protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
cssRef.Href = "~/Public/Stylesheet.css?v=32".ToAbsoluteURL(Request.Url.Scheme, Branding.CurrentBrand.HostName, Request.Url.Port).ToString();
baseRef.Attributes["href"] = "~/Public/".ToAbsoluteURL(Request.Url.Scheme, Branding.CurrentBrand.HostName, Request.Url.Port).ToString();
string szAuthKey = util.GetStringParam(Request, "k");
// This page is public, so that it doesn't require any authentication, making it easy to set up a scheduled task.
// SO, we do the following:
// If you request the page from ANOTHER machine, we return an error
// If you request it from THIS machine, then we perform a very simple authentication (pass an encrypted datetime) to ourselves.
// If we receive this request with a valid encrypted key, we return the stats.
if (String.IsNullOrEmpty(szAuthKey))
{
// see if this is coming from the local machine
string szIPThis = System.Net.Dns.GetHostAddresses(Request.Url.Host)[0].ToString();
if (String.Compare(Request.UserHostAddress, szIPThis, StringComparison.CurrentCultureIgnoreCase) == 0)
{
// request came from this machine - make a request to ourselves and send it out in email
AdminAuthEncryptor enc = new AdminAuthEncryptor();
using (System.Net.WebClient wc = new System.Net.WebClient())
{
string szURL = String.Format(CultureInfo.InvariantCulture, "{0}?k={1}", "~/public/StatsForMail.aspx".ToAbsoluteURL(Request.Url.Scheme, Request.Url.Host, Request.Url.Port), HttpUtility.UrlEncode(enc.Encrypt(DateTime.Now.ToString("s", CultureInfo.InvariantCulture))));
byte[] rgdata = wc.DownloadData(szURL);
util.NotifyAdminEvent(String.Format(CultureInfo.CurrentCulture, "{0} site stats as of {1} {2}", Request.Url.Host, DateTime.Now.ToShortDateString(), DateTime.Now.ToShortTimeString()), System.Text.UTF8Encoding.UTF8.GetString(rgdata).Trim(), ProfileRoles.maskCanReport);
lblSuccess.Visible = true;
}
}
else
{
lblErr.Visible = true;
}
}
else
{
AdminAuthEncryptor enc = new AdminAuthEncryptor();
string szDate = enc.Decrypt(szAuthKey);
DateTime dt = DateTime.Parse(szDate, CultureInfo.InvariantCulture);
double elapsedSeconds = DateTime.Now.Subtract(dt).TotalSeconds;
if (elapsedSeconds < 0 || elapsedSeconds > 60)
{
throw new MyFlightbookException("Unauthorized attempt to view stats for mail");
}
// If we're here, then the auth was successfully sent - show the admin panel!
Page.Title = String.Format(CultureInfo.CurrentCulture, Resources.Admin.SiteStatsTemplate, Request.Url.Host);
adminStats1.Visible = true;
}
}
}
/// <summary>
/// Ensures that the authorization is valid by ensuring that the passed authtoken is no more than 10 seconds old.
/// We are already protected against requests coming from outside of this machine.
/// If k=local (i.e., the authkey is the word "local") AND we are authenticated, then we bypass the username and use the authenticated username
/// Otherwise, we check that k hasn't aged and throw an error if so (prevent replay attacks).
/// </summary>
/// <param name="szAuthKey"></param>
protected void ValidateAuthorization(string szAuthKey)
{
bool fLocal = szAuthKey.CompareCurrentCultureIgnoreCase("local") == 0;
if (fLocal && Page.User.Identity.IsAuthenticated)
{
Username = Page.User.Identity.Name; // Use the authenticated account; ignore any passed username
}
else
{
AdminAuthEncryptor enc = new AdminAuthEncryptor();
string szDate = enc.Decrypt(szAuthKey);
DateTime dt = DateTime.Parse(szDate, CultureInfo.InvariantCulture);
double elapsedSeconds = DateTime.Now.Subtract(dt).TotalSeconds;
if (elapsedSeconds < 0 || elapsedSeconds > 10)
{
throw new MyFlightbookException("Unauthorized attempt to view stats for mail");
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (HttpContext.Current != null && HttpContext.Current.Request != null && HttpContext.Current.Request.UserLanguages != null && HttpContext.Current.Request.UserLanguages.Length > 0)
{
util.SetCulture(HttpContext.Current.Request.UserLanguages[0]);
}
else
{
string szRequestedLocale = util.GetStringParam(Request, "loc");
if (!String.IsNullOrEmpty(szRequestedLocale))
{
util.SetCulture(szRequestedLocale);
}
}
string szAuth = util.GetStringParam(Request, "auth");
bool useCSV = util.GetIntParam(Request, "csv", 0) != 0;
string szUser = util.GetStringParam(Request, "user");
string szOrder = util.GetStringParam(Request, "Cols");
string szIPThis = System.Net.Dns.GetHostAddresses(Request.Url.Host)[0].ToString();
bool isLocal = (String.Compare(Request.UserHostAddress, szIPThis, StringComparison.OrdinalIgnoreCase) == 0);
if (szUser.Length == 0)
{
return;
}
// return csv. On any error, fall through and return an HTML table.
