public static string DateTimeToString(DateTime input)
{
try
{
return(input.ToString("d/M/yyyy @ h:mmtt"));
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(string.Empty);
}
}
protected void CategoryGrid_Edit(object sender, GridViewEditEventArgs e)
{
try
{
categoryGrid.EditIndex = e.NewEditIndex;
Load_Forms(Convert.ToInt32(postView.SelectedValue));
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void CommentGrid_Delete(object sender, GridViewDeleteEventArgs e)
{
int postId = Convert.ToInt32(postView.SelectedValue);
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText = "DELETE FROM comments WHERE commentid= @COMMENTID",
CommandType = CommandType.Text,
Connection = conn
};
var param = new NpgsqlParameter
{
ParameterName = "@COMMENTID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value =
FooStringHelper.RemoveInvalidChars(
commentGrid.DataKeys[e.RowIndex].Values[0].ToString())
};
cmd.Parameters.Add(param);
cmd.ExecuteNonQuery();
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
Reset_Page(postId);
}
protected void GridView_Edit(object sender, GridViewEditEventArgs e)
{
try
{
userGrid.EditIndex = e.NewEditIndex;
Load_Forms();
Load_Dropdown();
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
public static string Decrypt(string encrypted, string key)
{
try
{
byte[] encryptedArray = Convert.FromBase64String(encrypted);
byte[] decryptedArray = SimpleDecryptWithPassword(encryptedArray, key);
return(Encoding.UTF8.GetString(decryptedArray));
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(null);
}
}
protected void Load_Forms(string userId)
{
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT userid, useralias, city, country, profileimg, profilebody FROM users WHERE userid= @USERID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = userId
};
cmd.Parameters.Add(idParam);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count == 0)
{
errorLabel.Text = "Invalid user.";
}
else
{
userList.DataSource = ds;
userList.DataBind();
errorLabel.Text = "";
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text =
"Something has gone wrong. A log has been forwarded to the site administrator. Error:<br/>" + ex;
}
}
public static bool UpdatePassword(string id, string pass)
{
try
{
using (var conn = new NpgsqlConnection())
{
// App-DB connection.
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"UPDATE Users SET (passwordhash) = (@PASSWORDHASH) WHERE userid= @USERID;",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = id
};
cmd.Parameters.Add(idParam);
var hashParam = new NpgsqlParameter
{
ParameterName = "@PASSWORDHASH",
NpgsqlDbType = NpgsqlDbType.Varchar,
Direction = ParameterDirection.Input,
Value = FooCryptHelper.CreateShaHash(pass)
};
cmd.Parameters.Add(hashParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
}
return(true);
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(false);
}
}
public static bool CheckIfUsernameExists(string username)
{
try
{
using (var conn = new NpgsqlConnection())
{
// App-DB connection.
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"SELECT username FROM users WHERE username= @USERNAME",
CommandType = CommandType.Text,
Connection = conn
};
var nameParam = new NpgsqlParameter
{
ParameterName = "@USERNAME",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = username
};
cmd.Parameters.Add(nameParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
string result = String.Empty;
while (dr.Read())
{
result = dr["username"].ToString();
}
dr.Close();
return(!String.IsNullOrEmpty(result));
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(false);
}
}
public static string GetAccountForReset(string resetId, string token)
{
try
{
using (var conn = new NpgsqlConnection())
{
// App-DB connection.
