public HttpResponseMessage Add([FromBody] UserModels value)
{
if (WroBL.DAL.DatabaseUtils.ExistsElement("select first 1 1 from users u where u.name='" + value.Name + "'"))
{
var response = new UserResponseModel()
{
Id = int.Parse(WroBL.DAL.DatabaseUtils.GetOneElement("select u.id from users u where u.name='" + value.Name + "'")),
Message = "User with that name already exists"
};
return Request.CreateResponse(HttpStatusCode.OK, response);
}
else
{
if (String.IsNullOrWhiteSpace(value.Email))
{
WroBL.DAL.DatabaseUtils.DatabaseCommand("Insert into users(name, facebook) values ('" + value.Name + "',1)");
var response = new UserResponseModel()
{
Id = int.Parse(WroBL.DAL.DatabaseUtils.GetOneElement("select u.id from users u where u.name='"+value.Name+"'")),
Message = "Add new user by Facebook"
};
return Request.CreateResponse(HttpStatusCode.OK, response);
}
else
{
var enPassword = WroBL.DAL.Crytography.EncryptRijndaelManaged(value.Password,
WroBL.DAL.Crytography.ElChupacabra, WroBL.DAL.Crytography.ElMariachi);
var password = WroBL.DAL.Crytography.GetString(enPassword);
WroBL.DAL.DatabaseUtils.DatabaseCommand("INSERT INTO USERS(NAME, \"PASSWORD\", EMAIL, FACEBOOK) " +
"VALUES('" + value.Name + "', '" + password + "','" +
value.Email + "',0);");
var response = new UserResponseModel()
{
Id = Int32.Parse(WroBL.DAL.DatabaseUtils.GetOneElement("select u.id from users u where u.name='" + value.Name + "';")),
Message = "Add new user by registartion"
};
return Request.CreateResponse(HttpStatusCode.OK, response);
}
}
}
public HttpResponseMessage LoginUser([FromBody] UserModels value)
{
var response = new UserResponseModel();
if (WroBL.DAL.DatabaseUtils.ExistsElement("select first 1 1 from users u where u.name='" + value.Name + "'"))
{
if (WroBL.DAL.DatabaseUtils.GetOneElement("select u.facebook from users u where u.name='" + value.Name + "'") == "1")
{
response.CorrectLogin = true;
response.Message = "You login correct By Facebook";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
else
{
if (WroBL.UserLogin.ComparePassword(value.Password, value.Name))
{
response.Id =
Int32.Parse(
WroBL.DAL.DatabaseUtils.GetOneElement("select u.id from users u where u.name='" + value.Name +
"';"));
response.CorrectLogin = true;
response.Message = "Username and password is correct";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
else
{
response.Id =
Int32.Parse(
WroBL.DAL.DatabaseUtils.GetOneElement("select u.id from users u where u.name='" + value.Name +
"';"));
response.CorrectLogin = true;
response.Message = "Password is incorrect";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
}
}
else
{
response.CorrectLogin = false;
response.Message = "Username is incorrect";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
}
public HttpResponseMessage UserTakingPart([FromBody] Models.UserModel.UserEventModel value)
{
var userID =
WroBL.DAL.DatabaseUtils.GetOneElement("SELECT U.ID FROM USERS U WHERE U.NAME='" + value.Username +"';");
if (!String.IsNullOrEmpty(userID))
{
if (value.TakingPart)
{
//insert into table event to user
WroBL.DAL.DatabaseUtils.DatabaseCommand("Insert into event2user (\"EVENT\",\"USER\") values ("+value.EventIdToTakingPart+","+userID+");");
UserResponseModel response = new UserResponseModel();
response.Message = "User taking part in an event";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
else
{
//delete from table event2user
WroBL.DAL.DatabaseUtils.DatabaseCommand("delete from event2user e where (e.\"EVENT\"="+value.EventIdToTakingPart+" and e.\"USER\"="+userID+")");
UserResponseModel response = new UserResponseModel();
response.Message = "User no longer taking part in event";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
}
else
{
Models.UserModel.UserResponseModel response = new UserResponseModel();
response.Message = "User with that name doesn't exists";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
}
public HttpResponseMessage UserEvent([FromBody] Models.UserModel.UserEventModel model)
{
var userID = WroBL.DAL.DatabaseUtils.GetOneElement("SELECT U.ID FROM USERS U WHERE U.NAME='"+model.Username+"';");
if (String.IsNullOrEmpty(userID))
{
Models.UserModel.UserResponseModel response = new UserResponseModel();
response.Message = "User with that name doesn't exists";
return Request.CreateResponse(HttpStatusCode.OK, response);
}
else
{
model.Events = WroBL.DAL.DatabaseUtils.ListOfElementsFromDatabase("SELECT distinct(E2U.\"EVENT\") "+
"FROM EVENT2USER E2U "+
"LEFT JOIN \"EVENT\" e on e2u.\"EVENT\" = e.id "+
"WHERE e2u.\"USER\" = '"+userID+"' "+
"AND e.\"DATE\" > current_timestamp; ");
return Request.CreateResponse(HttpStatusCode.OK,model);
}
}