if (useCSV && !String.IsNullOrEmpty(szAuth) && (isLocal || Request.IsLocal))
{
AdminAuthEncryptor enc = new AdminAuthEncryptor();
string szDate = enc.Decrypt(szAuth);
DateTime dt = DateTime.Parse(szDate, CultureInfo.InvariantCulture);
double elapsedSeconds = DateTime.Now.Subtract(dt).TotalSeconds;
if (elapsedSeconds < 0 || elapsedSeconds > 10)
{
throw new MyFlightbookException("Unauthorized attempt to view export data");
}
if (!String.IsNullOrEmpty(szUser))
{
mfbDownload1.User = szUser;
mfbDownload1.OrderString = szOrder;
DownloadCSVForUser();
return;
}
}
string szPass = util.GetStringParam(Request, "pass");
if (szPass.Length == 0)
{
return;
}
if (szUser.Contains("@"))
{
szUser = Membership.GetUserNameByEmail(szUser);
}
if (UserEntity.ValidateUser(szUser, szPass).Length > 0)
{
mfbDownload1.User = szUser;
mfbDownload1.OrderString = szOrder;
if (useCSV)
{
DownloadCSVForUser();
}
else
{
mfbDownload1.UpdateData();
}
}
else
{
return;
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
string szAuthKey = util.GetStringParam(Request, "k");
string szUser = util.GetStringParam(Request, "u");
string szParam = util.GetStringParam(Request, "p");
// This page is public, so that it doesn't require any authentication, making it easy to set up a scheduled task.
// SO, we do the following:
// If you request the page from ANOTHER machine, we return an error
// If you request it from THIS machine, then we perform a very simple authentication (pass an encrypted datetime) to ourselves.
// If we receive this request with a valid encrypted key, we return the email for the specified user.
if (String.IsNullOrEmpty(szAuthKey))
{
// see if this is coming from the local machine
string szIPThis = System.Net.Dns.GetHostAddresses(Request.Url.Host)[0].ToString();
if (String.Compare(Request.UserHostAddress, szIPThis, StringComparison.CurrentCultureIgnoreCase) == 0)
{
// request came from this machine - make a request to ourselves and send it out in email
EmailSubscriptionManager em = new EmailSubscriptionManager();
em.ActiveBrand = Branding.CurrentBrand;
if (util.GetIntParam(Request, "dbg", 0) != 0)
{
em.UserRestriction = Page.User.Identity.Name;
}
string szTasksToRun = util.GetStringParam(Request, "tasks");
if (!String.IsNullOrEmpty(szTasksToRun))
{
try { em.TasksToRun = (EmailSubscriptionManager.SelectedTasks)Convert.ToInt32(szTasksToRun, CultureInfo.InvariantCulture); }
catch (FormatException)
{ em.TasksToRun = EmailSubscriptionManager.SelectedTasks.All; }
}
new Thread(new ThreadStart(em.NightlyRun)).Start();
lblSuccess.Visible = true;
}
else
{
lblErr.Visible = true;
}
}
else
{
try
{
AdminAuthEncryptor enc = new AdminAuthEncryptor();
string szDate = enc.Decrypt(szAuthKey);
DateTime dt = DateTime.Parse(szDate, CultureInfo.InvariantCulture);
double elapsedSeconds = DateTime.Now.Subtract(dt).TotalSeconds;
if (elapsedSeconds < 0 || elapsedSeconds > 10)
{
throw new MyFlightbookException("Unauthorized attempt to view stats for mail");
}
Profile pf = MyFlightbook.Profile.GetUser(szUser);
EmailSubscriptionManager em = new EmailSubscriptionManager(pf.Subscriptions);
bool fHasCurrency = em.HasSubscription(SubscriptionType.Currency);
bool fHasTotals = em.HasSubscription(SubscriptionType.Totals);
bool fHasMonthly = em.HasSubscription(SubscriptionType.MonthlyTotals);
bool fMonthlySummary = (String.Compare(szParam, "monthly", StringComparison.OrdinalIgnoreCase) == 0);
if (!fHasCurrency && !fHasTotals && !fMonthlySummary)
{
throw new MyFlightbookException("Email requested but no subscriptions found!");
}
if (fMonthlySummary && !fHasMonthly)
{
throw new MyFlightbookException("Monthly email requested but user does not subscribe to monthly email");
}
// Donation solicitation: thank-them if they've made a donation within the previous 12 months, else solicit.
