public IActionResult LogIn(LogInViewModel logViewModel) { if (ModelState.IsValid) { var password = PasswordEncodingService.GetHashSha256(logViewModel.Password); SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); if (sQLInjectionProtectionService.HasMaliciousCharacters(logViewModel.UserName)) { ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols; return(View()); } if (db.Accounts.FirstOrDefault(x => x.UserName == logViewModel.UserName && x.Password == password) != null) { var user = db.Accounts.FirstOrDefault(x => x.UserName == logViewModel.UserName && x.Password == password); HttpContext.Session.SetString("CurrentUser", user.UserName); HttpContext.Session.SetString("CurrentUserId", user.Id.ToString()); if (user.Role == Role.Admin) { HttpContext.Session.SetString("CurrentUserIsAdmin", "true"); } else { HttpContext.Session.SetString("CurrentUserIsAdmin", "false"); } return(RedirectToAction("Index", "Home")); } else { ViewData["InvalidUser"] = Constant.LogInInvalidUserCredentialsError; return(View()); } } return(View()); }
public IActionResult UpdateAccountInfo(ProfileViewModel profileViewModel) { if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); List <string> dataList = new List <string> { profileViewModel.FirstName, profileViewModel.LastName, profileViewModel.Address }; if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList)) { HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols); return(RedirectToAction("Profile")); } var userName = HttpContext.Session.GetString("CurrentUser"); var account = db.Accounts.FirstOrDefault(x => x.UserName == userName); account.FirstName = profileViewModel.FirstName; account.LastName = profileViewModel.LastName; account.Address = profileViewModel.Address; if (profileViewModel.Gender != 0) { account.Gender = profileViewModel.Gender; } else if (profileViewModel.Gender == 0) { this.TempData["InvalidGender"] = Constant.InvalidGender; return(RedirectToAction("Profile")); } db.SaveChanges(); this.TempData["MadeChanges"] = Constant.MadeChanges; } return(RedirectToAction("Profile")); }
public IActionResult Register(AccountViewModel accViewModel) { if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); List <string> dataList = new List <string> { accViewModel.UserName, accViewModel.Email, accViewModel.Password, accViewModel.ConfirmPassword }; if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList)) { ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols; return(View()); } if (db.Accounts.FirstOrDefault(x => x.UserName == accViewModel.UserName) != null) { ViewData["UsernameError"] = Constant.UsernameAlreadyExists; } if (db.Accounts.FirstOrDefault(x => x.Email == accViewModel.Email) != null) { ViewData["EmailError"] = Constant.EmailAlreadyExists; } if (ViewData["UsernameError"] != null || ViewData["EmailError"] != null) { return(View()); } int termsCheckBox = Request.Form["TermsCheckBox"].Count; int ageCheckBox = Request.Form["AgeCheckBox"].Count; if (termsCheckBox == 1 && ageCheckBox == 1) { Account account = new Account { UserName = accViewModel.UserName, Password = PasswordEncodingService.GetHashSha256(accViewModel.Password), Email = accViewModel.Email, Role = Role.User }; db.Accounts.Add(account); db.SaveChanges(); this.TempData["SuccessfullyRegistered"] = Constant.SuccessfullyRegistered; return(View()); } else { ViewData["LoginError"] = Constant.LogInError; return(View()); } } return(View()); }
public IActionResult ForgottenPassword(ForgottenPasswordViewModel forgottenPassViewModel) { if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); if (sQLInjectionProtectionService.HasMaliciousCharacters(forgottenPassViewModel.Email)) { ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols; return(View()); } if (db.Accounts.FirstOrDefault(x => x.Email == forgottenPassViewModel.Email) != null) { this.TempData["SentEmail"] = Constant.SentEmail; return(RedirectToAction("ForgottenPassword")); } } this.TempData["NotMatchingEmail"] = Constant.NotMatchingEmail; return(View()); }
public IActionResult Search(CategoriesViewModel categoriesViewModel) { var searchResult = categoriesViewModel.Search; if (searchResult == null) { this.TempData["Search"] = Constant.Search; return(RedirectToAction("Categories")); } SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); if (sQLInjectionProtectionService.HasMaliciousCharacters(categoriesViewModel.Search)) { HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols); return(RedirectToAction("Categories")); } var searchedItems = db.Items.Where(x => x.Title.ToLower().Contains(" " + categoriesViewModel.Search.ToLower() + " ")).ToList(); CategoriesViewModel newCategoriesViewModel = new CategoriesViewModel(); newCategoriesViewModel.Items = searchedItems; foreach (var item in db.Categories) { newCategoriesViewModel.Categories.Add(new SelectListItem { Text = item.Name, Value = item.Name }); } foreach (var item in newCategoriesViewModel.Items.Where(x => x.Quantity > 0)) { if (item.Description.Length >= 132) { item.Description = item.Description.Substring(0, 123); item.Description += " . . "; } } return(View("Categories", newCategoriesViewModel)); }
