public ActionResult EditCategory(Category modified)
        {
            // If the user is not logged in or has inappropriate permissions,
            // redirect to the appropriate page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }
            if (Account.GetCookieType(Request.Cookies["UserID"].Value)
                < AccountType.Manager)
            {
                return(RedirectToAction("OrderList", "OrderList"));
            }

            // Open a database connection.
            var db = new PickUpOrderDBEntities2();

            // Apply and save changes.
            db.Categories.Find(modified.CategoryID).CategoryName
                = modified.CategoryName;
            db.SaveChanges();

            // Redirect to the editor page.
            return(View("MenuEditor", db.MenuItems));
        }
Пример #2
0
        public ActionResult Submit()
        {
            // If the user is not logged in, redirect to the login page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }

            // Open the database connection.
            var db = new PickUpOrderDBEntities2();

            // Get the user.
            Account curUser =
                db.Accounts.Find(Account.GetCookieID(
                                     Request.Cookies["UserID"].Value));

            // Set their most recent order to "Received".
            int?toSubmit = curUser.MostRecentOrder();

            db.Orders.Find(toSubmit).OrderStatus = (int)OrderStatus.Received;
            db.SaveChanges();

            // Return the view.
            return(View("Menu", db.MenuItems));
        }
        public ActionResult AddItem(MenuItem toAdd)
        {
            // If the user is not logged in or has inappropriate permissions,
            // redirect to the appropriate page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }
            if (Account.GetCookieType(Request.Cookies["UserID"].Value)
                < AccountType.Manager)
            {
                return(RedirectToAction("OrderList", "OrderList"));
            }

            // Open a database connection.
            var db = new PickUpOrderDBEntities2();

            // Convert the price fields to the raw price.
            toAdd.Price = int.Parse(Request.Form["dollars"]) * 100 +
                          int.Parse(Request.Form["cents"]);

            // Add and save changes.
            // (The new item's ID is automatically generated here.)
            db.MenuItems.Add(toAdd);
            db.SaveChanges();

            // Redirect to the editor page.
            return(View("MenuEditor", db.MenuItems));
        }
        public ActionResult AddCategory(Category toAdd)
        {
            // If the user is not logged in or has inappropriate permissions,
            // redirect to the appropriate page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }
            if (Account.GetCookieType(Request.Cookies["UserID"].Value)
                < AccountType.Manager)
            {
                return(RedirectToAction("OrderList", "OrderList"));
            }

            // Open a database connection.
            var db = new PickUpOrderDBEntities2();

            // Add and save changes.
            // (The new category's ID is automatically generated here.)
            db.Categories.Add(toAdd);
            db.SaveChanges();

            // Redirect to the editor page.
            return(View("MenuEditor", db.MenuItems));
        }
        public ActionResult EditItem(MenuItem modified)
        {
            // If the user is not logged in or has inappropriate permissions,
            // redirect to the appropriate page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }
            if (Account.GetCookieType(Request.Cookies["UserID"].Value)
                < AccountType.Manager)
            {
                return(RedirectToAction("OrderList", "OrderList"));
            }

            // Open a database connection.
            var db = new PickUpOrderDBEntities2();

            // Convert the price fields to the raw price.
            modified.Price = int.Parse(Request.Form["dollars"]) * 100 +
                             int.Parse(Request.Form["cents"]);

            // If the price has changed, modify all orders that have the item
            // to reflect the new price.
            if (modified.Price != db.MenuItems.Find(modified.ItemID).Price)
            {
                IQueryable <Order> ordersToMod =
                    db.Orders.Where(m => m.OrderStatus ==
                                    (int)OrderStatus.NotSubmitted &&
                                    (m.OrderContents.Contains($"{modified.ItemID},") ||
                                     m.OrderContents.EndsWith(modified.ItemID.ToString())));

                // In each order, see how often the item occurs and modify.
                foreach (Order o in ordersToMod)
                {
                    int toChange =
                        o.OrderContents.Count(s =>
                                              s.Equals($"{modified.ItemID},"));
                    if (o.OrderContents.EndsWith(modified.ItemID.ToString()))
                    {
                        toChange++;
                    }
                    o.RawCost += (int)(toChange * (modified.Price -
                                                   db.MenuItems.Find(modified.ItemID).Price));
                }
            }

            // Apply and save changes.
            db.MenuItems.Find(modified.ItemID).Name        = modified.Name;
            db.MenuItems.Find(modified.ItemID).Description =
                modified.Description;
            db.MenuItems.Find(modified.ItemID).Price    = modified.Price;
            db.MenuItems.Find(modified.ItemID).Category = modified.Category;
            db.SaveChanges();

            // Redirect to the editor page.
            return(View("MenuEditor", db.MenuItems));
        }
        public ActionResult NullifyItem(MenuItem toNullify)
        {
            // Open a database connection.
            var db = new PickUpOrderDBEntities2();

            // Apply and save changes.
            db.MenuItems.Find(toNullify.ItemID).NullifyItem();
            db.SaveChanges();