lblThankyou.Text = Branding.ReBrand(Resources.LocalizedText.DonateThankYouTitle);
lblSolicitDonation.Text = Branding.ReBrand(Resources.LocalizedText.DonatePrompt);
lnkDonateNow.Text = Branding.ReBrand(Resources.LocalizedText.DonateSolicitation);
lnkDonateNow.NavigateUrl = String.Format(CultureInfo.InvariantCulture, "http://{0}/logbook/Member/EditProfile.aspx/pftDonate", Branding.CurrentBrand.HostName);
mvDonations.SetActiveView(Payment.TotalPaidSinceDate(DateTime.Now.AddYears(-1), szUser) > 0 ? vwThankyou : vwPleaseGive);
// Fix up the unsubscribe link.
lnkUnsubscribe.NavigateUrl = String.Format(CultureInfo.InvariantCulture, "http://{0}/logbook/Member/EditProfile.aspx/{1}", Branding.CurrentBrand.HostName, tabID.pftPrefs.ToString());
lnkQuickUnsubscribe.NavigateUrl = String.Format(CultureInfo.InvariantCulture, "http://{0}/logbook/Public/Unsubscribe.aspx?u={1}", Branding.CurrentBrand.HostName, HttpUtility.UrlEncode(new UserAccessEncryptor().Encrypt(szUser)));
// And set HHMM mode explicitly (since not otherwise going to be set in totals
mfbTotalSummary.UseHHMM = mfbTotalSummaryYTD.UseHHMM = pf.UsesHHMM;
if (fMonthlySummary)
{
bool fAnnual = (DateTime.Now.Month == 1); // if it's January, show prior year; else show YTD
lblIntroHeader.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailMonthlyMailIntro, Branding.CurrentBrand.AppName);
DateTime dtPriorMonth = DateTime.Now.AddMonths(-1);
lblTotal.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsPriorMonthHeader, dtPriorMonth.ToString("MMMM", CultureInfo.CurrentCulture), dtPriorMonth.Year);
lblYTD.Text = fAnnual ? String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsPriorYearHeader, DateTime.Now.Year - 1) : String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsYTDHeader, DateTime.Now.Year);
pnlTotals.Visible = pnlYTD.Visible = true;
mfbTotalSummary.Username = mfbTotalSummaryYTD.Username = pf.UserName;
FlightQuery fqPriorMonth = new FlightQuery(pf.UserName);
fqPriorMonth.DateRange = FlightQuery.DateRanges.PrevMonth;
mfbTotalSummary.CustomRestriction = fqPriorMonth;
FlightQuery fqYTD = new FlightQuery(pf.UserName);
fqYTD.DateRange = fAnnual ? FlightQuery.DateRanges.PrevYear : FlightQuery.DateRanges.YTD;
mfbTotalSummaryYTD.CustomRestriction = fqYTD;
}
else
{
lblIntroHeader.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailWeeklyMailIntro, Branding.CurrentBrand.AppName);
lblCurrency.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailCurrencyHeader, DateTime.Now.ToLongDateString());
lblTotal.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsHeader, DateTime.Now.ToLongDateString());
if (fHasTotals)
{
mfbTotalSummary.Username = pf.UserName;
mfbTotalSummary.CustomRestriction = new FlightQuery(pf.UserName);
pnlTotals.Visible = true;
}
}
if (fHasCurrency || fMonthlySummary)
{
mfbCurrency.UserName = pf.UserName;
mfbCurrency.RefreshCurrencyTable();
pnlCurrency.Visible = true;
}
}
catch (MyFlightbookException ex)
{
MyFlightbookException.NotifyAdminException(ex);
throw; // ensure that the success tag doesn't show!
