public HttpResponseMessage Post_login([FromBody] Token token, string username, string pass)
{
string json = "";
var res = Request.CreateResponse(HttpStatusCode.OK);
User_token c_user = new User_token();
MySqlConnection conn = new MySqlConnection(ConnnectData.connectionString);
string sql = "";
sql = " SELECT id,level,urlavatar,count_video from t_user t0" +
" where name='" + username + "' and pass='******'";
MySqlCommand cmd = new MySqlCommand(sql, conn);
MySqlDataAdapter adap = new MySqlDataAdapter(cmd);
DataSet ds = new DataSet();
adap.Fill(ds);
if (ds.Tables[0].Rows.Count == 1)
{
User us = new User();
us.id = Convert.ToInt32(ds.Tables[0].Rows[0]["id"].ToString());
us.level = Convert.ToInt32(ds.Tables[0].Rows[0]["level"].ToString());
us.urlavatar = ds.Tables[0].Rows[0]["urlavatar"].ToString();
us.count_video = Convert.ToInt32(ds.Tables[0].Rows[0]["count_video"].ToString());
c_user.user = us;
long re = UsingFunction.creat_token(c_user.user.id, token);
if (re == -1)
{
res = Request.CreateResponse(HttpStatusCode.BadRequest);
c_user.status = -1;
c_user.content = "BadRequest";
}
else
{
c_user.token = re;
c_user.status = 0;
c_user.content = "";
json = JsonConvert.SerializeObject(c_user);
res.Content = new StringContent(json.ToString(), Encoding.UTF8, "application/json");
}
return(res);
}
else
{
c_user.status = 1;
c_user.content = "Tài khoản hoặc mật khẩu không đúng";
json = JsonConvert.SerializeObject(c_user);
res.Content = new StringContent(json.ToString(), Encoding.UTF8, "application/json");
}
return(res);
}
public HttpResponseMessage Put(int id, [FromBody] Series com)
{
MySqlConnection conn = new MySqlConnection(ConnnectData.connectionString);
var res = Request.CreateResponse(HttpStatusCode.OK);
conn.Open();
int id_user = Convert.ToInt32(Thread.CurrentPrincipal.Identity.Name);
string sql = "select t0.level from t_user t0 join t_series t1 on t0.id = t1.user_creat or t0.id=t1.user_update or t0.level >= 7" +
" where t0.id ='" + id_user + "' and t1.id = '" + id + "'";
MySqlCommand cmd = new MySqlCommand(sql, conn);
MySqlDataAdapter adap = new MySqlDataAdapter(cmd);
DataSet ds = new DataSet();
adap.Fill(ds);
Tag t = new Tag();
if (ds.Tables[0].Rows.Count > 0)
{
int level = Convert.ToInt32(ds.Tables[0].Rows[0]["level"].ToString());
try
{
int cc = 0;
sql = "select status,warning,id from t_series where status=0 and name='" + com.name + "'";
cmd = new MySqlCommand(sql, conn);
adap = new MySqlDataAdapter(cmd);
ds = new DataSet();
adap.Fill(ds);
int warning = 0;
if (ds.Tables[0].Rows.Count > 0)
{
if ((Convert.ToInt32(ds.Tables[0].Rows[0]["id"].ToString()) != id))
{
return(res = Request.CreateResponse(HttpStatusCode.NotModified, com));
}
else
{
cc = 1;
}
warning = Convert.ToInt32(ds.Tables[0].Rows[0]["warning"].ToString());
}
else
{
cc = 1;
}
if (cc == 1)
{
UsingFunction.update_list_tag(com.id, com.list_tag.ToList(), 1, id_user);
UsingFunction.update_list_catalog(com.id, com.list_cata.ToList(), 1, id_user);
UsingFunction.update_list_actor(com.id, com.list_actor.ToList(), 1, id_user);
if (level >= 7)
{
warning = com.warning;
}
sql = " update t_series set name=N'" + com.name + "',content=N'" + MySqlHelper.EscapeString(com.content) + "',count_movie = 0,year_str='" + com.year_str + "',year_end='" + com.year_end + "'" +
",warning='" + warning + "',id_company='" + com.company.id + "'" +
",status=0,updatetime='" + DateTime.Now.ToString("yyyy/MM/dd") + "',user_update='" + id_user + "'" +
"where id='" + id + "' ";
cmd = new MySqlCommand(sql, conn);
int i = cmd.ExecuteNonQuery();
com.creattime = DateTime.Now;
com.user_creat = id_user;
res = Request.CreateResponse(HttpStatusCode.OK, com);
