public ActionResult EditCategory(Category modified)
{
// If the user is not logged in or has inappropriate permissions,
// redirect to the appropriate page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
if (Account.GetCookieType(Request.Cookies["UserID"].Value)
< AccountType.Manager)
{
return(RedirectToAction("OrderList", "OrderList"));
}
// Open a database connection.
var db = new PickUpOrderDBEntities2();
// Apply and save changes.
db.Categories.Find(modified.CategoryID).CategoryName
= modified.CategoryName;
db.SaveChanges();
// Redirect to the editor page.
return(View("MenuEditor", db.MenuItems));
}
public ActionResult Submit()
{
// If the user is not logged in, redirect to the login page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
// Open the database connection.
var db = new PickUpOrderDBEntities2();
// Get the user.
Account curUser =
db.Accounts.Find(Account.GetCookieID(
Request.Cookies["UserID"].Value));
// Set their most recent order to "Received".
int?toSubmit = curUser.MostRecentOrder();
db.Orders.Find(toSubmit).OrderStatus = (int)OrderStatus.Received;
db.SaveChanges();
// Return the view.
return(View("Menu", db.MenuItems));
}
public ActionResult AddItem(MenuItem toAdd)
{
// If the user is not logged in or has inappropriate permissions,
// redirect to the appropriate page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
if (Account.GetCookieType(Request.Cookies["UserID"].Value)
< AccountType.Manager)
{
return(RedirectToAction("OrderList", "OrderList"));
}
// Open a database connection.
var db = new PickUpOrderDBEntities2();
// Convert the price fields to the raw price.
toAdd.Price = int.Parse(Request.Form["dollars"]) * 100 +
int.Parse(Request.Form["cents"]);
// Add and save changes.
// (The new item's ID is automatically generated here.)
db.MenuItems.Add(toAdd);
db.SaveChanges();
// Redirect to the editor page.
return(View("MenuEditor", db.MenuItems));
}
public ActionResult AddCategory(Category toAdd)
{
// If the user is not logged in or has inappropriate permissions,
// redirect to the appropriate page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
if (Account.GetCookieType(Request.Cookies["UserID"].Value)
< AccountType.Manager)
{
return(RedirectToAction("OrderList", "OrderList"));
}
// Open a database connection.
var db = new PickUpOrderDBEntities2();
// Add and save changes.
// (The new category's ID is automatically generated here.)
db.Categories.Add(toAdd);
db.SaveChanges();
// Redirect to the editor page.
return(View("MenuEditor", db.MenuItems));
}
public ActionResult EditItem(MenuItem modified)
{
// If the user is not logged in or has inappropriate permissions,
// redirect to the appropriate page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
if (Account.GetCookieType(Request.Cookies["UserID"].Value)
< AccountType.Manager)
{
return(RedirectToAction("OrderList", "OrderList"));
}
// Open a database connection.
var db = new PickUpOrderDBEntities2();
// Convert the price fields to the raw price.
modified.Price = int.Parse(Request.Form["dollars"]) * 100 +
int.Parse(Request.Form["cents"]);
// If the price has changed, modify all orders that have the item
// to reflect the new price.
if (modified.Price != db.MenuItems.Find(modified.ItemID).Price)
{
IQueryable <Order> ordersToMod =
db.Orders.Where(m => m.OrderStatus ==
(int)OrderStatus.NotSubmitted &&
(m.OrderContents.Contains($"{modified.ItemID},") ||
m.OrderContents.EndsWith(modified.ItemID.ToString())));
// In each order, see how often the item occurs and modify.
foreach (Order o in ordersToMod)
{
int toChange =
o.OrderContents.Count(s =>
s.Equals($"{modified.ItemID},"));
if (o.OrderContents.EndsWith(modified.ItemID.ToString()))
{
toChange++;
}
o.RawCost += (int)(toChange * (modified.Price -
db.MenuItems.Find(modified.ItemID).Price));
}
}
// Apply and save changes.
db.MenuItems.Find(modified.ItemID).Name = modified.Name;
db.MenuItems.Find(modified.ItemID).Description =
modified.Description;
db.MenuItems.Find(modified.ItemID).Price = modified.Price;
db.MenuItems.Find(modified.ItemID).Category = modified.Category;
db.SaveChanges();
// Redirect to the editor page.
return(View("MenuEditor", db.MenuItems));
}
public ActionResult NullifyItem(MenuItem toNullify)
{
// Open a database connection.
var db = new PickUpOrderDBEntities2();
// Apply and save changes.
