public object ChangePassword([FromBody] ChangePasswordAttempt changePasswordAttempt)
{
try
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer "))
{
value = value.ToString().Replace("Bearer ", "");
if (changePasswordAttempt.NewPassword == changePasswordAttempt.RepeatedNewPassword &&
StaticMethods.IsTokenValid(value) &&
StaticMethods.GeneratePasswordHash(changePasswordAttempt.CurrentPassword, StaticMethods.GetUserSalt(StaticMethods.GetUserName(value))) == StaticMethods.GetUserPassword(value))
{
MySQLObject mysql = new MySQLObject();
string newHash = StaticMethods.GeneratePasswordHash(changePasswordAttempt.NewPassword, StaticMethods.GetUserSalt(StaticMethods.GetUserName(value)));
mysql.Update($"update `uzytkownicy` set `haslo` = '{newHash}' where `id_uzytkownika` = '{StaticMethods.GetUserId(value)}' ");
return(StatusCode(200));
}
else
{
return(StatusCode(403, @"{""Result"" : ""Wrong data""}"));
}
}
else
{
return(StatusCode(403, @"{""Result"" : ""Wrong token or password""}"));
}
}
catch
{
return(StatusCode(500));
}
}
public object Delete(string productId)
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer "))
{
MySQLObject mySQL = new MySQLObject();
mySQL.Select($@"select case when `id_uzytkownika` = {StaticMethods.GetUserId(value.ToString().Substring(7))} then 'true' else 'false' end as `check` from `oceny` where `id` = {productId}");
if (mySQL.Data.Rows.Count > 0 && mySQL.Data.Rows[0]["check"].ToString() == "true")
{
mySQL.Delete($@"delete from `oceny` where `id` = {productId}");
mySQL.Select($@"select `id` from `oceny` where `id` = {productId}");
if (mySQL.Data.Rows.Count > 0)
{
return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}"));
}
else
{
return(StatusCode(200, @"{""Result"" : ""Product deleted sucessfully""}"));
}
}
else
{
return(StatusCode(403, @"{""Result"": ""Unauthorized""}"));
}
}
else
{
return(StatusCode(403, @"{""Result"":""Unauthorized""}"));
}
}
public object Create([FromBody] Category category)
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer "))
{
MySQLObject mySQL = new MySQLObject();
var data = mySQL.Select($@"select t1.`id_uprawnienia`
from `projekt_mysql`.`tokeny_logowania` t0
inner join `projekt_mysql`.`uzytkownicy` t1
on t0.`id_uzytkownika` = t1.`id_uzytkownika`
where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`");
if (data.Rows.Count > 0 && new int[] { 3, 4 }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"])))
{
if (category.Name != null)
{
string isNull = category.ParentId == null ? "null" : category.ParentId.ToString();
try
{
mySQL.Insert($@"insert into `projekt_mysql`.`kategoria`(`nazwa`,`id_parent`) values('{category.Name}',{isNull})");
data = mySQL.Select($@"select max(`id`) as `value` from `projekt_mysql`.`kategoria` where `nazwa` = '{category.Name}'");
if (data.Rows.Count > 0)
{
category.Id = Convert.ToInt32(data.Rows[0]["value"]);
return(StatusCode(200, category));
}
else
{
return(StatusCode(500, "Something went terribly wrong"));
}
}
catch (Exception exc)
{
if (exc is MySqlException)
{
return(StatusCode(400, "Category with that name already exists"));
}
else
{
return(StatusCode(500, "Something went terribly wrong"));
}
}
}
else
{
return(StatusCode(400, "Wrong request"));
}
}
else
{
return(StatusCode(403, "Method requires administrative privileges or your token is invalid"));
}
}
else
{
return(StatusCode(400, "Wrong request"));
}
}
public object ProductAverage(string productId)
{
MySQLObject mySQL = new MySQLObject();
mySQL.Select($@"select `id_przedmiotu`,avg(`ocena`) from `oceny` where `id` = {productId}");
if (mySQL.Data.Rows.Count > 0)
{
return(StatusCode(200, StaticMethods.ParseSelect(mySQL.Data)));
}
else
{
return(StatusCode(200, @"{""Result"" : ""No reviews""}"));
}
}
private object ProductReviews(string productId, int limit = 0, int offset = 0)
{
MySQLObject mySQL = new MySQLObject();
mySQL.Select($@"select * from `oceny` where `id` = {productId} limit {limit} offset {offset}");
if (mySQL.Data.Rows.Count > 0)
{
return(StatusCode(200, StaticMethods.ParseSelect(mySQL.Data)));
}
else
{
return(StatusCode(200, @"{""Result"" : ""No reviews or you went too far away""}"));
}
}
public object Create([FromBody] Review review)
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ") && review != null && review.productId != null && review.rating != null && review.review != null && review.rating >= 0 && review.rating <= 5)
{
int?userId = StaticMethods.GetUserId(value.ToString().Substring(7));
if (userId != null)
{
MySQLObject mySQL = new MySQLObject();
review.userId = userId;
mySQL.Select($@"select `id` from `oceny` where `id_uzytkownika` = {userId} and `id_przedmiotu` = {review.productId}");
string reviewId = "default";
if (mySQL.Data.Rows.Count > 0)
{
reviewId = mySQL.Data.Rows[0]["id"].ToString();
}
mySQL.Replace($@"REPLACE INTO `oceny` values ({reviewId}, {userId}, {review.productId}, '{review.review.Replace("'", "")}',{review.rating})");
if (reviewId != "default")
{
review.id = Convert.ToInt32(reviewId);
return(StatusCode(200, review));
}
else
{
try
{
mySQL.Select($@"select `id` from `oceny` where `id_uzytkownika` = {userId} and `id_przedmiotu` = {review.productId}");
