private void Page_Load(object sender, System.EventArgs e)
{
int threadID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["ThreadID"]);
_thread = ThreadGuiHelper.GetThread(threadID);
if (_thread == null)
{
// not found, return to default page
Response.Redirect("default.aspx", true);
}
// Check access credentials
bool userHasAccess = SessionAdapter.CanPerformForumActionRight(_thread.ForumID, ActionRights.AccessForum);
bool userMayDoThreadManagement = SessionAdapter.CanPerformForumActionRight(_thread.ForumID, ActionRights.ForumSpecificThreadManagement) ||
SessionAdapter.HasSystemActionRight(ActionRights.SystemWideThreadManagement);
if (!userHasAccess || !userMayDoThreadManagement)
{
// doesn't have access to this forum or may not alter the thread's properties. redirect
Response.Redirect("default.aspx");
}
if (!Page.IsPostBack)
{
chkIsClosed.Checked = _thread.IsClosed;
chkIsSticky.Checked = _thread.IsSticky;
tbxSubject.Value = _thread.Subject;
}
}
private void Page_Load(object sender, System.EventArgs e)
{
// If the user doesn't have any access rights to management stuff, the user should
// be redirected to the default of the global system.
if (!SessionAdapter.HasSystemActionRights())
{
// doesn't have system rights. redirect.
Response.Redirect("../Default.aspx", true);
}
// Check if the user has the right systemright
if (!SessionAdapter.HasSystemActionRight(ActionRights.SecurityManagement))
{
// no, redirect to admin default page, since the user HAS access to the admin menu.
Response.Redirect("Default.aspx", true);
}
_roleID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["RoleID"]);
if (!Page.IsPostBack)
{
// get the role and show the description
RoleEntity role = SecurityGuiHelper.GetRole(_roleID);
if (!role.IsNew)
{
lblRoleDescription.Text = role.RoleDescription;
}
}
}
/// <summary>
/// Resets the password for the user related to the password token specified to the newPassword specified
/// It'll then remove the password reset token entity specified
/// </summary>
/// <param name="newPassword">the new password specified</param>
/// <param name="passwordResetToken">the reset token. Will be removed in this method if password reset is successful</param>
/// <returns>true if successful, false otherwise</returns>
public static async Task <bool> ResetPasswordAsync(string newPassword, PasswordResetTokenEntity passwordResetToken)
{
if (string.IsNullOrWhiteSpace(newPassword) || passwordResetToken == null)
{
return(false);
}
using (var adapter = new DataAccessAdapter())
{
var q = new QueryFactory().User.Where(UserFields.UserID.Equal(passwordResetToken.UserID));
var user = await adapter.FetchFirstAsync(q).ConfigureAwait(false);
if (user == null)
{
return(false);
}
user.Password = HnDGeneralUtils.HashPassword(newPassword, performPreMD5Hashing: true);
var uow = new UnitOfWork2();
uow.AddForSave(user);
uow.AddForDelete(passwordResetToken);
var toReturn = await uow.CommitAsync(adapter);
return(toReturn == 2);
}
}
protected void btnSet_Click(object sender, EventArgs e)
{
if (!_userMayManageSupportQueueContents)
{
return;
}
// move this thread to a support queue.
// check the selected ID to see if it is the same as the current Queue. If so, ignore, otherwise set the queue.
int selectedQueueID = HnDGeneralUtils.TryConvertToInt(cbxSupportQueues.SelectedValue);
SupportQueueEntity containingQueue = SupportQueueGuiHelper.GetQueueOfThread(_thread.ThreadID);
// now set the queue if:
// a) the thread isn't in a queue and the selected queueID > 0 (so not None)
// b) the thread is in a queue and the selected queueuID isn't the id of the queue containing the thread
if (((containingQueue == null) && (selectedQueueID != -1)) || ((containingQueue != null) && (containingQueue.QueueID != selectedQueueID)))
{
// Set the queue. if the new queue is -1, remove from queue.
if (selectedQueueID > 0)
{
SupportQueueManager.AddThreadToQueue(_thread.ThreadID, selectedQueueID, SessionAdapter.GetUserID(), null);
}
else
{
SupportQueueManager.RemoveThreadFromQueue(_thread.ThreadID, null);
}
}
// done redirect to this page to refresh.
Response.Redirect("Messages.aspx?ThreadID=" + _thread.ThreadID + "&StartAtMessage=" + _startMessageNo);
}
protected void Page_Load(object sender, EventArgs e)
{
int attachmentID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["AttachmentID"]);
MessageEntity relatedMessage = MessageGuiHelper.GetMessageWithAttachmentLogic(attachmentID);
if (relatedMessage == null)
{
// not found
Response.Redirect("default.aspx", true);
}
// thread has been loaded into the related message object as well. This is needed for the forum access right check
if (!SessionAdapter.CanPerformForumActionRight(relatedMessage.Thread.ForumID, ActionRights.AccessForum))
{
// user can't access this forum
Response.Redirect("default.aspx", true);
}
// Check if the thread is sticky, or that the user can see normal threads started
// by others. If not, the user isn't allowed to view the thread the message is in, and therefore is denied access.
if ((relatedMessage.Thread.StartedByUserID != SessionAdapter.GetUserID()) &&
!SessionAdapter.CanPerformForumActionRight(relatedMessage.Thread.ForumID, ActionRights.ViewNormalThreadsStartedByOthers) &&
!relatedMessage.Thread.IsSticky)
{
// user can't view the thread the message is in, because:
// - the thread isn't sticky
// AND
// - the thread isn't posted by the calling user and the user doesn't have the right to view normal threads started by others
Response.Redirect("default.aspx", true);
}
AttachmentEntity toStream = MessageGuiHelper.GetAttachment(attachmentID);
if (toStream == null)
{
// not found
Response.Redirect("default.aspx", true);
}
if (!toStream.Approved && !SessionAdapter.CanPerformForumActionRight(relatedMessage.Thread.ForumID, ActionRights.ApproveAttachment))
{
// the attachment hasn't been approved yet, and the caller isn't entitled to approve attachments, so deny.
