// grants a user request for a specific user type
public string grantUserTypeRequest(string username)
{
// getting the user who made the request
User userWhoRequested = (User)getObjectFromDbByName(new User(), username);
UserTypeRequest requestCopy = new UserTypeRequest();
// getting all user requests
List <UserTypeRequest> requests = getAllFromTable(new UserTypeRequest()).Cast <UserTypeRequest>().ToList();
// if the user who requested the type is in the user requests then copy that username to request copy
foreach (UserTypeRequest request in requests)
{
if (userWhoRequested.userID == request.userID)
{
userWhoRequested.userTypeName = request.userTypeName;
requestCopy = request;
}
}
// updating user with the new user type that they requested to have
db.updateDbFromObjectByName(userWhoRequested);
// deleting the user request
db.deleteObjectFromDb(requestCopy, requestCopy.userID.ToString());
// email informing request has been granted
sendEmail(userWhoRequested.userEmail, "Venzi: Your User Type Request", "Your request to become a "
+ userWhoRequested.userTypeName + " user has been granted. This change is already in effect.");
return("Request granted successfully.");
}
// denies a user request for a specific user type
public string denyUserTypeRequest(string username)
{
// getting the user who made the request
User userWhoRequested = (User)getObjectFromDbByName(new User(), username);
UserTypeRequest requestCopy = new UserTypeRequest();
// getting all user requests
List <UserTypeRequest> requests = getAllFromTable(new UserTypeRequest()).Cast <UserTypeRequest>().ToList();
// if the user who requested the type is in the user requests then copy that username to request copy
foreach (UserTypeRequest request in requests)
{
if (userWhoRequested.userID == request.userID)
{
requestCopy = request;
}
}
// delete user request
db.deleteObjectFromDb(requestCopy, requestCopy.userID.ToString());
// email informing request has been denied
sendEmail(userWhoRequested.userEmail, "Venzi: Your User Type Request", "Your request to become a "
+ requestCopy.userTypeName + " user has been denied. If you feel this is an error " +
"on our part please contact the administrator.");
return("Request denied successfully.");
}
// creates a new user, returns string indicating success or type of error
public string createNewUser(string username, string firstName, string lastName, string password, string usertype, string email)
{
// flags for each condition
bool upper = false;
bool lower = false;
bool special = false;
bool spaces = false;
// validating user entry lengths
if (valEntry(password, PASSWORDMIN, DEFAULTMAX) && valEntry(username, USERNAMEMIN, DEFAULTMAX) &&
valEntry(email, DEFAULTMIN, DEFAULTMAX) && valEntry(firstName, DEFAULTMIN, DEFAULTMAX) &&
valEntry(lastName, DEFAULTMIN, DEFAULTMAX))
{
// for every char in password check to see if it meets each condition
foreach (char ch in password)
{
if (Char.IsUpper(ch))
{
upper = true;
}
if (Char.IsLower(ch))
{
lower = true;
}
if (!Char.IsLetterOrDigit(ch))
{
special = true;
}
}
if (upper && lower && special)
{
// making sure username does not contain spaces
foreach (char ch in username)
{
if (Char.IsWhiteSpace(ch))
{
spaces = true;
}
}
if (!spaces)
{
// validating email address
if (sendEmail(email, "Venzi: Test", "This is a test email to validate your email address.")
== "The email has been sent successfully")
{
// SaltingHashing is used to encrypt the password
// First variable in CreateSaltHash can be changed to increase or decrease length of hash
SaltingHashing userHashSalt = SaltingHashing.CreateSaltHash(30, password);
string passwordHash = userHashSalt.passHash;
string passwordSalt = userHashSalt.passSalt;
// creating new user object
User newUser = new User();
newUser.userName = username;
newUser.userFirstName = firstName;
newUser.userLastName = lastName;
newUser.userPass = passwordHash;
newUser.userTypeName = usertype;
newUser.userEmail = email;
newUser.userSalt = passwordSalt;
// making sure email is unique
if (!db.isObjectNameInDb(newUser, username))
{
bool doesEmailAlreadyExist = false;
List <User> allUsers = db.getAllFromTable(new User()).Cast <User>().ToList();
foreach (User i in allUsers)
{
if (i.userEmail.ToString() == newUser.userEmail)
{
doesEmailAlreadyExist = true;
}
}
// if email is unique
if (!doesEmailAlreadyExist)
{
// getting new user's type to check permissions
UserType newUsersType = (UserType)ApplicationManager.i.getObjectFromDbByName(new UserType(), newUser.userTypeName);
string returnMessage;
// if the user is attempting to pick a user type with permissions above a 2
// it must be sent for approval. in the meantime it will be created as a Basic user
if (newUsersType.userPermissionsLevel == 3 || newUsersType.userPermissionsLevel == 4)
{
UserTypeRequest request = new UserTypeRequest();
request.userTypeName = newUser.userTypeName;
newUser.userTypeName = "Basic";
db.insertObjectIntoDb(newUser);
newUser = (User)db.getObjectFromDbByName(newUser, username);
request.userID = newUser.userID;
db.insertObjectIntoDb(request);
returnMessage = "The user has been created successfully. The user type selected requires " +
"special permission from the administrator. A request has been made. In the meantime events " +
"can be viewed under our basic user type. Please check your email for the result of the request.";
}
else
{
// if the user is attempting to pick a user type with permissions of 1 or 2 then let them
db.insertObjectIntoDb(newUser);
newUser = (User)db.getObjectFromDbByName(newUser, username);
returnMessage = "The user has been created successfully.";
}
db.createItinerary(newUser);
// send welcome email
sendEmail(newUser.userEmail, "Venzi: Welcome",
"Welcome! You will find our app to be the go-to software for planning and running a convention. " +
"If you are a convention attendee you will find our app is great for scheduling " +
"your own convention experience. " +
"We hope you have a wonderful time.");
return(returnMessage);
}
else
{
return("This email address is already in use.");
}
}
else
{
return("This username already exists.");
}
}
else
{
return("A valid email address must be used.");
}
}
else
{
return("The username cannot contain spaces.");
}
}
else
{
return("The password does not meet criteria.");
}
}
else
{
return("The username, password, or email is not the correct length");
}
}