            // Redirect to the editor page.
            return(View("MenuEditor", db.MenuItems));
        }
        public ActionResult ProcessEmailChange()
        {
            // If the user is not logged in, redirect to the login page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }

            // Get the new email.
            string newEmail = Request.Form["email"];

            // Attempt to convert the provided name to an email address
            // and return an error if this is not possible.
            try
            {
                var address = new MailAddress(newEmail);
            }
            catch (FormatException)
            {
                return(View("ChangeEmail", -1));
            }

            // If the given email is in the database, return an error.
            int IDNo = Account.GetCookieID(Request.Cookies["UserID"].Value);
            var db   = new PickUpOrderDBEntities2();
            IQueryable <Account> matches =
                db.Accounts.Where(e => e.Email.Equals(newEmail));

            if (matches.Count() > 0)
            {
                // If the match has the same user ID as the current user,
                // then the returned error is different.
                if (matches.First().UserID == IDNo)
                {
                    return(View("ChangeEmail", -3));
                }
                else
                {
                    return(View("ChangeEmail", -2));
                }
            }

            // Otherwise, set the new email.
            db.Accounts.Find(IDNo).Email = newEmail;
            db.SaveChanges();

            return(View("AccountManagement"));
        }
Пример #8
0
        public ActionResult OrderList(Order updatedOrder)
        {
            // If the user is not logged in or has inappropriate permissions,
            // redirect to the appropriate page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }
            if (Account.GetCookieType(Request.Cookies["UserID"].Value)
                < AccountType.Employee)
            {
                return(RedirectToAction("Menu", "Menu"));
            }

            var db = new PickUpOrderDBEntities2();

            db.Orders.Find(updatedOrder.OrderID).OrderStatus
                = updatedOrder.OrderStatus;
            db.SaveChanges();
            return(View());
        }
        public ActionResult DeleteCategory(Category oldCat)
        {
            // If the user is not logged in or has inappropriate permissions,
            // redirect to the appropriate page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }
            if (Account.GetCookieType(Request.Cookies["UserID"].Value)
                < AccountType.Manager)
            {
                return(RedirectToAction("OrderList", "OrderList"));
            }

            // Open a database connection.
            var db = new PickUpOrderDBEntities2();

            // Get the value of newCat.
            Category newCat =
                db.Categories.Find(int.Parse(Request.Form["newCat"]));

            // Change all members of oldCat to newCat.
            List <MenuItem> toModify =
                db.MenuItems.Where(e => (int)e.Category ==
                                   oldCat.CategoryID).ToList();

            foreach (MenuItem i in toModify)
            {
                i.Category = newCat.CategoryID;
            }

            // Remove oldCat and save all changes.
            db.Categories.Remove(db.Categories.Single(e => e.CategoryID ==
                                                      oldCat.CategoryID));
            db.SaveChanges();

            // Redirect to the editor page.
            return(View("MenuEditor", db.MenuItems));
        }
        public ActionResult ProcessPasswordChange()
        {
            // If the user is not logged in, redirect to the login page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }

            // Get the new email.
            string newPasswd  = Request.Form["passwd"];
            string newPasswd2 = Request.Form["passwd2"];

            // If the passwords do not match, return an error.
            if (!newPasswd.Equals(newPasswd2))
            {
                return(View("ChangePassword", -1));
            }

            // If the new password has the same hash, return an error.
            int IDNo = Account.GetCookieID(Request.Cookies["UserID"].Value);
            var db   = new PickUpOrderDBEntities2();

            if (db.Accounts.Find(IDNo).CheckPassword(newPasswd))
            {
                return(View("ChangePassword", -2));
            }

            // Otherwise, save the new password.
            // Since the hash function is hidden,
            // use the Account constructor to hash.
            Account temp = new Account("", newPasswd, AccountType.Customer);

            db.Accounts.Find(IDNo).PasswordHash = temp.PasswordHash;
            db.SaveChanges();

            return(View("AccountManagement"));
        }
Пример #11
0
        public ActionResult Menu(bool adding, int IDtoModify)
        {
            // If the user is not logged in, redirect to the login page.
            if (!Request.Cookies.AllKeys.Contains("UserID"))
            {
                return(RedirectToAction("Login", "Login"));
            }

            // Retrieve the item being added.
            var      db       = new PickUpOrderDBEntities2();
            MenuItem toModify = db.MenuItems.Find(IDtoModify);

            // Retrieve the quantity.
            int qty = int.Parse(Request.Form["qty"]);

            // Retrieve the order this is being added to.
            Account user =
                db.Accounts.Find(Account.GetCookieID(
                                     Request.Cookies["UserID"].Value));
            Order targetOrder = db.Orders.Find(user.MostRecentOrder());

            // Process the appropriate changes.
            if (adding)
            {
                targetOrder.AddMultipleItems(toModify, qty);
            }
            else
            {
                targetOrder.RemoveMultipleItems(toModify, qty);
            }
            db.Orders.Find(targetOrder.OrderID).OrderContents =
                targetOrder.OrderContents;
            db.SaveChanges();

