public ClassSelect ManageSelect(string pQuery)
{
ClassSelect query;
Match matchselect2 = Regex.Match(pQuery, Constants.regExSelect);
if (matchselect2.Success)
{
string columns = matchselect2.Groups[1].Value;
string table = matchselect2.Groups[2].Value;
string condition = matchselect2.Groups[3].Value;
string[] columnssplit = columns.Split(',');
query = new ClassSelect(columnssplit, table, condition, pQuery);
return(query);
}
else
{
Match matchselectV3 = Regex.Match(pQuery, Constants.regExSelect2);
if (matchselectV3.Success)
{
string columns = matchselectV3.Groups[1].Value;
string table = matchselectV3.Groups[2].Value;
string[] columnssplit = columns.Split(',');
query = new ClassSelect(columnssplit, table, "", pQuery);
return(query);
}
}
return(null);
}
public string Query(string psentencia, string dbname, Database pDB)
{
Boolean existTablePrivileges = false;
try
{
Query query = Parse(psentencia);
string a = query.getClass();
if (pDB.getUser() == "admin")
{
query.Run(dbname);
return(query.getResult());
}
else if (a.Equals("select"))
{
Match matchtableselect = Regex.Match(psentencia, @"SELECT\s+.+\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("SELECT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassSelect q2 = (ClassSelect)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("delete"))
{
Match matchtableselect = Regex.Match(psentencia, @"DELETE\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("DELETE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassDelete q2 = (ClassDelete)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("insert"))
{
Match matchtableselect = Regex.Match(psentencia, @"INSERT\s+INTO\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("INSERT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassInsert q2 = (ClassInsert)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("update"))
{
Match matchtableselect = Regex.Match(psentencia, @"UPDATE\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("UPDATE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassUpdate q2 = (ClassUpdate)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
if (!existTablePrivileges)
{
return(Constants.SecurityNotSufficientPrivileges);
}
return(null);
}
catch (Exception e)
{
string errorreg;
string error = e.ToString();
if (error.Contains("No se pudo encontrar el archivo"))
{
errorreg = "ERROR: Table does not exist";
}
else
{
errorreg = "Your query is not valid";
}
return(errorreg);
}
}