public IActionResult RegistryRepository(RegistryViewModel registryViewModel, string registryType) { if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); List <string> dataList = new List <string> { registryViewModel.Name, registryViewModel.City }; if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList)) { HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols); return(View("Registry")); } var currentUser = HttpContext.Session.GetString("CurrentUser"); var user = db.Accounts.FirstOrDefault(x => x.UserName == currentUser); Registry registry = new Registry { Name = registryViewModel.Name, Location = registryViewModel.City, DateOfEvent = registryViewModel.DateOfEvent, AccountId = user.Id }; if (registryType == Enums.RegistryType.Baby.ToString()) { registry.RegistryType = Enums.RegistryType.Baby; } else if (registryType == Enums.RegistryType.Wedding.ToString()) { registry.RegistryType = Enums.RegistryType.Wedding; } else if (registryType == Enums.RegistryType.Birthday.ToString()) { registry.RegistryType = Enums.RegistryType.Birthday; } db.Registries.Add(registry); db.SaveChanges(); this.TempData["SuccessfullyCreatedRegistry"] = Constant.SuccessfullyCreatedRegistry; return(View("Registry")); } this.TempData["IncorrectRegistryForm"] = Constant.IncorrectRegistryForm; return(View("Registry")); }
public IActionResult Contact(ContactUsViewModel contactViewModel) { if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); List <string> dataList = new List <string> { contactViewModel.Name, contactViewModel.Email, contactViewModel.Subject, contactViewModel.Message }; if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList)) { ViewData["MaliciousSymbols"] = Constant.MaliciousSymbols; return(View()); } this.TempData["SuccessfullySentEmail"] = Constant.SuccessfullySentEmail; return(View("Contact")); } return(View(contactViewModel)); }
public IActionResult Sell(ItemViewModel sellViewModel) { var seller = db.Accounts.FirstOrDefault(x => x.UserName == HttpContext.Session.GetString("CurrentUser")); Category category = db.Categories.FirstOrDefault(x => x.Name == sellViewModel.SelectedCategory); Item item = new Item { Title = sellViewModel.Title, Price = sellViewModel.Price, Quantity = sellViewModel.Quantity, Category = category, Description = sellViewModel.Description, Seller = seller }; if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); List <string> dataList = new List <string> { sellViewModel.Title, sellViewModel.Description }; if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList)) { HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols); return(RedirectToAction("Sell")); } CloudinaryDotNet.Account account = new CloudinaryDotNet.Account(Constant.CLOUD_NAME, Constant.API_KEY, Constant.API_SECRET); Cloudinary cloudinary = new Cloudinary(account); if (sellViewModel.Image1 != null && sellViewModel.Image1 != string.Empty) { var uploadParams = new ImageUploadParams() { File = new FileDescription(sellViewModel.Image1) }; var uploadResult = cloudinary.Upload(uploadParams); var path = uploadResult.JsonObj["public_id"].ToString(); item.Image1 = path; } else { item.Image1 = Constants.Constant.NO_IMAGE; } if (sellViewModel.Image2 != null && sellViewModel.Image2 != string.Empty) { var uploadParams = new ImageUploadParams() { File = new FileDescription(sellViewModel.Image2) }; var uploadResult = cloudinary.Upload(uploadParams); var path = uploadResult.JsonObj["public_id"].ToString(); item.Image2 = path; } else { item.Image2 = Constants.Constant.NO_IMAGE; } if (sellViewModel.Image3 != null && sellViewModel.Image3 != string.Empty) { var uploadParams = new ImageUploadParams() { File = new FileDescription(sellViewModel.Image3) }; var uploadResult = cloudinary.Upload(uploadParams); var path = uploadResult.JsonObj["public_id"].ToString(); item.Image3 = path; } else { item.Image3 = Constants.Constant.NO_IMAGE; } db.Items.Add(item); db.SaveChanges(); this.TempData["SuccessfullyListed"] = Constant.SuccessfullyListed; return(RedirectToAction("Sell")); } if (item.CategoryId == 0) { this.TempData["NoCategorySelected"] = Constant.NoCategorySelected; return(View(new ItemViewModel())); } return(View(new ItemViewModel())); }
