public IActionResult LogIn(LogInViewModel logViewModel)
{
if (ModelState.IsValid)
{
var password = PasswordEncodingService.GetHashSha256(logViewModel.Password);
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
if (sQLInjectionProtectionService.HasMaliciousCharacters(logViewModel.UserName))
{
ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols;
return(View());
}
if (db.Accounts.FirstOrDefault(x => x.UserName == logViewModel.UserName && x.Password == password) != null)
{
var user = db.Accounts.FirstOrDefault(x => x.UserName == logViewModel.UserName && x.Password == password);
HttpContext.Session.SetString("CurrentUser", user.UserName);
HttpContext.Session.SetString("CurrentUserId", user.Id.ToString());
if (user.Role == Role.Admin)
{
HttpContext.Session.SetString("CurrentUserIsAdmin", "true");
}
else
{
HttpContext.Session.SetString("CurrentUserIsAdmin", "false");
}
return(RedirectToAction("Index", "Home"));
}
else
{
ViewData["InvalidUser"] = Constant.LogInInvalidUserCredentialsError;
return(View());
}
}
return(View());
}
public IActionResult UpdateAccountInfo(ProfileViewModel profileViewModel)
{
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
profileViewModel.FirstName, profileViewModel.LastName, profileViewModel.Address
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols);
return(RedirectToAction("Profile"));
}
var userName = HttpContext.Session.GetString("CurrentUser");
var account = db.Accounts.FirstOrDefault(x => x.UserName == userName);
account.FirstName = profileViewModel.FirstName;
account.LastName = profileViewModel.LastName;
account.Address = profileViewModel.Address;
if (profileViewModel.Gender != 0)
{
account.Gender = profileViewModel.Gender;
}
else if (profileViewModel.Gender == 0)
{
this.TempData["InvalidGender"] = Constant.InvalidGender;
return(RedirectToAction("Profile"));
}
db.SaveChanges();
this.TempData["MadeChanges"] = Constant.MadeChanges;
}
return(RedirectToAction("Profile"));
}
public IActionResult Register(AccountViewModel accViewModel)
{
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
accViewModel.UserName, accViewModel.Email, accViewModel.Password, accViewModel.ConfirmPassword
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols;
return(View());
}
if (db.Accounts.FirstOrDefault(x => x.UserName == accViewModel.UserName) != null)
{
ViewData["UsernameError"] = Constant.UsernameAlreadyExists;
}
if (db.Accounts.FirstOrDefault(x => x.Email == accViewModel.Email) != null)
{
ViewData["EmailError"] = Constant.EmailAlreadyExists;
}
if (ViewData["UsernameError"] != null || ViewData["EmailError"] != null)
{
return(View());
}
int termsCheckBox = Request.Form["TermsCheckBox"].Count;
int ageCheckBox = Request.Form["AgeCheckBox"].Count;
if (termsCheckBox == 1 && ageCheckBox == 1)
{
Account account = new Account
{
UserName = accViewModel.UserName,
Password = PasswordEncodingService.GetHashSha256(accViewModel.Password),
Email = accViewModel.Email,
Role = Role.User
};
db.Accounts.Add(account);
db.SaveChanges();
this.TempData["SuccessfullyRegistered"] = Constant.SuccessfullyRegistered;
return(View());
}
else
{
ViewData["LoginError"] = Constant.LogInError;
return(View());
}
}
return(View());
}
public IActionResult ForgottenPassword(ForgottenPasswordViewModel forgottenPassViewModel)
{
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
if (sQLInjectionProtectionService.HasMaliciousCharacters(forgottenPassViewModel.Email))
{
ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols;
return(View());
}
if (db.Accounts.FirstOrDefault(x => x.Email == forgottenPassViewModel.Email) != null)
{
this.TempData["SentEmail"] = Constant.SentEmail;
return(RedirectToAction("ForgottenPassword"));
}
}
this.TempData["NotMatchingEmail"] = Constant.NotMatchingEmail;
return(View());
}
public IActionResult Search(CategoriesViewModel categoriesViewModel)
{
var searchResult = categoriesViewModel.Search;
if (searchResult == null)
{
this.TempData["Search"] = Constant.Search;
return(RedirectToAction("Categories"));
}
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
if (sQLInjectionProtectionService.HasMaliciousCharacters(categoriesViewModel.Search))
{
HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols);
return(RedirectToAction("Categories"));
}
var searchedItems = db.Items.Where(x => x.Title.ToLower().Contains(" " + categoriesViewModel.Search.ToLower() + " ")).ToList();
CategoriesViewModel newCategoriesViewModel = new CategoriesViewModel();
newCategoriesViewModel.Items = searchedItems;
foreach (var item in db.Categories)
{
newCategoriesViewModel.Categories.Add(new SelectListItem {
Text = item.Name, Value = item.Name
});
}
foreach (var item in newCategoriesViewModel.Items.Where(x => x.Quantity > 0))