// approval of attachments requires to be able to load the attachment without the attachment being approved
Response.Redirect("default.aspx", true);
}
// all set, load stream the attachment data to the browser
// create header
Response.ClearHeaders();
Response.ClearContent();
Response.AddHeader("Content-Type", "application/unknown");
Response.AddHeader("Content-length", toStream.Filecontents.Length.ToString());
Response.AddHeader("Content-Disposition", "attachment; filename=" + toStream.Filename.Replace(" ", "_"));
Response.AddHeader("Content-Transfer-Encoding", "Binary");
// stream the data
Response.BinaryWrite(toStream.Filecontents);
Response.Flush();
Response.End();
}
public async Task <ActionResult> Edit([Bind(nameof(MessageData.MessageText))]
MessageData messageData, string submitButton, int id = 0)
{
if (!ModelState.IsValid)
{
return(RedirectToAction("Index", "Home"));
}
var(userMayEditMessages, message) = await PerformEditMessageSecurityChecksAsync(id);
if (!userMayEditMessages)
{
return(RedirectToAction("Index", "Home"));
}
if (submitButton == "Post")
{
// parse message text to html
var messageAsHtml = HnDGeneralUtils.TransformMarkdownToHtml(messageData.MessageText, ApplicationAdapter.GetEmojiFilenamesPerName(),
ApplicationAdapter.GetSmileyMappings());
await MessageManager.UpdateEditedMessageAsync(this.HttpContext.Session.GetUserID(), message.MessageID, messageData.MessageText, messageAsHtml,
this.Request.Host.Host, string.Empty);
if (this.HttpContext.Session.CheckIfNeedsAuditing(AuditActions.AuditAlteredMessage))
{
await SecurityManager.AuditAlteredMessageAsync(this.HttpContext.Session.GetUserID(), message.MessageID);
}
}
return(await CalculateRedirectToMessageAsync(message.ThreadID, message.MessageID));
}
private void Page_Load(object sender, System.EventArgs e)
{
// If the user doesn't have any access rights to management stuff, the user should
// be redirected to the default of the global system.
if (!SessionAdapter.HasSystemActionRights())
{
// doesn't have system rights. redirect.
Response.Redirect("../Default.aspx", true);
}
// Check if the user has the right systemright
if (!SessionAdapter.HasSystemActionRight(ActionRights.SecurityManagement))
{
// no, redirect to admin default page, since the user HAS access to the admin menu.
Response.Redirect("Default.aspx", true);
}
_roleID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["RoleID"]);
if (!Page.IsPostBack)
{
// Get Role
RoleEntity role = SecurityGuiHelper.GetRole(_roleID);
_roleDescription = role.RoleDescription;
// bind the users listbox to an entitycollection with all users.
UserCollection users = UserGuiHelper.GetAllUsersNotInRole(_roleID);
lbxUsers.DataSource = users;
lbxUsers.DataTextField = "NickName";
lbxUsers.DataValueField = "UserID";
lbxUsers.DataBind();
}
}
private static void ConvertForumWelcomeTexts()
{
Console.WriteLine("Converting forum welcome texts. Republishing header texts as well.");
var qf = new QueryFactory();
using (var adapter = new DataAccessAdapter())
{
var forums = adapter.FetchQuery(qf.Forum);
foreach (ForumEntity f in forums)
{
string parserLog;
string messageAsXml;
bool errorsOccurred;
string convertedText = TextParser.TransformUBBMessageStringToHTML(f.NewThreadWelcomeText, _parserData, out parserLog, out errorsOccurred, out messageAsXml);
if (errorsOccurred)
{
Console.WriteLine("\nERRORS: {0}", parserLog);
Console.WriteLine("ForumID: {0}\nForum welcome text:\n{1}--------------\n", f.ForumID, f.NewThreadWelcomeText);
f.NewThreadWelcomeText = string.Empty;
f.NewThreadWelcomeTextAsHTML = string.Empty;
}
else
{
// html decode, so any < etc. are converted back to the regular characters.
f.NewThreadWelcomeText = HttpUtility.HtmlDecode(convertedText);
f.NewThreadWelcomeTextAsHTML = HnDGeneralUtils.TransformMarkdownToHtml(f.NewThreadWelcomeText, new Dictionary <string, string>(),
new Dictionary <string, string>());
}
}
Console.Write("\tPersisting forums...");
adapter.SaveEntityCollection(forums);
Console.WriteLine("DONE!");
}
Console.WriteLine("DONE");
}
/// <summary>
/// Registers a new user, using the properties of this class.