public IActionResult EditItem(ItemViewModel itemViewModel) { if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); List <string> dataList = new List <string> { itemViewModel.Title, itemViewModel.Description }; if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList)) { HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols); return(RedirectToAction("EditItem")); } int id = int.Parse(HttpContext.Session.GetString("ItemId")); var item = db.Items.FirstOrDefault(x => x.Id == id); Category category = db.Categories.FirstOrDefault(x => x.Name == itemViewModel.SelectedCategory); item.Title = itemViewModel.Title; item.Price = itemViewModel.Price; item.Quantity = itemViewModel.Quantity; item.Category = category; item.Description = itemViewModel.Description; CloudinaryDotNet.Account account = new CloudinaryDotNet.Account(Constant.CLOUD_NAME, Constant.API_KEY, Constant.API_SECRET); Cloudinary cloudinary = new Cloudinary(account); if (itemViewModel.Image1 != string.Empty && itemViewModel.Image1 != null) { if (itemViewModel.Image1.Length > 100) { var uploadParams = new ImageUploadParams() { File = new FileDescription(itemViewModel.Image1) }; var uploadResult = cloudinary.Upload(uploadParams); var path = uploadResult.JsonObj["public_id"].ToString(); item.Image1 = path; } } else { item.Image1 = Constants.Constant.NO_IMAGE; } if (itemViewModel.Image2 != string.Empty && itemViewModel.Image2 != null) { if (itemViewModel.Image2.Length > 100) { var uploadParams = new ImageUploadParams() { File = new FileDescription(itemViewModel.Image2) }; var uploadResult = cloudinary.Upload(uploadParams); var path = uploadResult.JsonObj["public_id"].ToString(); item.Image2 = path; } } else { item.Image2 = Constants.Constant.NO_IMAGE; } if (itemViewModel.Image3 != string.Empty && itemViewModel.Image3 != null) { if (itemViewModel.Image3.Length > 100) { var uploadParams = new ImageUploadParams() { File = new FileDescription(itemViewModel.Image3) }; var uploadResult = cloudinary.Upload(uploadParams); var path = uploadResult.JsonObj["public_id"].ToString(); item.Image3 = path; } } else { item.Image3 = Constants.Constant.NO_IMAGE; } db.SaveChanges(); this.TempData["SuccessfullyEdited"] = Constant.SuccessfullyEdited; return(RedirectToAction("Offers")); } return(View()); }
public IActionResult ShoppingCart(ShoppingCartViewModel shoppingCartViewModel) { string easyPayNumber = string.Empty; if (shoppingCartViewModel.PaymentMethod == Enums.PaymentMethod.EasyPay) { EasyPayNumberGenerator generator = new EasyPayNumberGenerator(); easyPayNumber = generator.GenerateEasyPayNumber(); } for (int i = 0; i < shoppingCartViewModel.Items.Count; i++) { var item = db.Items.FirstOrDefault(x => x.Id == shoppingCartViewModel.Items[i].Id); shoppingCartViewModel.Items[i].Title = item.Title; shoppingCartViewModel.Items[i].Price = item.Price; shoppingCartViewModel.Items[i].Description = item.Description; shoppingCartViewModel.Items[i].SellerId = item.SellerId; shoppingCartViewModel.Items[i].CategoryId = item.CategoryId; } ModelState.Clear(); TryValidateModel(shoppingCartViewModel); if (ModelState.IsValid) { SQLInjectionProtectionService sQLInjectionProtectionService = new SQLInjectionProtectionService(); List <string> dataList = new List <string> { shoppingCartViewModel.FirstName, shoppingCartViewModel.LastName, shoppingCartViewModel.Address, shoppingCartViewModel.SecondAddres, shoppingCartViewModel.City, shoppingCartViewModel.State, }; if (sQLInjectionProtectionService.HasMaliciousCharacters(dataList)) { HttpContext.Session.SetString("MaliciousSymbols", Constant.MaliciousSymbols); return(RedirectToAction("ShoppingCart")); } var currentUserName = HttpContext.Session.GetString("CurrentUser"); var buyer = db.Accounts.FirstOrDefault(x => x.UserName == currentUserName); foreach (var item in shoppingCartViewModel.Items) { var currentItem = db.Items.FirstOrDefault(x => x.Id == item.Id); if (currentItem.Quantity < item.Quantity) { //this.TempData["NotEnoughQuantity"] = $"Sorry, not enough quantity from item {currentItem.Title} with quantity left - {currentItem.Quantity}, please check in stock items"; this.TempData["NotEnoughQuantity"] = string.Format(Constant.NotEnoughQuantity, currentItem.Title, currentItem.Quantity); return(RedirectToAction("ShoppingCart")); } Order order = new Order { BuyerId = buyer.Id, Date = DateTime.Now, ItemId = item.Id, Price = currentItem.Price * currentItem.Quantity, Quantity = item.Quantity, PaymentMethod = shoppingCartViewModel.PaymentMethod, FirstName = shoppingCartViewModel.FirstName, LastName = shoppingCartViewModel.LastName, Address1 = shoppingCartViewModel.Address, Address2 = shoppingCartViewModel.SecondAddres, City = shoppingCartViewModel.City, State = shoppingCartViewModel.State, Zip = shoppingCartViewModel.Zip, SellerId = currentItem.SellerId, ShippingStatus = ShippingStatus.Processing }; if (easyPayNumber != null) { order.EasyPayNumber = easyPayNumber; } db.Orders.Add(order); currentItem.Quantity -= item.Quantity; } var currentShoppingCart = db.ShoppingCarts.Where(x => x.AccountId == buyer.Id).ToList(); foreach (var item in currentShoppingCart) { item.IsPurchased = true; } db.SaveChanges(); if (shoppingCartViewModel.PaymentMethod == Enums.PaymentMethod.Delivery) { this.TempData["SuccessfullyPlacedOrder"] = Constant.SuccessfullyPlacedOrder; return(RedirectToAction("ShoppingCart")); } else { return(View("Confirmation", easyPayNumber)); } } return(View(shoppingCartViewModel)); }