{
if (item.Description.Length >= 132)
{
item.Description = item.Description.Substring(0, 123);
item.Description += " . . ";
}
}
return(View("Categories", newCategoriesViewModel));
}
public IActionResult RegistryRepository(RegistryViewModel registryViewModel, string registryType)
{
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
registryViewModel.Name, registryViewModel.City
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols);
return(View("Registry"));
}
var currentUser = HttpContext.Session.GetString("CurrentUser");
var user = db.Accounts.FirstOrDefault(x => x.UserName == currentUser);
Registry registry = new Registry
{
Name = registryViewModel.Name,
Location = registryViewModel.City,
DateOfEvent = registryViewModel.DateOfEvent,
AccountId = user.Id
};
if (registryType == Enums.RegistryType.Baby.ToString())
{
registry.RegistryType = Enums.RegistryType.Baby;
}
else if (registryType == Enums.RegistryType.Wedding.ToString())
{
registry.RegistryType = Enums.RegistryType.Wedding;
}
else if (registryType == Enums.RegistryType.Birthday.ToString())
{
registry.RegistryType = Enums.RegistryType.Birthday;
}
db.Registries.Add(registry);
db.SaveChanges();
this.TempData["SuccessfullyCreatedRegistry"] = Constant.SuccessfullyCreatedRegistry;
return(View("Registry"));
}
this.TempData["IncorrectRegistryForm"] = Constant.IncorrectRegistryForm;
return(View("Registry"));
}
public IActionResult Contact(ContactUsViewModel contactViewModel)
{
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
contactViewModel.Name, contactViewModel.Email, contactViewModel.Subject, contactViewModel.Message
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols;
return(View());
}
this.TempData["SuccessfullySentEmail"] = Constant.SuccessfullySentEmail;
return(View("Contact"));
}
return(View(contactViewModel));
}
public IActionResult Sell(ItemViewModel sellViewModel)
{
var seller = db.Accounts.FirstOrDefault(x => x.UserName == HttpContext.Session.GetString("CurrentUser"));
Category category = db.Categories.FirstOrDefault(x => x.Name == sellViewModel.SelectedCategory);
Item item = new Item {
Title = sellViewModel.Title, Price = sellViewModel.Price, Quantity = sellViewModel.Quantity, Category = category, Description = sellViewModel.Description, Seller = seller
};
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
sellViewModel.Title, sellViewModel.Description
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols);
return(RedirectToAction("Sell"));
}
CloudinaryDotNet.Account account = new CloudinaryDotNet.Account(Constant.CLOUD_NAME, Constant.API_KEY, Constant.API_SECRET);
Cloudinary cloudinary = new Cloudinary(account);
if (sellViewModel.Image1 != null && sellViewModel.Image1 != string.Empty)
{
var uploadParams = new ImageUploadParams()
{
File = new FileDescription(sellViewModel.Image1)
};
var uploadResult = cloudinary.Upload(uploadParams);
var path = uploadResult.JsonObj["public_id"].ToString();
item.Image1 = path;
}
else
{
item.Image1 = Constants.Constant.NO_IMAGE;
}
if (sellViewModel.Image2 != null && sellViewModel.Image2 != string.Empty)
{
var uploadParams = new ImageUploadParams()
{
File = new FileDescription(sellViewModel.Image2)
};
var uploadResult = cloudinary.Upload(uploadParams);
var path = uploadResult.JsonObj["public_id"].ToString();
item.Image2 = path;
}
else
{
item.Image2 = Constants.Constant.NO_IMAGE;
}
if (sellViewModel.Image3 != null && sellViewModel.Image3 != string.Empty)
{
var uploadParams = new ImageUploadParams()
{
File = new FileDescription(sellViewModel.Image3)
};
var uploadResult = cloudinary.Upload(uploadParams);
var path = uploadResult.JsonObj["public_id"].ToString();
item.Image3 = path;
}
else
{
item.Image3 = Constants.Constant.NO_IMAGE;
}
db.Items.Add(item);
db.SaveChanges();
this.TempData["SuccessfullyListed"] = Constant.SuccessfullyListed;
return(RedirectToAction("Sell"));
}
if (item.CategoryId == 0)
{
this.TempData["NoCategorySelected"] = Constant.NoCategorySelected;
return(View(new ItemViewModel()));
}
return(View(new ItemViewModel()));
}
public IActionResult EditItem(ItemViewModel itemViewModel)
{
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
itemViewModel.Title, itemViewModel.Description
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols);
return(RedirectToAction("EditItem"));
}
int id = int.Parse(HttpContext.Session.GetString("ItemId"));
var item = db.Items.FirstOrDefault(x => x.Id == id);
Category category = db.Categories.FirstOrDefault(x => x.Name == itemViewModel.SelectedCategory);
item.Title = itemViewModel.Title;
item.Price = itemViewModel.Price;
item.Quantity = itemViewModel.Quantity;
item.Category = category;