/// </summary>
/// <param name="nickName">Name of the nick.</param>
/// <param name="dateOfBirth">The date of birth.</param>
/// <param name="emailAddress">The email address.</param>
/// <param name="emailAddressIsPublic">flag to signal if the emailaddress is visible for everyone or not</param>
/// <param name="iconURL">The icon URL.</param>
/// <param name="ipNumber">The ip number.</param>
/// <param name="location">The location.</param>
/// <param name="occupation">The occupation.</param>
/// <param name="signature">The signature.</param>
/// <param name="website">The website.</param>
/// <param name="emailTemplatePath">The email template path.</param>
/// <param name="emailData">The email data.</param>
/// <param name="autoSubscribeThreads">Default value when user creates new threads.</param>
/// <param name="defaultMessagesPerPage">Messages per page to display</param>
/// <returns>
/// UserID of new user or 0 if registration failed.
/// </returns>
public static int RegisterNewUser(string nickName, DateTime?dateOfBirth, string emailAddress, bool emailAddressIsPublic, string iconURL,
string ipNumber, string location, string occupation, string signature, string website, string emailTemplatePath, Dictionary <string, string> emailData, ParserData parserData,
bool autoSubscribeThreads, short defaultMessagesPerPage)
{
UserEntity newUser = new UserEntity();
// initialize objects
newUser.AmountOfPostings = 0;
newUser.DateOfBirth = dateOfBirth;
newUser.EmailAddress = emailAddress;
newUser.EmailAddressIsPublic = emailAddressIsPublic;
newUser.IPNumber = ipNumber;
newUser.IconURL = iconURL;
newUser.IsBanned = false;
newUser.JoinDate = DateTime.Now;
newUser.Location = location;
newUser.NickName = nickName;
newUser.Occupation = occupation;
newUser.Signature = signature;
newUser.Website = website;
string password = HnDGeneralUtils.GenerateRandomPassword();
newUser.Password = HnDGeneralUtils.CreateMD5HashedBase64String(password);
//Preferences
newUser.AutoSubscribeToThread = autoSubscribeThreads;
newUser.DefaultNumberOfMessagesPerPage = defaultMessagesPerPage;
if (!string.IsNullOrEmpty(signature))
{
newUser.SignatureAsHTML = TextParser.TransformSignatureUBBStringToHTML(signature, parserData);
}
else
{
newUser.SignatureAsHTML = "";
}
//Fetch the SystemDataEntity to use the "DefaultUserTitleNewUser" as the user title & the "DefaultRoleNewUser"
// as the roleID of the newly created RoleUserEntity.
SystemDataEntity systemData = SystemGuiHelper.GetSystemSettings();
newUser.UserTitleID = systemData.DefaultUserTitleNewUser;
RoleUserEntity roleUser = new RoleUserEntity();
roleUser.RoleID = systemData.DefaultRoleNewUser;
roleUser.User = newUser;
// first encode fields which could lead to cross-site-scripting attacks
EncodeUserTextFields(newUser);
// now save the new user entity and the new RoleUser entity recursively in one go. This will create a transaction for us
// under the hood so we don't have to do that ourselves.
if (newUser.Save(true))
{
// all ok, Email the password
bool result = HnDGeneralUtils.EmailPassword(password, emailAddress, emailTemplatePath, emailData);
}
return(newUser.UserID);
}
public async Task <ActionResult> Register(NewProfileData data)
{
if (!ModelState.IsValid)
{
return(View(data));
}
data.Sanitize();
data.StripProtocolsFromUrls();
var nickNameExists = await UserGuiHelper.CheckIfNickNameExistAsync(data.NickName);
if (nickNameExists)
{
ModelState.AddModelError("NickName", "NickName already exists");
return(View(data));
}
var result = await UserManager.RegisterNewUserAsync(data.NickName, data.DateOfBirth, data.EmailAddress, data.EmailAddressIsPublic, data.IconURL,
HnDGeneralUtils.GetRemoteIPAddressAsIP4String(this.HttpContext.Connection.RemoteIpAddress), data.Location,
data.Occupation, data.Signature, data.Website,
ApplicationAdapter.GetEmailData(this.Request.Host.Host, EmailTemplate.RegistrationReply),
data.AutoSubscribeToThread, data.DefaultNumberOfMessagesPerPage);
if (result > 0)
{
this.HttpContext.Session.UpdateUserSettings(data);
return(RedirectToAction("Login", "Account"));
}
return(View(data));
}
private void btnSave_ServerClick(object sender, System.EventArgs e)
{
if (Page.IsValid)
{
int?supportQueueID = null;
int selectedSupportQueueID = Convert.ToInt32(cbxSupportQueues.SelectedItem.Value);
if (selectedSupportQueueID > 0)
{
supportQueueID = selectedSupportQueueID;
}
string newThreadWelcomeText = null;
string newThreadWelcomeTextAsHTML = null;
if (tbxNewThreadWelcomeText.Text.Trim().Length > 0)
{
// has specified welcome text, convert to HTML
newThreadWelcomeText = tbxNewThreadWelcomeText.Text.Trim();
string parserLog, textAsXML;
bool errorsOccured;
newThreadWelcomeTextAsHTML = TextParser.TransformUBBMessageStringToHTML(newThreadWelcomeText, ApplicationAdapter.GetParserData(),
out parserLog, out errorsOccured, out textAsXML);
}
// store the data as a new forum.