if (warning != com.warning)
{
MySqlCommand cmd2 = conn.CreateCommand();
MySqlTransaction myTrans;
myTrans = conn.BeginTransaction();
cmd2.Connection = conn;
cmd2.Transaction = myTrans;
try
{
sql = "SELECT AUTO_INCREMENT s FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'xemphim' AND TABLE_NAME = 't_approved' ";
cmd2 = new MySqlCommand(sql, conn);
adap = new MySqlDataAdapter(cmd2);
ds = new DataSet();
adap.Fill(ds);
int id_app = Convert.ToInt32(ds.Tables[0].Rows[0]["s"].ToString());
sql = "INSERT INTO t_approved (id, name, content, user_creat, createtime, type, status) " +
"VALUES ('" + id_app + "', N'Phê duyệt warning', '', '" + id_user + "', CURRENT_TIME(),'0', '0');";
cmd2 = new MySqlCommand(sql, conn);
i = cmd2.ExecuteNonQuery();
sql = "INSERT INTO t_approved_value ( id_app, table_name, filed_name,key_id, value) VALUES ( '" + id_app + "', 't_series', 'warning','" + com.id + "', '" + com.warning + "');";
cmd2 = new MySqlCommand(sql, conn);
i = cmd2.ExecuteNonQuery();
myTrans.Commit();
}
catch (Exception e)
{
myTrans.Rollback();
}
}
}
}
catch (Exception e)
{
res = Request.CreateResponse(HttpStatusCode.BadRequest);
}
}
else
{
res = Request.CreateResponse(HttpStatusCode.Unauthorized);
}
return(res);
}
public HttpResponseMessage Post([FromBody] Movie com)
{
MySqlConnection conn = new MySqlConnection(ConnnectData.connectionString);
var res = Request.CreateResponse(HttpStatusCode.OK);
conn.Open();
int id_user = Convert.ToInt32(Thread.CurrentPrincipal.Identity.Name);
int cc = 0;
string sql = "";
sql = "select level from t_user where id ='" + id_user + "' ";
MySqlCommand cmd = new MySqlCommand(sql, conn);
MySqlDataAdapter adap = new MySqlDataAdapter(cmd);
DataSet ds = new DataSet();
adap.Fill(ds);
int warning = 0;
bool isgetotken = false;
int level = Convert.ToInt32(ds.Tables[0].Rows[0]["level"].ToString());
if (level >= 3)
{
if (level >= 7)
{
warning = com.warning;
}
else
{
warning = 0;
}
while (!isgetotken)
{
try
{
sql = "SELECT AUTO_INCREMENT s FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'xemphim' AND TABLE_NAME = 't_movie' ";
cmd = new MySqlCommand(sql, conn);
adap = new MySqlDataAdapter(cmd);
ds = new DataSet();
adap.Fill(ds);
int id_mov = Convert.ToInt32(ds.Tables[0].Rows[0]["s"].ToString());
sql = "INSERT INTO t_movie (id, name, name_re, name_en, n_view, n_like, year_movie, creattime, user_creat, " +
" time_thoiluong, warning, content, content_re, urlavatar, id_company, is_series, type_mov)" +
" VALUES (" + id_mov + ", N'" + com.name + "', N'" + com.name_re + "', N'" + com.name_en + "', '0', '0', '" + com.year_movie + "', CURRENT_TIME(), '" + id_user + "'," +
" '" + com.time_thoiluong + "', '" + warning + "', N'" + com.content + "', N'" + com.content_re + "', ' ', '" + com.company.id + "', '0', '" + com.type_mov + "');";
cmd = new MySqlCommand(sql, conn);
int i = cmd.ExecuteNonQuery();
isgetotken = true;
com.id = id_mov;
res = Request.CreateResponse(HttpStatusCode.OK, com);
cc = 1;
}
catch (MySqlException e)
{
if (e.Number != 1062)
{
isgetotken = true;
}
}
catch (Exception e)
{
isgetotken = true;
}
}
if (cc == 1)
{
UsingFunction.update_list_tag(com.id, com.tag.ToList(), 0, id_user);
UsingFunction.update_list_catalog(com.id, com.catalog.ToList(), 0, id_user);
UsingFunction.update_list_actor(com.id, com.actor.ToList(), 0, id_user);
//------------------------------------------------Thêm Serve------------------------------------------------------------------------
UsingFunction.update_list_serve(com.id, com.serve.ToList(), 0, id_user);
if (com.company.id != -1)
{
try
{
sql = "SELECT count_movie c FROM t_series WHERE id=1";
