internal String ListOfLanguages() { Jezyki[] languages = GetLanguagesFromSQL("SELECT * FROM Jezyki;", SQLConnector.GetSQLConnection()); String HTMLTable = "<table>"; int i = 0; while (i < languages.Length) { HTMLTable += "<tr><td>" + languages[i].JezykID + "</td><td>" + languages[i].Nazwa + "</td><td><a href=\"?content=EditLanguage&ID=" + languages[i].JezykID + "\">edycja</a></td><td><a href=\"?content=DeleteLanguage&ID=" + languages[i].JezykID + "\">usuń</a></td></tr>"; i++; } return(HTMLTable + "</table>"); }
public int?GetUserID(HttpCookie username, System.Web.SessionState.HttpSessionState Session) { if ((username == null) && (((Session["userLogin"] == null) && (Session["userPassHash"] == null)))) { return(null); } else { String login = (username != null) ? username.Values["login"] : (((Session["userLogin"] != null) && (Session["userPassHash"] != null)) ? Session["userLogin"].ToString() : null); String query = "SELECT UserID FROM Users WHERE Login = '******';"; return(GetRightsFromSQL(query, SQLConnector.GetSQLConnection())); } }
public AdminRightsChecker(HttpCookie username, System.Web.SessionState.HttpSessionState Session) { if ((username == null) && (((Session["userLogin"] == null) && (Session["userPassHash"] == null)))) { this.rights = 4; // brak zalogowania - na pewno nie jest adminem :) } else { String login = (username != null) ? username.Values["login"] : (((Session["userLogin"] != null) && (Session["userPassHash"] != null)) ? Session["userLogin"].ToString() : null); String query = "SELECT CzyAdmin FROM Users WHERE Login = '******';"; this.rights = GetRightsFromSQL(query, SQLConnector.GetSQLConnection()); } }
internal String ManageCourses(bool CzyAdmin) { String query = "SELECT k.KursID AS [IDkursu], k.Typ AS [TypKursu], j.Nazwa AS [Jezyk], p.Nazwa AS [Poziom], u.Imie AS [ImieProwadzacego], u.Nazwisko AS [NazwiskoProwadzacego], u.\"E-mail\" AS [E-mail prowadzacego] FROM Kursy k JOIN Users u ON (u.UserID = k.IDprowadzacego) JOIN Jezyki j ON (j.JezykID = k.Jezyk) JOIN Poziomy p ON (p.PoziomID = k.Poziom);"; Courses[] cours = GetCoursesFromSQL(query, SQLConnector.GetSQLConnection()); String result = "<h2>Lista kursów w bazie:</h2><table>"; result += "<tr><td>ID kursu</td><td>Typ kursu</td><td>Język</td><td>Poziom</td><td>Imię Prowadzącego</td><td>Nazwisko Prowadzącego</td><td>E-mail Prowadzącego</td></tr>"; int i = 0; while (i < cours.Length) { result += "<tr><td>" + cours[i].IDkursu + "</td><td>" + cours[i].TypKursu + "</td><td>" + cours[i].Jezyk + "</td><td>" + cours[i].Poziom + "</td><td>" + cours[i].ImieProwadzacego + "</td><td>" + cours[i].NazwiskoProwadzacego + "</td><td>" + cours[i].EmailProwadzacego + "</td>"; AdminRightsChecker rights = new AdminRightsChecker(Request.Cookies["user"], Session); if (rights.CzySek()) { result += "<td><a href=\"?content=ManageMaterials&ID=" + cours[i].IDkursu + "\">Zarządzaj materiałami do kursu</a></td><td><a href=\"?content=EditCourses&ID=" + cours[i].IDkursu + "\">edycja</a>" + "</td></tr>"; } /* * if (rights.CzyAdmin()) * { * result += "<td><a href=\"?content=EditCourses&ID=" + cours[i].IDkursu + "\">edycja</a>" + "</td></tr>"; * } */ else { result += "</tr>"; } i++; } result += "</table>"; // Dodaj nowy kurs: if (CzyAdmin) { result += "<p><a href=\"?content=AddCourse\" class=\"blackHyperlink\">Dodaj nowy kurs</a></p>"; result += "<p><a href=\"?content=\">Powrót</a></p>"; } return(result); }
public AdminRightsChecker(int userID) { String query = "SELECT CzyAdmin FROM Users WHERE UserID = '" + userID + "';"; this.rights = GetRightsFromSQL(query, SQLConnector.GetSQLConnection()); }
private static bool LoginValidate(String login) { if (login.Length <= 0) // pusty { return(false); } else { SQLResTable[] SQLResults = GetLoginsFromSQL("SELECT Login FROM Users WHERE Login = '******'", SQLConnector.GetSQLConnection()); if ((SQLResults != null) && (SQLResults.Length > 0)) { return(false); // login zajęty } else { return(true); } } }
public String CheckPass(String login, String password) { // Zwraca hash hasła, jeśli prawidłowe lub null, jeśli nieprawidłowe LoginRes[] SQLResults = GetLoginsFromSQL("SELECT Login, PasswordSalt, PasswordHash FROM Users WHERE Login = '******'", SQLConnector.GetSQLConnection()); // zakładamy, że może być tylko jedna osoba z danym loginem if ((SQLResults != null) && (SQLResults.Length == 1)) { String PasswordSalt = SQLResults[0].PasswordSalt; String PasswordHash = SQLResults[0].PasswordHash; if (HashGen.CreateSHAHash(password, PasswordSalt).Equals(PasswordHash)) { return(PasswordHash); } else { return(null); } } else { return(null); // W zasadzie wyłapujemy tu przypadek braku loginu w bazie. } }