db.MenuItems.Find(toNullify.ItemID).NullifyItem();
db.SaveChanges();
// Redirect to the editor page.
return(View("MenuEditor", db.MenuItems));
}
public ActionResult ProcessEmailChange()
{
// If the user is not logged in, redirect to the login page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
// Get the new email.
string newEmail = Request.Form["email"];
// Attempt to convert the provided name to an email address
// and return an error if this is not possible.
try
{
var address = new MailAddress(newEmail);
}
catch (FormatException)
{
return(View("ChangeEmail", -1));
}
// If the given email is in the database, return an error.
int IDNo = Account.GetCookieID(Request.Cookies["UserID"].Value);
var db = new PickUpOrderDBEntities2();
IQueryable <Account> matches =
db.Accounts.Where(e => e.Email.Equals(newEmail));
if (matches.Count() > 0)
{
// If the match has the same user ID as the current user,
// then the returned error is different.
if (matches.First().UserID == IDNo)
{
return(View("ChangeEmail", -3));
}
else
{
return(View("ChangeEmail", -2));
}
}
// Otherwise, set the new email.
db.Accounts.Find(IDNo).Email = newEmail;
db.SaveChanges();
return(View("AccountManagement"));
}
public ActionResult OrderList(Order updatedOrder)
{
// If the user is not logged in or has inappropriate permissions,
// redirect to the appropriate page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
if (Account.GetCookieType(Request.Cookies["UserID"].Value)
< AccountType.Employee)
{
return(RedirectToAction("Menu", "Menu"));
}
var db = new PickUpOrderDBEntities2();
db.Orders.Find(updatedOrder.OrderID).OrderStatus
= updatedOrder.OrderStatus;
db.SaveChanges();
return(View());
}
public ActionResult DeleteCategory(Category oldCat)
{
// If the user is not logged in or has inappropriate permissions,
// redirect to the appropriate page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
if (Account.GetCookieType(Request.Cookies["UserID"].Value)
< AccountType.Manager)
{
return(RedirectToAction("OrderList", "OrderList"));
}
// Open a database connection.
var db = new PickUpOrderDBEntities2();
// Get the value of newCat.
Category newCat =
db.Categories.Find(int.Parse(Request.Form["newCat"]));
// Change all members of oldCat to newCat.
List <MenuItem> toModify =
db.MenuItems.Where(e => (int)e.Category ==
oldCat.CategoryID).ToList();
foreach (MenuItem i in toModify)
{
i.Category = newCat.CategoryID;
}
// Remove oldCat and save all changes.
db.Categories.Remove(db.Categories.Single(e => e.CategoryID ==
oldCat.CategoryID));
db.SaveChanges();
// Redirect to the editor page.
return(View("MenuEditor", db.MenuItems));
}
public ActionResult ProcessPasswordChange()
{
// If the user is not logged in, redirect to the login page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
// Get the new email.
string newPasswd = Request.Form["passwd"];
string newPasswd2 = Request.Form["passwd2"];
// If the passwords do not match, return an error.
if (!newPasswd.Equals(newPasswd2))
{
return(View("ChangePassword", -1));
}
// If the new password has the same hash, return an error.
int IDNo = Account.GetCookieID(Request.Cookies["UserID"].Value);
var db = new PickUpOrderDBEntities2();
if (db.Accounts.Find(IDNo).CheckPassword(newPasswd))
{
return(View("ChangePassword", -2));
}
// Otherwise, save the new password.
// Since the hash function is hidden,
// use the Account constructor to hash.
Account temp = new Account("", newPasswd, AccountType.Customer);
db.Accounts.Find(IDNo).PasswordHash = temp.PasswordHash;
db.SaveChanges();
return(View("AccountManagement"));
}
public ActionResult Menu(bool adding, int IDtoModify)
{
// If the user is not logged in, redirect to the login page.
if (!Request.Cookies.AllKeys.Contains("UserID"))
{
return(RedirectToAction("Login", "Login"));
}
// Retrieve the item being added.
var db = new PickUpOrderDBEntities2();
MenuItem toModify = db.MenuItems.Find(IDtoModify);
// Retrieve the quantity.
int qty = int.Parse(Request.Form["qty"]);
// Retrieve the order this is being added to.