review.id = Convert.ToInt32(mySQL.Data.Rows[0]["id"].ToString());
return(StatusCode(200, review));
}
catch
{
return(StatusCode(500, @"{""Result"":""Something went terribly wrong""}"));
}
}
}
else
{
return(StatusCode(403, @"{""Result"":""Token is invalid""}"));
}
}
else
{
return(StatusCode(400));
}
}
public object Create([FromBody] Product product)
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ") && product.Name != null && product.CategoryId != null && product.Price != null)
{
MySQLObject mySQL = new MySQLObject();
var data = mySQL.Select($@"select t1.`id_uprawnienia`
from `projekt_mysql`.`tokeny_logowania` t0
inner join `projekt_mysql`.`uzytkownicy` t1
on t0.`id_uzytkownika` = t1.`id_uzytkownika`
where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`");
if (data.Rows.Count > 0 && new int[] { (int)Privileges.User, (int)Privileges.Administrator, (int)Privileges.Moderator }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"])))
{
try
{
mySQL.Insert($@"insert into `projekt_mysql`.`przedmiot`(`id_kategorii`,`id_uzytkownika`, `nazwa`,`cena`) values ({product.CategoryId},{StaticMethods.GetUserId(value.ToString().Replace("Bearer ", ""))},'{product.Name}',{product.Price.ToString().Replace(",", ".")})");
data = mySQL.Select($@"select max(`id_przedmiotu`) as `value` from `projekt_mysql`.`przedmiot` where `Id_kategorii` = {product.CategoryId} and `nazwa` = '{product.Name}' and `cena` = {product.Price.ToString().Replace(",", ".")}");
if (data.Rows.Count > 0)
{
product.Id = Convert.ToInt32(data.Rows[0]["value"]);
product.UserId = StaticMethods.GetUserId(value.ToString().Replace("Bearer ", ""));
return(product);
}
else
{
return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}"));
}
}
catch (Exception)
{
return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}"));
}
}
else
{
return(StatusCode(403, @"{""Result"" : ""Method requires administrative privileges or your token is invalid""}"));
}
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
public object Get(int CategoryId)
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer "))
{
MySQLObject mySQL = new MySQLObject();
var data = mySQL.Select($@"select t1.`id_uprawnienia`
from `projekt_mysql`.`tokeny_logowania` t0
inner join `projekt_mysql`.`uzytkownicy` t1
on t0.`id_uzytkownika` = t1.`id_uzytkownika`
where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`");
if (data.Rows.Count > 0 && new int[] { 3, 4 }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"])))
{
data = mySQL.Select($@"select `id`,`nazwa`,`id_parent` from `projekt_mysql`.`kategoria` where `id` = {CategoryId}");
if (data.Rows.Count > 0)
{
int?parentId = null;
if (!(data.Rows[0]["id_parent"] is DBNull))
{
parentId = Convert.ToInt32(data.Rows[0]["id_parent"]);
}
return(new Category()
{
Id = CategoryId, Name = data.Rows[0]["nazwa"].ToString(), ParentId = parentId
});
}
else
{
return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}"));
}
}
else
{
return(StatusCode(403, @"{""Result"" : ""Method requires administrative privileges or your token is invalid""}"));
}
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
public object Login([FromBody] LoginAttempt login)
{
if (login.Login != "" && login.Password != "")
{
string token = "";
MySQLObject mySQL = new MySQLObject(Config.ConnectionString);
mySQL.Select($@"SELECT `id_uzytkownika` FROM `projekt_mysql`.`uzytkownicy` WHERE `login` = '{login.Login}' AND `haslo` = '{login.Password}'");
if (mySQL.Data.Rows.Count > 0)
{
token = StaticMethods.GenerateToken();
mySQL.Update($@"UPDATE `projekt_mysql`.`tokeny_logowania` SET `token` = '{token}', `aktywny` = 1, `data_wygasniecia` = ADDTIME(NOW(),'02:00:00') WHERE `id_uzytkownika` = '{mySQL.Data.Rows[0]["id_uzytkownika"].ToString()}' ");
return(StatusCode(200, token));
}
else
{
return(StatusCode(403, @"{""Result"" : ""Wrong login or password""}"));
}
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
public object Create([FromBody] User user)
{
if (user.Login != null && user.Password != null && user.Email != null && user.IsPasswordOk && user.IsLoginOk)
{
MySQLObject mySQL = new MySQLObject();
try
{
mySQL.Insert($@"INSERT INTO `projekt_mysql`.`uzytkownicy`(`login`,`haslo`,`email`,`salt`)
VALUES('{user.Login}','{user.Password}','{user.Email}','{user._Salt}')");
mySQL.Insert($@"INSERT INTO `projekt_mysql`.`tokeny_logowania`(`id_uzytkownika`,`token`,`aktywny`,`data_wygasniecia`)
VALUES((select min(`id_uzytkownika`) from `projekt_mysql`.`uzytkownicy` where `login` = '{user.Login}' and `haslo` = '{user.Password}'),
'{StaticMethods.GenerateToken()}',
0,
NOW())");
return(StatusCode(200, @"{""Result"" : ""Created user " + user.Login + @" successfully""}"));
}
catch (Exception exc)
{
if (exc is MySql.Data.MySqlClient.MySqlException)
{
return(StatusCode(403, @"{""Result"" : ""Login or email is already taken, try another one""}"));
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
}
else if (!user.IsLoginOk || !user.IsPasswordOk)
{
return(StatusCode(403, @"{""Result"" : ""Login or password did not meet the requirements""}"));
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