int forumID = ForumManager.CreateNewForum(HnDGeneralUtils.TryConvertToInt(cbxSections.SelectedItem.Value), tbxForumName.Value,
tbxForumDescription.Text, chkHasRSSFeed.Checked, supportQueueID, HnDGeneralUtils.TryConvertToInt(cbxThreadListInterval.SelectedValue),
HnDGeneralUtils.TryConvertToShort(tbxOrderNo.Text), HnDGeneralUtils.TryConvertToInt(tbxMaxAttachmentSize.Text),
HnDGeneralUtils.TryConvertToShort(tbxMaxNoOfAttachmentsPerMessage.Text), newThreadWelcomeText, newThreadWelcomeTextAsHTML);
// done for now, redirect to self
Response.Redirect("AddForum.aspx", true);
}
}
private void Page_Load(object sender, System.EventArgs e)
{
int threadID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["ThreadID"]);
int messageID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["MessageID"]);
int startAtMessage = ThreadGuiHelper.GetStartAtMessageForGivenMessageAndThread(threadID, messageID, SessionAdapter.GetUserDefaultNumberOfMessagesPerPage());
Response.Redirect("Messages.aspx?ThreadID=" + threadID + "&StartAtMessage=" + startAtMessage + "&#" + messageID, true);
}
private void FillMemoInformation(ThreadData container)
{
if (container.UserMayEditMemo && (container.Thread.Memo.Length > 0))
{
// convert memo contents to HTML so it's displayed above the thread.
container.MemoAsHTML = HnDGeneralUtils.TransformMarkdownToHtml(container.Thread.Memo, ApplicationAdapter.GetEmojiFilenamesPerName(),
ApplicationAdapter.GetSmileyMappings());
}
}
protected void btnUpdate_Click(object sender, System.EventArgs e)
{
if (Page.IsValid)
{
GetViewState();
// user has filled in the right values, update the user's data.
string nickName = string.Empty;
DateTime?dateOfBirth = null;
string emailAddress = string.Empty;
string iconURL = string.Empty;
string ipNumber = string.Empty;
string location = string.Empty;
string occupation = string.Empty;
string password = string.Empty;
string signature = string.Empty;
string website = string.Empty;
if (tbxPassword1.Value.Length > 0)
{
password = tbxPassword1.Value;
}
emailAddress = tbxEmailAddress.Value;
iconURL = tbxIconURL.Value;
if (tbxDateOfBirth.Value.Length > 0)
{
try
{
dateOfBirth = System.DateTime.Parse(tbxDateOfBirth.Value, CultureInfo.InvariantCulture.DateTimeFormat);
}
catch (FormatException)
{
// format exception, date invalid, ignore, will resolve to default.
}
}
location = tbxLocation.Value;
occupation = tbxOccupation.Value;
signature = tbxSignature.Value;
website = tbxWebsite.Value;
bool result = UserManager.UpdateUserProfile(_selectedUserID, dateOfBirth, emailAddress, (_emailAddressIsVisible.Value == "true"), iconURL, location, occupation, password,
signature, website, HnDGeneralUtils.TryConvertToInt(cmbUserTitle.SelectedValue), ApplicationAdapter.GetParserData()
, (_autoSubscribeToThread.Value == "true"), HnDGeneralUtils.TryConvertToShort(_defaultNumberOfMessagesPerPage.Value));
if (result)
{
// all ok
phModifyResult.Visible = true;
phFindUserArea.Visible = false;
phProfileEditArea.Visible = false;
}
}
}
/// <summary>
/// Handles the Load event of the Page control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
private void Page_Load(object sender, System.EventArgs e)
{
int threadID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["ThreadID"]);
_thread = ThreadGuiHelper.GetThread(threadID);
if (_thread == null)
{
// not found, return to start page
Response.Redirect("default.aspx");
}
// Check credentials
bool userHasAccess = SessionAdapter.CanPerformForumActionRight(_thread.ForumID, ActionRights.AccessForum);
if (!userHasAccess)
{
// doesn't have access to this forum. redirect
Response.Redirect("default.aspx");
}
// show user IP addresses if the user has system admin rights, security admin rights or user admin rights.
_showIPAddresses = (SessionAdapter.HasSystemActionRight(ActionRights.SystemManagement) ||
SessionAdapter.HasSystemActionRight(ActionRights.SecurityManagement) ||
SessionAdapter.HasSystemActionRight(ActionRights.UserManagement));
// Get the forum entity related to the thread. Use BL class. We could have used Lazy loading, though for the sake of separation, we'll
// call into the BL class.
ForumEntity forum = CacheManager.GetForum(_thread.ForumID);
if (forum == null)
{
// not found, orphaned thread, return to default page.
Response.Redirect("default.aspx");
}
// check if the user can view this thread. If not, don't continue.
if ((_thread.StartedByUserID != SessionAdapter.GetUserID()) &&
!SessionAdapter.CanPerformForumActionRight(_thread.ForumID, ActionRights.ViewNormalThreadsStartedByOthers) &&
!_thread.IsSticky)
{
// can't view this thread, it isn't visible to the user
Response.Redirect("default.aspx", true);
}
lblForumName_Header.Text = forum.ForumName;
if (!Page.IsPostBack)
{
bool threadStartedByCurrentUser = (_thread.StartedByUserID == SessionAdapter.GetUserID());
// Get messages and bind it to the repeater control. Use the startmessage to get only the message visible on the current page.