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"SELECT userid FROM resets WHERE resetid= @RESETID",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@RESETID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = resetId
};
cmd.Parameters.Add(idParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
string result = String.Empty;
while (dr.Read())
{
result = dr["userid"].ToString();
}
dr.Close();
return(!String.IsNullOrEmpty(result) ? FooCryptHelper.Decrypt(result, token) : null);
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(null);
}
}
protected void Load_Forms()
{
string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
{
errorLabel.Text = "Invalid request.";
return;
}
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT userid, useralias, email, address, city, country, profilebody, profileimg FROM users WHERE userid= @USERID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(idParam);
using (NpgsqlDataReader dr = cmd.ExecuteReader())
{
userView.DataSource = dr;
userView.DataBind();
}
}
errorLabel.Text = "";
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void PostGrid_SelectedIndexChanged(object sender, EventArgs e)
{
try
{
int postId = Convert.ToInt32(postGrid.Rows[postGrid.SelectedIndex].Cells[0].Text);
Load_Forms(postId);
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
public static string GetEmailForAccount(string userId)
{
try
{
using (var conn = new NpgsqlConnection())
{
// App-DB connection.
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"SELECT email FROM users WHERE userid= @USERID",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Direction = ParameterDirection.Input,
Value = userId
};
cmd.Parameters.Add(idParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
string result = String.Empty;
while (dr.Read())
{
result = dr["email"].ToString();
}
dr.Close();
return(!String.IsNullOrEmpty(result) ? result : null);
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(null);
}
}
protected void PostView_ItemDeleting(object sender, DetailsViewDeleteEventArgs e)
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText = "DELETE FROM posts WHERE postid= @POSTID",
CommandType = CommandType.Text,
Connection = conn
};
var param = new NpgsqlParameter
{
ParameterName = "@POSTID",
NpgsqlDbType = NpgsqlDbType.Integer,
Size = 8,
Direction = ParameterDirection.Input,
Value = Convert.ToInt32(postView.SelectedValue)
};
cmd.Parameters.Add(param);
cmd.ExecuteNonQuery();
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
Reset_Page(-1);
}
protected void Load_Form()
{
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT merchid, merchname, merchprice, merchbrief FROM merchandise WHERE merchenabled= true ORDER BY merchname",
conn);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count == 0)
{
errorLabel.Text = "There are no items.";
}
else
{
merchList.DataSource = ds;
merchList.DataBind();
errorLabel.Text = "";
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void MerchGrid_SelectedIndexChanged(object sender, EventArgs e)
{
try
{
string merchId = merchGrid.Rows[merchGrid.SelectedIndex].Cells[0].Text;
if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
{
errorLabel.Text = "Invalid request.";
Reset_Page(string.Empty);
return;
}
Load_Forms(merchId);
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void Load_Form()
{
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT T1.postid, T1.posttime, T1.catid, T1.posttitle, T1.postbrief, T1.postenabled, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T1.postenabled= true ORDER BY T1.posttime",
conn);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count == 0)
{
errorLabel.Text = "There are no posts.";
}
else
{
postList.DataSource = ds;
postList.DataBind();
errorLabel.Text = "";
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void submitButton_Click(object sender, EventArgs e)
{
string reviewBody = reviewText.Text;
string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
string merchId = Request.QueryString["id"];
if (string.IsNullOrEmpty(reviewBody))
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
reviewErrorLabel.Text = "Incomplete input.";
return;
}
if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
reviewErrorLabel.Text = "Invalid input.";
return;
}
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO reviews(reviewid, reviewtime, userid, merchid, reviewbody) VALUES (@REVIEWID, @REVIEWTIME, @USERID, @MERCHID, @REVIEWBODY)",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@REVIEWID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RandomString(16)
};
cmd.Parameters.Add(idParam);
var timeParam = new NpgsqlParameter
{
ParameterName = "@REVIEWTIME",
NpgsqlDbType = NpgsqlDbType.Timestamp,
Size = 32,
Direction = ParameterDirection.Input,
Value = DateTime.Now
};
cmd.Parameters.Add(timeParam);
var userParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(userParam);
var merchParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(merchParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@REVIEWBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = reviewBody
};
cmd.Parameters.Add(bodyParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
reviewErrorLabel.Text = "";
reviewText.Text = "";
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
reviewErrorLabel.Text =
"Something has gone wrong. A log has been forwarded to the site administrator.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
Load_Forms(merchId);
}
public static bool RegisterNewUser(string id, string alias, string email, string address, string city,
string country,
string username, string pass, string groupId)
{
try
{
using (var conn = new NpgsqlConnection())
{
// App-DB connection.