item.Description = itemViewModel.Description;
CloudinaryDotNet.Account account = new CloudinaryDotNet.Account(Constant.CLOUD_NAME, Constant.API_KEY, Constant.API_SECRET);
Cloudinary cloudinary = new Cloudinary(account);
if (itemViewModel.Image1 != string.Empty && itemViewModel.Image1 != null)
{
if (itemViewModel.Image1.Length > 100)
{
var uploadParams = new ImageUploadParams()
{
File = new FileDescription(itemViewModel.Image1)
};
var uploadResult = cloudinary.Upload(uploadParams);
var path = uploadResult.JsonObj["public_id"].ToString();
item.Image1 = path;
}
}
else
{
item.Image1 = Constants.Constant.NO_IMAGE;
}
if (itemViewModel.Image2 != string.Empty && itemViewModel.Image2 != null)
{
if (itemViewModel.Image2.Length > 100)
{
var uploadParams = new ImageUploadParams()
{
File = new FileDescription(itemViewModel.Image2)
};
var uploadResult = cloudinary.Upload(uploadParams);
var path = uploadResult.JsonObj["public_id"].ToString();
item.Image2 = path;
}
}
else
{
item.Image2 = Constants.Constant.NO_IMAGE;
}
if (itemViewModel.Image3 != string.Empty && itemViewModel.Image3 != null)
{
if (itemViewModel.Image3.Length > 100)
{
var uploadParams = new ImageUploadParams()
{
File = new FileDescription(itemViewModel.Image3)
};
var uploadResult = cloudinary.Upload(uploadParams);
var path = uploadResult.JsonObj["public_id"].ToString();
item.Image3 = path;
}
}
else
{
item.Image3 = Constants.Constant.NO_IMAGE;
}
db.SaveChanges();
this.TempData["SuccessfullyEdited"] = Constant.SuccessfullyEdited;
return(RedirectToAction("Offers"));
}
return(View());
}
public IActionResult ShoppingCart(ShoppingCartViewModel shoppingCartViewModel)
{
string easyPayNumber = string.Empty;
if (shoppingCartViewModel.PaymentMethod == Enums.PaymentMethod.EasyPay)
{
EasyPayNumberGenerator generator = new EasyPayNumberGenerator();
easyPayNumber = generator.GenerateEasyPayNumber();
}
for (int i = 0; i < shoppingCartViewModel.Items.Count; i++)
{
var item = db.Items.FirstOrDefault(x => x.Id == shoppingCartViewModel.Items[i].Id);
shoppingCartViewModel.Items[i].Title = item.Title;
shoppingCartViewModel.Items[i].Price = item.Price;
shoppingCartViewModel.Items[i].Description = item.Description;
shoppingCartViewModel.Items[i].SellerId = item.SellerId;
shoppingCartViewModel.Items[i].CategoryId = item.CategoryId;
}
ModelState.Clear();
TryValidateModel(shoppingCartViewModel);
if (ModelState.IsValid)
{
SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService();
List <string> dataList = new List <string> {
shoppingCartViewModel.FirstName, shoppingCartViewModel.LastName,
shoppingCartViewModel.Address, shoppingCartViewModel.SecondAddres,
shoppingCartViewModel.City, shoppingCartViewModel.State,
};
if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList))
{
HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols);
return(RedirectToAction("ShoppingCart"));
}
var currentUserName = HttpContext.Session.GetString("CurrentUser");
var buyer = db.Accounts.FirstOrDefault(x => x.UserName == currentUserName);
foreach (var item in shoppingCartViewModel.Items)
{
var currentItem = db.Items.FirstOrDefault(x => x.Id == item.Id);
if (currentItem.Quantity < item.Quantity)
{
//this.TempData["NotEnoughQuantity"] = $"Sorry, not enough quantity from item {currentItem.Title} with quantity left - {currentItem.Quantity}, please check in stock items";
this.TempData["NotEnoughQuantity"] = string.Format(Constant.NotEnoughQuantity, currentItem.Title, currentItem.Quantity);
return(RedirectToAction("ShoppingCart"));
}
Order order = new Order
{
BuyerId = buyer.Id,
Date = DateTime.Now,
ItemId = item.Id,
Price = currentItem.Price * currentItem.Quantity,
Quantity = item.Quantity,
PaymentMethod = shoppingCartViewModel.PaymentMethod,
FirstName = shoppingCartViewModel.FirstName,
LastName = shoppingCartViewModel.LastName,
Address1 = shoppingCartViewModel.Address,
Address2 = shoppingCartViewModel.SecondAddres,
City = shoppingCartViewModel.City,
State = shoppingCartViewModel.State,
Zip = shoppingCartViewModel.Zip,
SellerId = currentItem.SellerId,
ShippingStatus = ShippingStatus.Processing
};
if (easyPayNumber != null)
{
order.EasyPayNumber = easyPayNumber;
}
db.Orders.Add(order);
currentItem.Quantity -= item.Quantity;
}
var currentShoppingCart = db.ShoppingCarts.Where(x => x.AccountId == buyer.Id).ToList();
foreach (var item in currentShoppingCart)
{
item.IsPurchased = true;
}
db.SaveChanges();
if (shoppingCartViewModel.PaymentMethod == Enums.PaymentMethod.Delivery)
{
this.TempData["SuccessfullyPlacedOrder"] = Constant.SuccessfullyPlacedOrder;
return(RedirectToAction("ShoppingCart"));
}
else
{
return(View("Confirmation", easyPayNumber));
}
}
return(View(shoppingCartViewModel));
}