MessagesInThreadTypedList messages = ThreadGuiHelper.GetAllMessagesInThreadAsTypedList(threadID, 0, 0);
rptMessages.DataSource = messages;
rptMessages.DataBind();
}
}
protected void btnYes_Click(object sender, EventArgs e)
{
bool result = UserManager.DeleteUser(HnDGeneralUtils.TryConvertToInt(lblUserID.Text));
phDeleteResult.Visible = result;
phUserInfo.Visible = !result;
if (result)
{
ApplicationAdapter.AddUserToListToBeLoggedOutByForce(lblNickname.Text);
}
}
private void btnStart_Click(object sender, System.EventArgs e)
{
// start the indexation. Grab the selected properties for the indexer.
int amountToReparse = HnDGeneralUtils.TryConvertToInt(tbxAmountToReparse.Text.Trim());
DateTime startDate = cldStartDate.SelectedDate;
int amountProcessed = MessageManager.ReParseMessages(amountToReparse, startDate, chkRegenerateHTML.Checked, ApplicationAdapter.GetParserData());
pnlReparseResults.Visible = true;
lblReparseResults.Text = "Number of messages re-parsed: " + amountProcessed;
}
public async Task <ActionResult> Add([Bind(nameof(NewThreadData.MessageText), nameof(NewThreadData.ThreadSubject), nameof(NewThreadData.IsSticky),
nameof(NewThreadData.Subscribe))]
NewThreadData newThreadData, string submitButton, int forumId = 0)
{
if (submitButton != "Post")
{
// apparently canceled
if (forumId <= 0)
{
return(RedirectToAction("Index", "Home"));
}
return(RedirectToAction("Index", "Forum", new { forumId = forumId }));
}
if (!ModelState.IsValid)
{
return(RedirectToAction("Index", "Home"));
}
var(userMayAddThread, forum, userMayAddStickThread) = await PerformAddThreadSecurityChecksAsync(forumId);
if (!userMayAddThread)
{
return(RedirectToAction("Index", "Home"));
}
int newThreadId = 0;
if (submitButton == "Post")
{
// allowed, proceed
// parse message text to html
var messageAsHtml = HnDGeneralUtils.TransformMarkdownToHtml(newThreadData.MessageText, ApplicationAdapter.GetEmojiFilenamesPerName(),
ApplicationAdapter.GetSmileyMappings());
var(newThreadIdFromCall, newMessageId) = await ForumManager.CreateNewThreadInForumAsync(forumId, this.HttpContext.Session.GetUserID(),
newThreadData.ThreadSubject, newThreadData.MessageText,
messageAsHtml, userMayAddStickThread&& newThreadData.IsSticky,
this.Request.Host.Host, forum.DefaultSupportQueueID,
newThreadData.Subscribe);
newThreadId = newThreadIdFromCall;
ApplicationAdapter.InvalidateCachedNumberOfThreadsInSupportQueues();
if (this.HttpContext.Session.CheckIfNeedsAuditing(AuditActions.AuditNewThread))
{
await SecurityManager.AuditNewThreadAsync(this.HttpContext.Session.GetUserID(), newThreadId);
}
_cache.Remove(CacheManager.ProduceCacheKey(CacheKeys.SingleForum, forumId));
}
return(Redirect(this.Url.Action("Index", "Thread", new { threadId = newThreadId, pageNo = 1 })));
}
/// <summary>
/// Registers a new user, using the properties of this class.
/// </summary>
/// <param name="nickName">Name of the nick.</param>
/// <param name="dateOfBirth">The date of birth.</param>
/// <param name="emailAddress">The email address.</param>
/// <param name="emailAddressIsPublic">flag to signal if the emailaddress is visible for everyone or not</param>
/// <param name="iconUrl">The icon URL.</param>
/// <param name="ipNumber">The ip number.</param>
/// <param name="location">The location.</param>
/// <param name="occupation">The occupation.</param>
/// <param name="signature">The signature.</param>
/// <param name="website">The website.</param>
/// <param name="emailData">The email data.</param>
/// <param name="autoSubscribeThreads">Default value when user creates new threads.</param>
/// <param name="defaultMessagesPerPage">Messages per page to display</param>
/// <returns>
/// UserID of new user or 0 if registration failed.
/// </returns>
public static async Task <int> RegisterNewUserAsync(string nickName, DateTime?dateOfBirth, string emailAddress, bool emailAddressIsPublic, string iconUrl,
string ipNumber, string location, string occupation, string signature, string website,
Dictionary <string, string> emailData, bool autoSubscribeThreads, short defaultMessagesPerPage)
{
var newUser = new UserEntity
{
AmountOfPostings = 0,
DateOfBirth = dateOfBirth,
EmailAddress = emailAddress,
EmailAddressIsPublic = emailAddressIsPublic,
IPNumber = ipNumber,
IconURL = iconUrl,
IsBanned = false,
JoinDate = DateTime.Now,
Location = location,
NickName = nickName,
Occupation = occupation,
Signature = signature,
Website = website
};
var password = HnDGeneralUtils.GenerateRandomPassword();
newUser.Password = HnDGeneralUtils.HashPassword(password, performPreMD5Hashing: true);
//Preferences
newUser.AutoSubscribeToThread = autoSubscribeThreads;
newUser.DefaultNumberOfMessagesPerPage = defaultMessagesPerPage;
//Fetch the SystemDataEntity to use the "DefaultUserTitleNewUser" as the user title & the "DefaultRoleNewUser" as the roleID of the newly
//created RoleUserEntity.
var systemData = await SystemGuiHelper.GetSystemSettingsAsync();
newUser.UserTitleID = systemData.DefaultUserTitleNewUser;
newUser.RoleUser.Add(new RoleUserEntity {
RoleID = systemData.DefaultRoleNewUser
});
// first encode fields which could lead to cross-site-scripting attacks
EncodeUserTextFields(newUser);
// now save the new user entity and the new RoleUser entity recursively in one go.
using (var adapter = new DataAccessAdapter())
{
if (await adapter.SaveEntityAsync(newUser).ConfigureAwait(false))
{
// all ok, Email the password
await HnDGeneralUtils.EmailPassword(password, emailAddress, emailData);
}
}
return(newUser.UserID);
}
protected void btnYes_Click(object sender, EventArgs e)
{
bool newBanFlagValue = false;
bool result = UserManager.ToggleBanFlagValue(HnDGeneralUtils.TryConvertToInt(lblUserID.Text), out newBanFlagValue);
phToggleResult.Visible = result;
phUserInfo.Visible = !result;
if (newBanFlagValue)
{
// add the user to be logged out by force.