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO Users (userId, userName, userAlias, passwordHash, groupId, email, address, city, country, profileimg) VALUES (@USERID, @USERNAME, @USERALIAS, @PASSWORDHASH, @GROUPID, @EMAIL, @ADDRESS, @CITY, @COUNTRY, 'profile_default.jpg');",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = id
};
cmd.Parameters.Add(idParam);
var nameParam = new NpgsqlParameter
{
ParameterName = "@USERNAME",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = username
};
cmd.Parameters.Add(nameParam);
var aliasParam = new NpgsqlParameter
{
ParameterName = "@USERALIAS",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = alias
};
cmd.Parameters.Add(aliasParam);
var hashParam = new NpgsqlParameter
{
ParameterName = "@PASSWORDHASH",
NpgsqlDbType = NpgsqlDbType.Varchar,
Direction = ParameterDirection.Input,
Value = FooCryptHelper.CreateShaHash(pass)
};
cmd.Parameters.Add(hashParam);
var groupParam = new NpgsqlParameter
{
ParameterName = "@GROUPID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Direction = ParameterDirection.Input,
Value = groupId
};
cmd.Parameters.Add(groupParam);
var emailParam = new NpgsqlParameter
{
ParameterName = "@EMAIL",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 64,
Direction = ParameterDirection.Input,
Value = email
};
cmd.Parameters.Add(emailParam);
var addressParam = new NpgsqlParameter
{
ParameterName = "@ADDRESS",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 128,
Direction = ParameterDirection.Input,
Value = address
};
cmd.Parameters.Add(addressParam);
var cityParam = new NpgsqlParameter
{
ParameterName = "@CITY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = city
};
cmd.Parameters.Add(cityParam);
var countryParam = new NpgsqlParameter
{
ParameterName = "@COUNTRY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = country
};
cmd.Parameters.Add(countryParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
}
return(true);
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(false);
}
}
public static UserObject GetUserObjByEmail(string email)
{
try
{
using (var conn = new NpgsqlConnection())
{
// App-DB connection.
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"SELECT useralias, userid, username, groupid FROM users WHERE email= @EMAIL",
CommandType = CommandType.Text,
Connection = conn
};
var emailParam = new NpgsqlParameter
{
ParameterName = "@EMAIL",
NpgsqlDbType = NpgsqlDbType.Varchar,
Direction = ParameterDirection.Input,
Value = email
};
cmd.Parameters.Add(emailParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
string userAlias = String.Empty;
string userName = String.Empty;
string userId = String.Empty;
string groupId = String.Empty;
while (dr.Read())
{
userAlias = dr["useralias"].ToString();
userId = dr["userid"].ToString();
groupId = dr["groupid"].ToString();
userName = dr["userName"].ToString();
}
dr.Close();
if (!String.IsNullOrEmpty(userAlias) && !String.IsNullOrEmpty(userId) &&
!String.IsNullOrEmpty(userName) && !String.IsNullOrEmpty(groupId))
{
var userObj = new UserObject
{
Username = userName,
UserAlias = userAlias,
UserId = userId,
GroupId = groupId
};
return(userObj);
}
return(null);
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
return(null);
}
}
protected void MerchView_Databound(object sender, EventArgs e)
{
if (merchView.CurrentMode == DetailsViewMode.ReadOnly && merchView.Rows.Count > 1)
{
var merchEnabledLabel = (Label)merchView.FindControl("merchEnabledLabel");
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString())
};
cmd.Parameters.Add(idParam);
bool postEnabled = Convert.ToBoolean(cmd.ExecuteScalar());
merchEnabledLabel.Text = postEnabled ? "Yes" : "No";
}
}
else
{
var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox");
try
{
if (merchView.CurrentMode == DetailsViewMode.Edit)
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT merchenabled FROM merchandise WHERE merchid= @MERCHID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(merchView.SelectedValue.ToString())
};
cmd.Parameters.Add(idParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
merchEnabledCheckbox.Checked = Convert.ToBoolean(dr["merchenabled"]);
}
dr.Close();
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
string merchId = merchView.SelectedValue.ToString();
if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
{
errorLabel.Text = "Invalid request.";
Reset_Page(string.Empty);
return;
}
Reset_Page(merchId);
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
}
protected void CategoryGrid_Command(object sender, GridViewCommandEventArgs e)
{
int postId = Convert.ToInt32(postView.SelectedValue);
var txtCatNameFooter = (TextBox)categoryGrid.FooterRow.FindControl("txtCatNameFooter");
if (!string.IsNullOrEmpty(txtCatNameFooter.Text))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
if (e.CommandName.Equals("AddNew"))
{
// Define connection string.
