public IActionResult UserManage(string mode, string from, string uid, string msg)
{
ViewData["where"] = ControllerName;
if (ValidateSession())
{
if (!CurrentUser.UserGroup.IsAdmin)
{
LW.E("Someone trying access illegal page!, Page: UserManage, user:"******", possible referer:" + Request.Headers["Referer"]);
return(NotFound());
}
ViewData["mode"] = mode;
if (mode == "edit")
{
ViewData["from"] = from;
string targetId = uid;
string message = (string)PublicTools.DecodeObject(Encoding.UTF8.GetString(Convert.FromBase64String(msg ?? "")));
ViewData["registerMsg"] = message;
return(DataBaseOperation.QuerySingleData(new DBQuery().WhereEqualTo("objectId", uid), out UserObject _user) == DBQueryStatus.ONE_RESULT
? View(_user)
: NotFoundError(ServerAction.INTERNAL_ERROR, XConfig.Messages["NoUserFoundByGivenID"]));
}
else if (mode == "query")
{
return(View());
}
else
{
throw new NotSupportedException("mode not supported!");
}
}
else
{
return(LoginFailed($"/Manage/UserManage?mode={mode}&from={from}&uid={uid}&msg={msg}"));
}
}
public JsonResult Get(string columnName, string operand, string value)
{
if (ValidateSession())
{
if (CurrentUser.UserGroup.IsAdmin)
{
string _column = (string)PublicTools.DecodeObject(columnName ?? "");
string _operand = (string)PublicTools.DecodeObject(operand ?? "");
string _value = (string)PublicTools.DecodeObject(value ?? "");
Dictionary <string, string> dict = new Dictionary <string, string>();
DBQuery query = new DBQuery();
if (_operand == "==")
{
query.WhereEqualTo(_column, _value);
}
else if (operand.ToLower() == "contains")
{
query.WhereRecordContainsValue(_column, _value);
}
else
{
return(RequestIllegal);
}
if (DataBaseOperation.QueryMultipleData(query, out List <UserObject> users) >= 0)
{
dict.Add("count", users.Count.ToString());
for (int i = 0; i < users.Count; i++)
{
dict.Add("num_" + i.ToString(), users[i].ToString());
}
dict.Add("ErrCode", "0");
dict.Add("ErrMessage", "null");
return(Json(dict));
}
else
{
return(DataBaseError);
}
}
else
{
return(UserGroupError);
}
}
else
{
return(SessionError);
}
}
private static DataBaseIO[] SQLQueryCommand(string sqlCommand)
{
SqlDataAdapter sda = new SqlDataAdapter(sqlCommand, sqlConnection);
DataSet ds = new DataSet();
sda.Fill(ds);
sda.Dispose();
List <DataBaseIO> results = new List <DataBaseIO>();
foreach (DataRow item in ds.Tables[0].Rows)
{
Dictionary <string, object> tmp = new Dictionary <string, object>();
for (int i = 0; i < item.ItemArray.Length; i++)
{
tmp.Add(ds.Tables[0].Columns[i].ColumnName, PublicTools.DecodeObject(item.ItemArray[i]));
}
results.Add(new DataBaseIO(tmp));
}
return(results.ToArray());
}