ApplicationAdapter.AddUserToListToBeLoggedOutByForce(lblNickname.Text);
}
}
private void Page_Load(object sender, System.EventArgs e)
{
// If the user doesn't have any access rights to management stuff, the user should
// be redirected to the default of the global system.
if (!SessionAdapter.HasSystemActionRights())
{
// doesn't have system rights. redirect.
Response.Redirect("../Default.aspx", true);
}
// Check if the user has the right systemright
if (!SessionAdapter.HasSystemActionRight(ActionRights.SecurityManagement))
{
// no, redirect to admin default page, since the user HAS access to the admin menu.
Response.Redirect("Default.aspx", true);
}
_roleID = 0;
if (!Page.IsPostBack)
{
// Get all roles
RoleCollection roles = SecurityGuiHelper.GetAllRoles();
cbxRoles.DataSource = roles;
cbxRoles.DataTextField = "RoleDescription";
cbxRoles.DataValueField = "RoleID";
cbxRoles.DataBind();
if (cbxRoles.Items.Count > 0)
{
cbxRoles.Items[0].Selected = true;
_roleID = HnDGeneralUtils.TryConvertToInt(cbxRoles.SelectedItem.Value);
}
// get the audit actions
AuditActionCollection auditActions = SecurityGuiHelper.GetAllAuditActions();
cblAuditActions.DataSource = auditActions;
cblAuditActions.DataTextField = "AuditActionDescription";
cblAuditActions.DataValueField = "AuditActionID";
cblAuditActions.DataBind();
// Reflect action rights for current selected forum for this role
ReflectCurrentAuditActions();
}
else
{
_roleID = HnDGeneralUtils.TryConvertToInt(cbxRoles.SelectedItem.Value);
}
}
/// <summary>
/// Handles the Load event of the Page control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
private void Page_Load(object sender, System.EventArgs e)
{
int currentPage = HnDGeneralUtils.TryConvertToInt(Request["Page"]);
if (currentPage == 0)
{
currentPage = 1;
}
if (!Page.IsPostBack)
{
plPageListTop.CurrentPage = currentPage;
plPageListBottom.CurrentPage = currentPage;
DataTable results = SessionAdapter.GetSearchResults();
if (results == null)
{
// no results, redirect to search page
Response.Redirect("Search.aspx");
}
short pageSize = CacheManager.GetSystemData().PageSizeSearchResults;
if (pageSize <= 0)
{
pageSize = 50;
}
int amountPages = (results.Rows.Count / pageSize);
if ((amountPages * pageSize) < results.Rows.Count)
{
amountPages++;
}
plPageListBottom.AmountPages = amountPages;
plPageListTop.AmountPages = amountPages;
// get the page of the resultset to bind. We page in-memory, so we have to execute the search query just once.
DataTable toBind = results.Clone();
for (int i = 0;
(i < pageSize) && ((((currentPage - 1) * pageSize) + i) < results.Rows.Count);
i++)
{
toBind.ImportRow(results.Rows[((currentPage - 1) * pageSize) + i]);
}
rptResults.DataSource = toBind;
rptResults.DataBind();
lblAmountThreads.Text = results.Rows.Count.ToString();
lblSearchTerms.Text = HttpUtility.HtmlEncode(SessionAdapter.GetSearchTerms());
}
}
private void Page_Load(object sender, System.EventArgs e)
{
int threadID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["ThreadID"]);
_thread = ThreadGuiHelper.GetThread(threadID);
if (_thread == null)
{
// not found, return to default page
Response.Redirect("default.aspx", true);
}
// Check credentials
bool userHasAccess = SessionAdapter.CanPerformForumActionRight(_thread.ForumID, ActionRights.AccessForum);
if (!userHasAccess)
{
// doesn't have access to this forum. redirect
Response.Redirect("default.aspx");
}
bool userMayDeleteThread = SessionAdapter.HasSystemActionRight(ActionRights.SystemWideThreadManagement);
if (!userMayDeleteThread)
{
// doesn't have the right to delete a thread. redirect
Response.Redirect("Messages.aspx?ThreadID=" + threadID, true);
}
// check if the user can view this thread. If not, don't continue.