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO categories(catid, catname) VALUES (@CATID, @NAME)",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@CATID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RandomString(16)
};
cmd.Parameters.Add(idParam);
var nameParam = new NpgsqlParameter
{
ParameterName = "@NAME",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtCatNameFooter.Text
};
cmd.Parameters.Add(nameParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
}
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
else
{
errorLabel.Text = "Incomplete or invalid input.";
}
Reset_Page(postId);
}
protected void CategoryGrid_Update(object sender, GridViewUpdateEventArgs e)
{
int postId = Convert.ToInt32(postView.SelectedValue);
var txtCatName = (TextBox)categoryGrid.Rows[e.RowIndex].FindControl("txtCatName");
if (!string.IsNullOrEmpty(txtCatName.Text))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
// Define connection string.
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"UPDATE categories SET catname= @NAME WHERE catid= @CATID",
CommandType = CommandType.Text,
Connection = conn
};
var nameParam = new NpgsqlParameter
{
ParameterName = "@NAME",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtCatName.Text
};
cmd.Parameters.Add(nameParam);
var idParam = new NpgsqlParameter
{
ParameterName = "@CATID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value =
FooStringHelper.RemoveInvalidChars(
categoryGrid.DataKeys[e.RowIndex].Values[0].ToString())
};
cmd.Parameters.Add(idParam);
cmd.ExecuteNonQuery();
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
else
{
errorLabel.Text = "Incomplete or invalid input.";
}
Reset_Page(postId);
}
protected void Insert_NewImage(string merchId, HttpPostedFile file)
{
string fileName = "profile_default.jpg";
string path = HttpContext.Current.Server.MapPath("~/uploads");
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
if (file != null)
{
var uploadCompleted = false;
byte[] fileBytes = FooFileHelper.GetFileBytesFromHttpStream(file);
if (FooFileHelper.IsImage(fileBytes) && fileBytes.Length < 2097152)
{
if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE")
{
string[] files = file.FileName.Split(new[] { '\\' });
fileName = files[files.Length - 1];
}
else
{
fileName = file.FileName;
}
fileName = FooStringHelper.RandomFileName(fileName);
string filePath = Path.Combine(path, fileName);
try
{
File.WriteAllBytes(filePath, fileBytes);
uploadCompleted = true;
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Upload failed.";
}
}
else
{
errorLabel.Text = "Invalid file.";
}
if (uploadCompleted)
{
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT merchimg FROM merchandise WHERE merchid= @MERCHID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(idParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
string imageFile = string.Empty;
while (dr.Read())
{
imageFile = dr["merchimg"].ToString();
}
dr.Close();
if (imageFile != string.Empty && imageFile != "merch_default.jpg")
{
string currentFile = Path.Combine(path, imageFile);
if (File.Exists(currentFile))
{
File.Delete(currentFile);
}
}
}
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"UPDATE merchandise SET (merchimg) = (@MERCHIMG) WHERE merchid= @MERCHID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(idParam);
var imgParam = new NpgsqlParameter
{
ParameterName = "@MERCHIMG",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 64,
Direction = ParameterDirection.Input,
Value = fileName
};
cmd.Parameters.Add(imgParam);
cmd.ExecuteNonQuery();
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text =
"Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
}
}