            // Pass the untruncated menu.
            return(View(db.MenuItems));
        }
        public ActionResult Registration(AccountType type)
        {
            // If the user is logged in, redirect to the appropriate page.
            if (Request.Cookies.AllKeys.Contains("UserID"))
            {
                type =
                    Account.GetCookieType(Request.Cookies["UserID"].Value);
                switch (type)
                {
                case AccountType.Employee:
                    return(Redirect("/OrderList/OrderList"));

                case AccountType.Manager:
                    return(Redirect("/MenuEditor/MenuEditor"));

                default:
                    return(Redirect("/Menu/Menu"));
                }
            }

            // Get the form information.
            var email   = Request.Form["email"];
            var passwd  = Request.Form["passwd"];
            var passwd2 = Request.Form["passwd2"];

            // Attempt to convert the provided name to an email address
            // and return an error if this is not possible.
            try
            {
                var address = new MailAddress(email);
            }
            catch (FormatException)
            {
                switch (type)
                {
                case AccountType.Employee:
                    return(View("SecretRegistration", -1));

                case AccountType.Manager:
                    return(View("SuperSecretRegistration", -1));

                default:
                    return(View(-1));
                }
            }

            // If the given email is in the database, return an error.
            var db = new PickUpOrderDBEntities2();
            IQueryable <Account> matches =
                db.Accounts.Where(e => e.Email.Equals(email));

            if (matches.Count() > 0)
            {
                switch (type)
                {
                case AccountType.Employee:
                    return(View("SecretRegistration", -2));

                case AccountType.Manager:
                    return(View("SuperSecretRegistration", -2));

                default:
                    return(View(-2));
                }
            }

            // Check whether the password is correct
            // and return an error if it is not.
            if (!passwd.Equals(passwd2))
            {
                switch (type)
                {
                case AccountType.Employee:
                    return(View("SecretRegistration", -3));

                case AccountType.Manager:
                    return(View("SuperSecretRegistration", -3));

                default:
                    return(View(-3));
                }
            }

            // Add the account.
            var newAccount = new Account(email, passwd, type);

            db.Accounts.Add(newAccount);
            db.SaveChanges();

            // Define a cookie for this user that expires in an hour.
            // Cookie format: All but last two bits are user ID.
            // The last two bits of the cookie indicate the user type
            // and will be checked against the database whenever appropriate.
            // xorVal was randomly selected and exists to hide the exact value.
            int cookieVal = ((newAccount.UserID * 4) + newAccount.Type) ^
                            Properties.Settings.Default.xorVal;

            Response.Cookies["UserID"].Value   = cookieVal.ToString();
            Response.Cookies["UserID"].Expires = DateTime.Now.AddHours(1);
            Response.Cookies["UserID"].Secure  = true;

            // Redirect to the appropriate page.
            switch (type)
            {
            case AccountType.Employee:
                return(Redirect("/OrderList/OrderList"));

            case AccountType.Manager:
                return(Redirect("/MenuEditor/MenuEditor"));

            default:
                return(Redirect("/Menu/Menu"));
            }
        }
Пример #13
0
        public ActionResult Reset()
        {
            // If the user is logged in, redirect to the appropriate page.
            if (Request.Cookies.AllKeys.Contains("UserID"))
            {
                AccountType type =
                    Account.GetCookieType(Request.Cookies["UserID"].Value);
                switch (type)
                {
                case AccountType.Employee:
                    return(Redirect("/OrderList/OrderList"));

                case AccountType.Manager:
                    return(Redirect("/MenuEditor/MenuEditor"));

                default:
                    return(Redirect("/Menu/Menu"));
                }
            }

            // Get the form information.
            string email   = Request.Form["email"];
            string passwd  = Request.Form["passwd"];
            string passwd2 = Request.Form["passwd2"];

            // Attempt to convert the provided name to an email address
            // and return an error if this is not possible.
            try
            {
                var address = new MailAddress(email);
            }
            catch (FormatException)
            {
                return(View("ResetPassword", -1));
            }

            // Attempt to find the email address in the database
            // and return an error if this is not possible.
            var db = new PickUpOrderDBEntities2();
            IQueryable <Account> matches =
                db.Accounts.Where(e => e.Email.Equals(email));
            Account match = matches.FirstOrDefault();

            if (match == null)
            {
                return(View("Login", -2));
            }

            // Check whether the passwords match
            // and return an error if they do not.
            if (!passwd.Equals(passwd2))
            {
                return(View("Login", -3));
            }

            // Use an Account constructor to calculate the new password's hash.
            // AccountType.Customer is simply there so the constructor works.
            var newAccount = new Account(email, passwd, AccountType.Customer);

            db.Accounts.Find(match.UserID).PasswordHash =
                newAccount.PasswordHash;
            db.SaveChanges();

            // Redirect to the login page.
            return(View("Login", 1));
        }