cmd = new MySqlCommand(sql, conn);
adap = new MySqlDataAdapter(cmd);
ds = new DataSet();
adap.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
int count_mov = Convert.ToInt32(ds.Tables[0].Rows[0]["c"].ToString()) + 1;
sql = "INSERT INTO t_mov_series (id, id_series, n_movie) VALUES ('" + com.id + "', '" + com.series.id + "', '" + count_mov + "');";
cmd = new MySqlCommand(sql, conn);
int i = cmd.ExecuteNonQuery();
}
}
catch (Exception e) { }
}
if (com.warning != 0 && level < 7)
{
MySqlCommand cmd2 = conn.CreateCommand();
MySqlTransaction myTrans;
myTrans = conn.BeginTransaction();
cmd2.Connection = conn;
cmd2.Transaction = myTrans;
try
{
sql = "SELECT AUTO_INCREMENT s FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'xemphim' AND TABLE_NAME = 't_approved' ";
cmd2 = new MySqlCommand(sql, conn);
adap = new MySqlDataAdapter(cmd2);
ds = new DataSet();
adap.Fill(ds);
int id_app = Convert.ToInt32(ds.Tables[0].Rows[0]["s"].ToString());
sql = "INSERT INTO t_approved (id, name, content, user_creat, createtime, type, status) " +
"VALUES ('" + id_app + "', N'Phê duyệt warning', '', '" + id_user + "', CURRENT_TIME(),'0', '0');";
cmd2 = new MySqlCommand(sql, conn);
int i = cmd2.ExecuteNonQuery();
sql = "INSERT INTO t_approved_value ( id_app, table_name, filed_name,key_id, value) VALUES ( '" + id_app + "', 't_movie', 'warning','" + com.id + "', '" + com.warning + "');";
cmd2 = new MySqlCommand(sql, conn);
i = cmd2.ExecuteNonQuery();
myTrans.Commit();
}
catch (Exception e)
{
myTrans.Rollback();
}
}
}
}
else
{
res = Request.CreateResponse(HttpStatusCode.Unauthorized);
}
return(res);
}
public HttpResponseMessage Post_token([FromBody] Token token, int gettoken, int iduser)
{
var res = Request.CreateResponse(HttpStatusCode.OK);
RETURN_TOKEN xx = new RETURN_TOKEN();
if (gettoken == 1)
{
return(res = Request.CreateResponse(HttpStatusCode.BadRequest));
}
MySqlConnection conn = new MySqlConnection(ConnnectData.connectionString);
conn.Open();
bool isgetotken = false;
string sql = "";
MySqlCommand cmd = new MySqlCommand();
if (iduser > 0 && token.id > 0)
{
sql = "select * from t_user_temp where datediff(CURRENT_DATE,createtime)<=7 and id= '" + iduser + "' and token='" + token.id + "'";
cmd = new MySqlCommand(sql, conn);
MySqlDataAdapter adap = new MySqlDataAdapter(cmd);
DataSet ds = new DataSet();
adap.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
xx.token = token.id; xx.t_user = iduser;
return(res = Request.CreateResponse(HttpStatusCode.OK, xx));;
}
;
}
long re = UsingFunction.creat_token(0, token);
if (re == -1)
{
res = Request.CreateResponse(HttpStatusCode.BadRequest);
}
else
{
while (!isgetotken)
{
try
{
sql = "";
sql = " SELECT AUTO_INCREMENT as id FROM information_schema.TABLES WHERE TABLE_SCHEMA = 'xemphim' AND TABLE_NAME = 't_user_temp'";
cmd = new MySqlCommand(sql, conn);
MySqlDataAdapter adap = new MySqlDataAdapter(cmd);
DataSet ds = new DataSet();
adap.Fill(ds);
long id = Convert.ToInt32(ds.Tables[0].Rows[0]["id"].ToString());
string name_te = UsingFunction.randomname();
string url_te = UsingFunction.random_urlavatar();
sql = " insert into t_user_temp(id,name,createtime,urlavatar,token) values(" + id + ",'" + name_te + "',NOW(),'" + url_te + "'," + re + ")";
cmd = new MySqlCommand(sql, conn);
int i = cmd.ExecuteNonQuery();
xx.token = re;
xx.t_user = id;
isgetotken = true;
}
catch (MySqlException e)
{
if (e.Number != 1062)
{
isgetotken = true;
}
}
catch (Exception e)
{
isgetotken = true;
}
finally
{
if (conn.State == ConnectionState.Open)
{
conn.Clone();
}
}
}
res = Request.CreateResponse(HttpStatusCode.OK, xx);
}
return(res);
}