protected void PostView_Databound(object sender, EventArgs e)
{
if (postView.CurrentMode == DetailsViewMode.ReadOnly && postView.Rows.Count > 1)
{
var postEnabledLabel = (Label)postView.FindControl("postEnabledLabel");
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT postenabled FROM posts WHERE postid= @POSTID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@POSTID",
NpgsqlDbType = NpgsqlDbType.Integer,
Direction = ParameterDirection.Input,
Value = Convert.ToInt32(postView.SelectedValue)
};
cmd.Parameters.Add(idParam);
bool postEnabled = Convert.ToBoolean(cmd.ExecuteScalar());
postEnabledLabel.Text = postEnabled ? "Yes" : "No";
}
}
else
{
var catDropdown = (DropDownList)postView.FindControl("catDropdown");
var postEnabledCheckbox = (CheckBox)postView.FindControl("postEnabledCheckbox");
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT catid, catname FROM categories",
conn);
using (NpgsqlDataReader dr = cmd.ExecuteReader())
{
catDropdown.DataSource = dr;
catDropdown.DataValueField = "catid";
catDropdown.DataTextField = "catname";
catDropdown.DataBind();
}
}
if (postView.CurrentMode == DetailsViewMode.Edit)
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT catid, postenabled FROM posts WHERE postid= @POSTID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@POSTID",
NpgsqlDbType = NpgsqlDbType.Integer,
Size = 8,
Direction = ParameterDirection.Input,
Value = Convert.ToInt32(postView.SelectedValue)
};
cmd.Parameters.Add(idParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
postEnabledCheckbox.Checked = Convert.ToBoolean(dr["postenabled"]);
catDropdown.SelectedValue = dr["catid"].ToString();
}
dr.Close();
}
}
}
catch (Exception ex)
{
Reset_Page(Convert.ToInt32(postView.SelectedValue));
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
}
protected void Load_Forms(int postId)
{
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand();
if (postId == -1)
{
cmd.CommandText =
"SELECT T1.postid, T1.catid, T1.posttitle, T1.postbrief, T1.postbody, T1.postenabled, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid ORDER BY T1.postid DESC LIMIT 1";
cmd.Connection = conn;
}
else
{
cmd.CommandText =
"SELECT T1.postid, T1.catid, T1.posttitle, T1.postbrief, T1.postbody, T1.postenabled, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T1.postid= @POSTID";
cmd.Connection = conn;
var idParam = new NpgsqlParameter
{
ParameterName = "@POSTID",
NpgsqlDbType = NpgsqlDbType.Integer,
Size = 8,
Direction = ParameterDirection.Input,
Value = postId
};
cmd.Parameters.Add(idParam);
}
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
postView.DataSource = ds;
postView.DataBind();
}
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT postid, posttime, posttitle FROM posts",
conn);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
postGrid.DataSource = ds;
postGrid.DataBind();
}
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT catid, catname FROM categories",
conn);
using (NpgsqlDataReader dr = cmd.ExecuteReader())
{
if (dr.HasRows)
{
categoryGrid.DataSource = dr;
categoryGrid.DataBind();
}
else
{
var dt = new DataTable();
dt.Columns.Add("catid");
dt.Columns.Add("catname");
DataRow row = dt.NewRow();
row["catid"] = "null";
row["catname"] = "null";
dt.Rows.Add(row);
categoryGrid.DataSource = dt;
categoryGrid.DataBind();
categoryGrid.Rows[0].Visible = false;
categoryGrid.Rows[0].Controls.Clear();
}
}
}
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT T1.commentid, T1.commenttime, T1.userid, T1.postid, T1.commentbody, T2.userid, T2.useralias, T3.postid, T3.posttitle FROM comments AS T1 LEFT OUTER JOIN users AS T2 ON T1.userid = T2.userid LEFT OUTER JOIN posts AS T3 ON T1.postid = T3.postid",