}
catch (FormatException ex)
{
MyFlightbookException.NotifyAdminException(ex);
throw;
}
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
// see if this is coming from the local machine - reject anything that isn't.
string szIPThis = System.Net.Dns.GetHostAddresses(Request.Url.Host)[0].ToString();
if (Request.UserHostAddress.CompareCurrentCultureIgnoreCase(szIPThis) != 0)
{
throw new UnauthorizedAccessException("Attempt to view this page from other than local machine");
}
if (!IsPostBack)
{
cssRef.Href = "~/Public/Stylesheet.css?v=18".ToAbsoluteURL(Request.Url.Scheme, Branding.CurrentBrand.HostName, Request.Url.Port).ToString();
baseRef.Attributes["href"] = "~/Public/".ToAbsoluteURL(Request.Url.Scheme, Branding.CurrentBrand.HostName, Request.Url.Port).ToString();
string szAuthKey = util.GetStringParam(Request, "k");
string szUser = util.GetStringParam(Request, "u");
string szParam = util.GetStringParam(Request, "p");
// This page is public, so that it doesn't require any authentication, making it easy to set up a scheduled task.
// SO, we do the following:
// If you request the page from ANOTHER machine, we return an error
// If you request it from THIS machine, then we perform a very simple authentication (pass an encrypted datetime) to ourselves.
// If we receive this request with a valid encrypted key, we return the email for the specified user.
if (String.IsNullOrEmpty(szAuthKey))
{
KickOffRun();
}
else
{
try
{
if (szAuthKey.CompareCurrentCultureIgnoreCase("local") != 0 || !Page.User.Identity.IsAuthenticated)
{
AdminAuthEncryptor enc = new AdminAuthEncryptor();
string szDate = enc.Decrypt(szAuthKey);
DateTime dt = DateTime.Parse(szDate, CultureInfo.InvariantCulture);
double elapsedSeconds = DateTime.Now.Subtract(dt).TotalSeconds;
if (elapsedSeconds < 0 || elapsedSeconds > 10)
{
throw new MyFlightbookException("Unauthorized attempt to view stats for mail");
}
}
Profile pf = MyFlightbook.Profile.GetUser(szUser);
EmailSubscriptionManager em = new EmailSubscriptionManager(pf.Subscriptions);
IEnumerable <CurrencyStatusItem> rgExpiringCurrencies = null;
IEnumerable <CurrencyStatusItem> rgPrecomputedCurrencies = null;
if (pf.AssociatedData.TryGetValue(CurrencyStatusItem.AssociatedDateKeyExpiringCurrencies, out object o))
{
rgExpiringCurrencies = (IEnumerable <CurrencyStatusItem>)o;
}
if (pf.AssociatedData.TryGetValue(CurrencyStatusItem.AssociatedDataKeyCachedCurrencies, out o))
{
rgPrecomputedCurrencies = (IEnumerable <CurrencyStatusItem>)o;
}
pf.AssociatedData.Remove(CurrencyStatusItem.AssociatedDateKeyExpiringCurrencies);
pf.AssociatedData.Remove(CurrencyStatusItem.AssociatedDataKeyCachedCurrencies);
bool fHasCurrency = em.HasSubscription(SubscriptionType.Currency) || (em.HasSubscription(SubscriptionType.Expiration) && rgExpiringCurrencies != null && rgPrecomputedCurrencies != null);
bool fHasTotals = em.HasSubscription(SubscriptionType.Totals);
bool fHasMonthly = em.HasSubscription(SubscriptionType.MonthlyTotals);
bool fMonthlySummary = (String.Compare(szParam, "monthly", StringComparison.OrdinalIgnoreCase) == 0);
if (!fHasCurrency && !fHasTotals && !fMonthlySummary)
{
throw new MyFlightbookException("Email requested but no subscriptions found!");
}
if (fMonthlySummary && !fHasMonthly)
{
throw new MyFlightbookException("Monthly email requested but user does not subscribe to monthly email");
}
// Donation solicitation: thank-them if they've made a donation within the previous 12 months, else solicit.
lblThankyou.Text = Branding.ReBrand(Resources.LocalizedText.DonateThankYouTitle);
lblSolicitDonation.Text = Branding.ReBrand(Resources.LocalizedText.DonatePrompt);
lnkDonateNow.Text = Branding.ReBrand(Resources.LocalizedText.DonateSolicitation);
lnkDonateNow.NavigateUrl = String.Format(CultureInfo.InvariantCulture, "http://{0}{1}", Branding.CurrentBrand.HostName, VirtualPathUtility.ToAbsolute("~/Member/EditProfile.aspx/pftDonate"));
mvDonations.SetActiveView(Payment.TotalPaidSinceDate(DateTime.Now.AddYears(-1), szUser) > 0 ? vwThankyou : vwPleaseGive);
// Fix up the unsubscribe link.
