object o in data) { if(o is UserInfo) { w.Write((byte)0); UserInfo user = (UserInfo)o; w.Write(user.id.ToByteArray()); w.WriteString(user.username); w.WriteString(user.email); w.WriteString(user.name); } } int a = 3; } finally { Response.Flush(); Response.Close(); Response.End(); } }