public object Create([FromBody] Category category)
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer "))
{
MySQLObject mySQL = new MySQLObject();
var data = mySQL.Select($@"select t1.`id_uprawnienia`
from `projekt_mysql`.`tokeny_logowania` t0
inner join `projekt_mysql`.`uzytkownicy` t1
on t0.`id_uzytkownika` = t1.`id_uzytkownika`
where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`");
if (data.Rows.Count > 0 && new int[] { 3, 4 }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"])))
{
if (category.Name != null)
{
string isNull = category.ParentId == null ? "null" : category.ParentId.ToString();
try
{
mySQL.Insert($@"insert into `projekt_mysql`.`kategoria`(`nazwa`,`id_parent`) values('{category.Name}',{isNull})");
data = mySQL.Select($@"select max(`id`) as `value` from `projekt_mysql`.`kategoria` where `nazwa` = '{category.Name}'");
if (data.Rows.Count > 0)
{
category.Id = Convert.ToInt32(data.Rows[0]["value"]);
return(StatusCode(200, category));
}
else
{
return(StatusCode(500, "Something went terribly wrong"));
}
}
catch (Exception exc)
{
if (exc is MySqlException)
{
return(StatusCode(400, "Category with that name already exists"));
}
else
{
return(StatusCode(500, "Something went terribly wrong"));
}
}
}
else
{
return(StatusCode(400, "Wrong request"));
}
}
else
{
return(StatusCode(403, "Method requires administrative privileges or your token is invalid"));
}
}
else
{
return(StatusCode(400, "Wrong request"));
}
}
public object Create([FromBody] User user)
{
if (user.Login != null && user.Password != null && user.Email != null && user.IsPasswordOk && user.IsLoginOk)
{
MySQLObject mySQL = new MySQLObject();
try
{
mySQL.Insert($@"INSERT INTO `projekt_mysql`.`uzytkownicy`(`login`,`haslo`,`email`,`salt`)
VALUES('{user.Login}','{user.Password}','{user.Email}','{user._Salt}')");
mySQL.Insert($@"INSERT INTO `projekt_mysql`.`tokeny_logowania`(`id_uzytkownika`,`token`,`aktywny`,`data_wygasniecia`)
VALUES((select min(`id_uzytkownika`) from `projekt_mysql`.`uzytkownicy` where `login` = '{user.Login}' and `haslo` = '{user.Password}'),
'{StaticMethods.GenerateToken()}',
0,
NOW())");
return(StatusCode(200, @"{""Result"" : ""Created user " + user.Login + @" successfully""}"));
}
catch (Exception exc)
{
if (exc is MySql.Data.MySqlClient.MySqlException)
{
return(StatusCode(403, @"{""Result"" : ""Login or email is already taken, try another one""}"));
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
}
else if (!user.IsLoginOk || !user.IsPasswordOk)
{
return(StatusCode(403, @"{""Result"" : ""Login or password did not meet the requirements""}"));
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
public object Create([FromBody] Product product)
{
if (Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues value) && value.ToString().Contains("Bearer ") && product.Name != null && product.CategoryId != null && product.Price != null)
{
MySQLObject mySQL = new MySQLObject();
var data = mySQL.Select($@"select t1.`id_uprawnienia`
from `projekt_mysql`.`tokeny_logowania` t0
inner join `projekt_mysql`.`uzytkownicy` t1
on t0.`id_uzytkownika` = t1.`id_uzytkownika`
where t0.`token` = '{value.ToString().Replace("Bearer ", "")}' and t0.`aktywny` = 1 and NOW() < t0.`data_wygasniecia`");
if (data.Rows.Count > 0 && new int[] { (int)Privileges.User, (int)Privileges.Administrator, (int)Privileges.Moderator }.Contains(Convert.ToInt32(data.Rows[0]["id_uprawnienia"])))
{
try
{
mySQL.Insert($@"insert into `projekt_mysql`.`przedmiot`(`id_kategorii`,`id_uzytkownika`, `nazwa`,`cena`) values ({product.CategoryId},{StaticMethods.GetUserId(value.ToString().Replace("Bearer ", ""))},'{product.Name}',{product.Price.ToString().Replace(",", ".")})");
data = mySQL.Select($@"select max(`id_przedmiotu`) as `value` from `projekt_mysql`.`przedmiot` where `Id_kategorii` = {product.CategoryId} and `nazwa` = '{product.Name}' and `cena` = {product.Price.ToString().Replace(",", ".")}");
if (data.Rows.Count > 0)
{
product.Id = Convert.ToInt32(data.Rows[0]["value"]);
product.UserId = StaticMethods.GetUserId(value.ToString().Replace("Bearer ", ""));
return(product);
}
else
{
return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}"));
}
}
catch (Exception)
{
return(StatusCode(500, @"{""Result"" : ""Something went terribly wrong""}"));
}
}
else
{
return(StatusCode(403, @"{""Result"" : ""Method requires administrative privileges or your token is invalid""}"));
}
}
else
{
return(StatusCode(400, @"{""Result"" : ""Wrong request""}"));
}
}