lnkUnsubscribe.NavigateUrl = String.Format(CultureInfo.InvariantCulture, "http://{0}{1}/{2}", Branding.CurrentBrand.HostName, VirtualPathUtility.ToAbsolute("~/Member/EditProfile.aspx"), tabID.pftPrefs.ToString());
lnkQuickUnsubscribe.NavigateUrl = String.Format(CultureInfo.InvariantCulture, "http://{0}{1}?u={2}", Branding.CurrentBrand.HostName, VirtualPathUtility.ToAbsolute("~/Public/Unsubscribe.aspx"), HttpUtility.UrlEncode(new UserAccessEncryptor().Encrypt(szUser)));
// And set HHMM mode explicitly (since not otherwise going to be set in totals
mfbTotalSummary.UseHHMM = mfbTotalSummaryYTD.UseHHMM = pf.UsesHHMM;
if (fMonthlySummary)
{
bool fAnnual = (DateTime.Now.Month == 1); // if it's January, show prior year; else show YTD
lblIntroHeader.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailMonthlyMailIntro, Branding.CurrentBrand.AppName);
DateTime dtPriorMonth = DateTime.Now.AddMonths(-1);
lblTotal.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsPriorMonthHeader, dtPriorMonth.ToString("MMMM", CultureInfo.CurrentCulture), dtPriorMonth.Year);
lblYTD.Text = fAnnual ? String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsPriorYearHeader, DateTime.Now.Year - 1) : String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsYTDHeader, DateTime.Now.Year);
pnlTotals.Visible = pnlYTD.Visible = true;
mfbTotalSummary.Username = mfbTotalSummaryYTD.Username = pf.UserName;
FlightQuery fqPriorMonth = new FlightQuery(pf.UserName)
{
DateRange = FlightQuery.DateRanges.PrevMonth
};
mfbTotalSummary.CustomRestriction = fqPriorMonth;
FlightQuery fqYTD = new FlightQuery(pf.UserName)
{
DateRange = fAnnual ? FlightQuery.DateRanges.PrevYear : FlightQuery.DateRanges.YTD
};
mfbTotalSummaryYTD.CustomRestriction = fqYTD;
if (fAnnual)
{
mfbRecentAchievements.Refresh(szUser, new DateTime(DateTime.Now.Year - 1, 1, 1), new DateTime(DateTime.Now.Year - 1, 12, 31), true);
}
else
{
mfbRecentAchievements.Refresh(szUser, new DateTime(DateTime.Now.Year, 1, 1), DateTime.Now, true);
}
lblRecentAchievementsTitle.Text = mfbRecentAchievements.Summary;
lblRecentAchievementsTitle.Visible = mfbRecentAchievements.AchievementCount > 0;
}
else
{
lblIntroHeader.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailWeeklyMailIntro, Branding.CurrentBrand.AppName);
lblCurrency.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailCurrencyHeader, DateTime.Now.ToLongDateString());
lblTotal.Text = String.Format(CultureInfo.CurrentCulture, Resources.Profile.EmailTotalsHeader, DateTime.Now.ToLongDateString());
if (fHasTotals)
{
mfbTotalSummary.Username = pf.UserName;
mfbTotalSummary.CustomRestriction = new FlightQuery(pf.UserName);
pnlTotals.Visible = true;
}
}
if (fHasCurrency || fMonthlySummary)
{
mfbCurrency.UserName = pf.UserName;
mfbCurrency.RefreshCurrencyTable(rgPrecomputedCurrencies);
pnlCurrency.Visible = true;
if (rgExpiringCurrencies != null && rgExpiringCurrencies.Count() > 0)
{
pnlExpiringCurrencies.Visible = true;
rptExpiring.DataSource = rgExpiringCurrencies;
rptExpiring.DataBind();
}
}
}
catch (MyFlightbookException ex)
{
MyFlightbookException.NotifyAdminException(ex);
throw; // ensure that the success tag doesn't show!
}
catch (FormatException ex)
{
MyFlightbookException.NotifyAdminException(ex);
throw;
}
}
}
}