if ((_thread.StartedByUserID != SessionAdapter.GetUserID()) &&
!SessionAdapter.CanPerformForumActionRight(_thread.ForumID, ActionRights.ViewNormalThreadsStartedByOthers) &&
!_thread.IsSticky)
{
// can't view this thread, it isn't visible to the user
Response.Redirect("default.aspx", true);
}
if (!Page.IsPostBack)
{
// fill the page's content
ForumEntity forum = CacheManager.GetForum(_thread.ForumID);
if (forum == null)
{
// Orphaned thread
Response.Redirect("default.aspx", true);
}
lblForumName.Text = forum.ForumName;
lblThreadSubject.Text = HttpUtility.HtmlEncode(_thread.Subject);
}
}
private void Page_Load(object sender, System.EventArgs e)
{
int forumID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["ForumID"]);
_forum = CacheManager.GetForum(forumID);
if (_forum == null)
{
// not found
Response.Redirect("default.aspx", true);
}
bool userHasAccess = SessionAdapter.CanPerformForumActionRight(forumID, ActionRights.AccessForum);
if (!userHasAccess)
{
// doesn't have access to this forum. redirect
Response.Redirect("default.aspx", true);
}
_userCanCreateNormalThreads = SessionAdapter.CanPerformForumActionRight(forumID, ActionRights.AddNormalThread);
_userCanCreateStickyThreads = SessionAdapter.CanPerformForumActionRight(forumID, ActionRights.AddStickyThread);
if (!(_userCanCreateNormalThreads || _userCanCreateStickyThreads))
{
// doesn't have the right to add new threads to this forum. redirect
Response.Redirect("default.aspx", true);
}
meMessageEditor.ShowAddAttachment = ((_forum.MaxNoOfAttachmentsPerMessage > 0) &&
SessionAdapter.CanPerformForumActionRight(forumID, ActionRights.AddAttachment));
if (!String.IsNullOrEmpty(_forum.NewThreadWelcomeTextAsHTML))
{
phWelcomeText.Visible = true;
litWelcomeText.Text = _forum.NewThreadWelcomeTextAsHTML;
}
if (!Page.IsPostBack)
{
// fill the page's content
lnkThreads.Text = HttpUtility.HtmlEncode(_forum.ForumName);
lnkThreads.NavigateUrl += "?ForumID=" + forumID;
meMessageEditor.ForumName = _forum.ForumName;
meMessageEditor.ForumDescription = HttpUtility.HtmlEncode(_forum.ForumDescription);
meMessageEditor.CanBeSticky = _userCanCreateStickyThreads;
meMessageEditor.CanBeNormal = _userCanCreateNormalThreads;
meMessageEditor.IsThreadStart = true;
lblSectionName.Text = CacheManager.GetSectionName(_forum.SectionID);
}
}
private void btnSave_ServerClick(object sender, System.EventArgs e)
{
// store the new settings in the database, refresh Application Object's cache when succeeded.
int ID = (int)ViewState["ID"];
short activeThreadsThreshold = HnDGeneralUtils.TryConvertToShort(tbxActiveThreadsThreshold.Text);
if (activeThreadsThreshold <= 0)
{
activeThreadsThreshold = 48;
}
short pageSizeSearchResults = HnDGeneralUtils.TryConvertToShort(tbxPageSizeInSearchResults.Text);
if (pageSizeSearchResults <= 0)
{
pageSizeSearchResults = 50;
}
short minNumberOfThreadsToFetch = HnDGeneralUtils.TryConvertToShort(tbxMinNumberOfThreadsToFetch.Text);
if (minNumberOfThreadsToFetch <= 0)
{
minNumberOfThreadsToFetch = 25;
}
short minNumberOfNonStickyVisibleThreads = HnDGeneralUtils.TryConvertToShort(tbxMinNumberOfNonStickyVisibleThreads.Text);
if (minNumberOfNonStickyVisibleThreads <= 0)
{
minNumberOfNonStickyVisibleThreads = 5;
}
bool result = SystemManager.StoreNewSystemSettings(ID,
Convert.ToInt32(cbxDefaultRoleNewUsers.SelectedItem.Value),
Convert.ToInt32(cbxAnonymousUserRole.SelectedItem.Value),
Convert.ToInt32(cbxDefaultUserTitleNewUsers.SelectedItem.Value), activeThreadsThreshold, pageSizeSearchResults,
minNumberOfThreadsToFetch, minNumberOfNonStickyVisibleThreads, chkSendReplyNotifications.Checked);
if (result)
{
// invalidate cache
CacheManager.InvalidateCachedItem(CacheKeys.SystemData);
}
// ignore result for now
Response.Redirect("Default.aspx", true);
}
/// <summary>
/// Initializes the system, by running a stored procedure passing in the new admin password.
/// </summary>
/// <param name="newAdminPassword"></param>
/// <param name="emailAddress"></param>
/// <returns></returns>
public static async Task Initialize(string newAdminPassword, string emailAddress)
{
if (string.IsNullOrWhiteSpace(newAdminPassword))
{
return;
}
var passwordHashed = HnDGeneralUtils.HashPassword(newAdminPassword, performPreMD5Hashing: true);
using (var adapter = new DataAccessAdapter())
{
await ActionProcedures.InstallAsync(emailAddress, passwordHashed, adapter, CancellationToken.None);
CacheController.PurgeResultsets(CacheKeys.AnonymousUserQueryResultset);
}
}
private void Page_Load(object sender, System.EventArgs e)
{
// If the user doesn't have any access rights to management stuff, the user should
// be redirected to the default of the global system.
if (!SessionAdapter.HasSystemActionRights())
{
// doesn't have system rights. redirect.
Response.Redirect("../Default.aspx", true);
}
// Check if the user has the right systemright
if (!SessionAdapter.HasSystemActionRight(ActionRights.SystemManagement))
{
// no, redirect to admin default page, since the user HAS access to the admin menu.