Account user =
db.Accounts.Find(Account.GetCookieID(
Request.Cookies["UserID"].Value));
Order targetOrder = db.Orders.Find(user.MostRecentOrder());
// Process the appropriate changes.
if (adding)
{
targetOrder.AddMultipleItems(toModify, qty);
}
else
{
targetOrder.RemoveMultipleItems(toModify, qty);
}
db.Orders.Find(targetOrder.OrderID).OrderContents =
targetOrder.OrderContents;
db.SaveChanges();
// Pass the untruncated menu.
return(View(db.MenuItems));
}
public ActionResult Registration(AccountType type)
{
// If the user is logged in, redirect to the appropriate page.
if (Request.Cookies.AllKeys.Contains("UserID"))
{
type =
Account.GetCookieType(Request.Cookies["UserID"].Value);
switch (type)
{
case AccountType.Employee:
return(Redirect("/OrderList/OrderList"));
case AccountType.Manager:
return(Redirect("/MenuEditor/MenuEditor"));
default:
return(Redirect("/Menu/Menu"));
}
}
// Get the form information.
var email = Request.Form["email"];
var passwd = Request.Form["passwd"];
var passwd2 = Request.Form["passwd2"];
// Attempt to convert the provided name to an email address
// and return an error if this is not possible.
try
{
var address = new MailAddress(email);
}
catch (FormatException)
{
switch (type)
{
case AccountType.Employee:
return(View("SecretRegistration", -1));
case AccountType.Manager:
return(View("SuperSecretRegistration", -1));
default:
return(View(-1));
}
}
// If the given email is in the database, return an error.
var db = new PickUpOrderDBEntities2();
IQueryable <Account> matches =
db.Accounts.Where(e => e.Email.Equals(email));
if (matches.Count() > 0)
{
switch (type)
{
case AccountType.Employee:
return(View("SecretRegistration", -2));
case AccountType.Manager:
return(View("SuperSecretRegistration", -2));
default:
return(View(-2));
}
}
// Check whether the password is correct
// and return an error if it is not.
if (!passwd.Equals(passwd2))
{
switch (type)
{
case AccountType.Employee:
return(View("SecretRegistration", -3));
case AccountType.Manager:
return(View("SuperSecretRegistration", -3));
default:
return(View(-3));
}
}
// Add the account.
var newAccount = new Account(email, passwd, type);
db.Accounts.Add(newAccount);
db.SaveChanges();
// Define a cookie for this user that expires in an hour.
// Cookie format: All but last two bits are user ID.
// The last two bits of the cookie indicate the user type
// and will be checked against the database whenever appropriate.
// xorVal was randomly selected and exists to hide the exact value.
int cookieVal = ((newAccount.UserID * 4) + newAccount.Type) ^
Properties.Settings.Default.xorVal;
Response.Cookies["UserID"].Value = cookieVal.ToString();
Response.Cookies["UserID"].Expires = DateTime.Now.AddHours(1);
Response.Cookies["UserID"].Secure = true;
// Redirect to the appropriate page.
switch (type)
{
case AccountType.Employee:
return(Redirect("/OrderList/OrderList"));
case AccountType.Manager:
return(Redirect("/MenuEditor/MenuEditor"));
default:
return(Redirect("/Menu/Menu"));
}
}
public ActionResult Reset()
{
// If the user is logged in, redirect to the appropriate page.
if (Request.Cookies.AllKeys.Contains("UserID"))
{
AccountType type =
Account.GetCookieType(Request.Cookies["UserID"].Value);
switch (type)
{
case AccountType.Employee:
return(Redirect("/OrderList/OrderList"));
case AccountType.Manager:
return(Redirect("/MenuEditor/MenuEditor"));
default:
return(Redirect("/Menu/Menu"));
}
}
// Get the form information.
string email = Request.Form["email"];
string passwd = Request.Form["passwd"];
string passwd2 = Request.Form["passwd2"];
// Attempt to convert the provided name to an email address
// and return an error if this is not possible.
try
{
var address = new MailAddress(email);
}
catch (FormatException)
{
return(View("ResetPassword", -1));
}
// Attempt to find the email address in the database
// and return an error if this is not possible.
var db = new PickUpOrderDBEntities2();
IQueryable <Account> matches =
db.Accounts.Where(e => e.Email.Equals(email));
Account match = matches.FirstOrDefault();
if (match == null)
{
return(View("Login", -2));
}
// Check whether the passwords match
// and return an error if they do not.
if (!passwd.Equals(passwd2))
{
return(View("Login", -3));
}
// Use an Account constructor to calculate the new password's hash.
// AccountType.Customer is simply there so the constructor works.
var newAccount = new Account(email, passwd, AccountType.Customer);
db.Accounts.Find(match.UserID).PasswordHash =
newAccount.PasswordHash;
db.SaveChanges();
// Redirect to the login page.
return(View("Login", 1));
}