public object Create([FromBody] Category category) { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ")) { MySQLObject mySQL = new MySQLObject(); var data = mySQL.Select($@"select t1.`id_uprawnienia` from `projekt_mysql`.`tokeny_logowania` t0 inner join `projekt_mysql`.`uzytkownicy` t1 on t0.`id_uzytkownika` = t1.`id_uzytkownika` where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`"); if (data.Rows.Count > 0 && new int[] { 3, 4 }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"]))) { if (category.Name != null) { string isNull = category.ParentId == null ? "null" : category.ParentId.ToString(); try { mySQL.Insert($@"insert into `projekt_mysql`.`kategoria`(`nazwa`,`id_parent`) values('{category.Name}',{isNull})"); data = mySQL.Select($@"select max(`id`) as `value` from `projekt_mysql`.`kategoria` where `nazwa` = '{category.Name}'"); if (data.Rows.Count > 0) { category.Id = Convert.ToInt32(data.Rows[0]["value"]); return(StatusCode(200, category)); } else { return(StatusCode(500, "Something went terribly wrong")); } } catch (Exception exc) { if (exc is MySqlException) { return(StatusCode(400, "Category with that name already exists")); } else { return(StatusCode(500, "Something went terribly wrong")); } } } else { return(StatusCode(400, "Wrong request")); } } else { return(StatusCode(403, "Method requires administrative privileges or your token is invalid")); } } else { return(StatusCode(400, "Wrong request")); } }
public object Create([FromBody] User user) { if (user.Login != null && user.Password != null && user.Email != null && user.IsPasswordOk && user.IsLoginOk) { MySQLObject mySQL = new MySQLObject(); try { mySQL.Insert($@"INSERT INTO `projekt_mysql`.`uzytkownicy`(`login`,`haslo`,`email`,`salt`) VALUES('{user.Login}','{user.Password}','{user.Email}','{user._Salt}')"); mySQL.Insert($@"INSERT INTO `projekt_mysql`.`tokeny_logowania`(`id_uzytkownika`,`token`,`aktywny`,`data_wygasniecia`) VALUES((select min(`id_uzytkownika`) from `projekt_mysql`.`uzytkownicy` where `login` = '{user.Login}' and `haslo` = '{user.Password}'), '{StaticMethods.GenerateToken()}', 0, NOW())"); return(StatusCode(200, @"{""Result"" : ""Created user " + user.Login + @" successfully""}")); } catch (Exception exc) { if (exc is MySql.Data.MySqlClient.MySqlException) { return(StatusCode(403, @"{""Result"" : ""Login or email is already taken, try another one""}")); } else { return(StatusCode(400, @"{""Result"" : ""Wrong request""}")); } } } else if (!user.IsLoginOk || !user.IsPasswordOk) { return(StatusCode(403, @"{""Result"" : ""Login or password did not meet the requirements""}")); } else { return(StatusCode(400, @"{""Result"" : ""Wrong request""}")); } }
public object Create([FromBody] Product product) { if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ") && product.Name != null && product.CategoryId != null && product.Price != null) { MySQLObject mySQL = new MySQLObject(); var data = mySQL.Select($@"select t1.`id_uprawnienia` from `projekt_mysql`.`tokeny_logowania` t0 inner join `projekt_mysql`.`uzytkownicy` t1 on t0.`id_uzytkownika` = t1.`id_uzytkownika` where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`"); if (data.Rows.Count > 0 && new int[] { (int)Privileges.User, (int)Privileges.Administrator, (int)Privileges.Moderator }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"]))) { try { mySQL.Insert($@"insert into `projekt_mysql`.`przedmiot`(`id_kategorii`,`id_uzytkownika`, `nazwa`,`cena`) values ({product.CategoryId},{StaticMethods.GetUserId(value.ToString().Replace("Bearer ", ""))},'{product.Name}',{product.Price.ToString().Replace(",", ".")})"); data = mySQL.Select($@"select max(`id_przedmiotu`) as `value` from `projekt_mysql`.`przedmiot` where `Id_kategorii` = {product.CategoryId} and `nazwa` = '{product.Name}' and `cena` = {product.Price.ToString().Replace(",", ".")}"); if (data.Rows.Count > 0) { product.Id = Convert.ToInt32(data.Rows[0]["value"]); product.UserId = StaticMethods.GetUserId(value.ToString().Replace("Bearer ", "")); return(product); } else { return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}")); } } catch (Exception) { return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}")); } } else { return(StatusCode(403, @"{""Result"" : ""Method requires administrative privileges or your token is invalid""}")); } } else { return(StatusCode(400, @"{""Result"" : ""Wrong request""}")); } }