Response.Redirect("Default.aspx", true);
}
_sectionID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["SectionID"]);
if (!Page.IsPostBack)
{
// Get the section directly from the DB, instead from the in-memory cache
SectionEntity section = SectionGuiHelper.GetSection(_sectionID);
// Show results in the labels
if (section != null)
{
// Section found
// Get the forums in the section
ForumCollection forums = ForumGuiHelper.GetAllForumsInSection(_sectionID);
if (forums.Count > 0)
{
// section has forums. User is not able to delete the section. Show error message plus
// disable delete button
lblRuleError.Visible = true;
btnDelete.Disabled = true;
}
lblSectionName.Text = section.SectionName;
lblSectionDescription.Text = section.SectionDescription;
}
else
{
// the section doesn't exist anymore
Response.Redirect("ModifyDeleteSection.aspx", true);
}
}
}
private void Page_Load(object sender, System.EventArgs e)
{
// If the user doesn't have any access rights to management stuff, the user should
// be redirected to the default of the global system.
if (!SessionAdapter.HasSystemActionRights())
{
// doesn't have system rights. redirect.
Response.Redirect("../Default.aspx", true);
}
// Check if the user has the right systemright
if (!SessionAdapter.HasSystemActionRight(ActionRights.SecurityManagement))
{
// no, redirect to admin default page, since the user HAS access to the admin menu.
Response.Redirect("Default.aspx", true);
}
_roleID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["RoleID"]);
if (!Page.IsPostBack)
{
// get the role and show the description
RoleEntity role = SecurityGuiHelper.GetRole(_roleID);
if (role != null)
{
tbxRoleDescription.Text = role.RoleDescription;
}
// get the system rights
ActionRightCollection systemActionRights = SecurityGuiHelper.GetAllSystemActionRights();
cblSystemRights.DataSource = systemActionRights;
cblSystemRights.DataTextField = "ActionRightDescription";
cblSystemRights.DataValueField = "ActionRightID";
cblSystemRights.DataBind();
// get the action rights set for this role
RoleSystemActionRightCollection systemActionRightRoleCombinations = SecurityGuiHelper.GetSystemActionRightRolesForRole(_roleID);
// check the checkboxes in the cblSystemRights list if the value matches a row in the datatable
foreach (RoleSystemActionRightEntity currentEntity in systemActionRightRoleCombinations)
{
cblSystemRights.Items.FindByValue(currentEntity.ActionRightID.ToString()).Selected = true;
}
}
}
private void Page_Load(object sender, System.EventArgs e)
{
// If the user doesn't have any access rights to management stuff, the user should
// be redirected to the default of the global system.
if (!SessionAdapter.HasSystemActionRights())
{
// doesn't have system rights. redirect.
Response.Redirect("../Default.aspx", true);
}
// Check if the user has the right systemright;
if (!SessionAdapter.HasSystemActionRight(ActionRights.SystemManagement))
{
// no, redirect to admin default page, since the user HAS access to the admin menu.
Response.Redirect("Default.aspx", true);
}
_forumID = HnDGeneralUtils.TryConvertToInt(Request.QueryString["ForumID"]);
if (!Page.IsPostBack)
{
// Get the forum
try
{
ForumEntity forum = ForumGuiHelper.GetForum(_forumID);
// Show results in the labels
if (forum != null)
{
// the forum exists
lblForumName.Text = forum.ForumName;
lblForumDescription.Text = forum.ForumDescription;
}
else
{
// the forum doesn't exist anymore
Response.Redirect("ModifyDeleteForum.aspx", true);
}
}
catch (Exception ex)
{
// Bubble
throw ex;
}
}
}
public async Task <ActionResult> Add([Bind(nameof(MessageData.MessageText), nameof(MessageData.Subscribe))]
MessageData messageData, string submitButton,
int threadId = 0)
{
if (submitButton != "Post")
{
return(threadId <= 0 ? RedirectToAction("Index", "Home") : RedirectToAction("Index", "Thread", new { threadId = threadId }));
}
if (!ModelState.IsValid)
{
return(RedirectToAction("Index", "Home"));
}
var(userMayAddMessages, thread) = await PerformAddMessageSecurityChecksAsync(threadId);
if (!userMayAddMessages)
{
return(RedirectToAction("Index", "Home"));
}
int newMessageId = 0;
if (submitButton == "Post")
{
// allowed, proceed
// parse message text to html
var messageAsHtml = HnDGeneralUtils.TransformMarkdownToHtml(messageData.MessageText, ApplicationAdapter.GetEmojiFilenamesPerName(),
ApplicationAdapter.GetSmileyMappings());
var systemData = await _cache.GetSystemDataAsync();
var remoteIPAddress = HnDGeneralUtils.GetRemoteIPAddressAsIP4String(this.HttpContext.Connection.RemoteIpAddress);
newMessageId = await ThreadManager.CreateNewMessageInThreadAsync(threadId, this.HttpContext.Session.GetUserID(), messageData.MessageText, messageAsHtml,
remoteIPAddress, messageData.Subscribe,
ApplicationAdapter.GetEmailData(this.Request.Host.Host, EmailTemplate.ThreadUpdatedNotification),
systemData.SendReplyNotifications);
ApplicationAdapter.InvalidateCachedNumberOfThreadsInSupportQueues();
if (this.HttpContext.Session.CheckIfNeedsAuditing(AuditActions.AuditNewMessage))
{
await SecurityManager.AuditNewMessageAsync(this.HttpContext.Session.GetUserID(), newMessageId);
}
}
return(await CalculateRedirectToMessageAsync(thread.ThreadID, newMessageId));
}