conn);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
commentGrid.DataSource = ds;
commentGrid.DataBind();
}
errorLabel.Text = "";
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void Insert_NewImage(string fileName, string userId)
{
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT profileimg FROM users WHERE userid= @USERID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = userId
};
cmd.Parameters.Add(idParam);
NpgsqlDataReader dr = cmd.ExecuteReader();
string imageFile = string.Empty;
while (dr.Read())
{
imageFile = dr["profileimg"].ToString();
}
dr.Close();
if (imageFile != string.Empty && imageFile != "profile_default.jpg")
{
string path = HttpContext.Current.Server.MapPath("~/uploads");
string currentFile = Path.Combine(path, imageFile);
File.Delete(currentFile);
}
}
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"UPDATE users SET (profileimg) = (@PROFILEIMG) WHERE userid= @USERID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(idParam);
var imgParam = new NpgsqlParameter
{
ParameterName = "@PROFILEIMG",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 64,
Direction = ParameterDirection.Input,
Value = fileName
};
cmd.Parameters.Add(imgParam);
cmd.ExecuteNonQuery();
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void Load_Forms(string merchId)
{
try
{
bool isValidItem = false;
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT merchid, merchname, merchprice, merchimg, merchbody FROM merchandise WHERE merchenabled= true AND merchid= @MERCHID LIMIT 1",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(idParam);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count == 0)
{
errorLabel.Text = "Invalid item.";
}
else
{
merchList.DataSource = ds;
merchList.DataBind();
errorLabel.Text = "";
isValidItem = true;
}
}
if (!isValidItem)
{
return;
}
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT T1.reviewid, T1.reviewtime, T1.reviewbody, T1.merchid, T2.userid, T2.useralias, T2.profileimg FROM reviews AS T1 LEFT OUTER JOIN users AS T2 ON T1.userid = T2.userid WHERE T1.merchid= @MERCHID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(idParam);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count == 0)
{
reviewLabel.Text = "No reviews.";
}
else
{
reviewList.DataSource = ds;
reviewList.DataBind();
reviewLabel.Text = "";
}
}
if (!User.Identity.IsAuthenticated)
{
reviewText.Visible = false;
submitButton.Visible = false;
reviewErrorLabel.Text = "You must be logged in to leave a review.";
}
reviewPanel.Visible = true;
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void UserView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
UserObject userObj = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current);
string userId = userObj.UserId;
string userName = userObj.Username;
if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
{
errorLabel.Text = "Invalid request.";
Reset_Page();
return;
}
var txtUserAlias = (TextBox)userView.FindControl("txtUserAlias");
var txtUserEmail = (TextBox)userView.FindControl("txtUserEmail");
var txtUserAddress = (TextBox)userView.FindControl("txtUserAddress");
var txtUserCity = (TextBox)userView.FindControl("txtUserCity");
var txtUserCountry = (TextBox)userView.FindControl("txtUserCountry");
var txtUserBody = (TextBox)userView.FindControl("txtUserBody");
var imageUploadForm = (FileUpload)userView.FindControl("imageUploadForm");
if (!string.IsNullOrEmpty(txtUserAlias.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) &&
!string.IsNullOrEmpty(txtUserAddress.Text) && !string.IsNullOrEmpty(txtUserCity.Text) &&
!string.IsNullOrEmpty(txtUserCountry.Text) && !string.IsNullOrEmpty(txtUserBody.Text) &&
!string.IsNullOrEmpty(txtUserEmail.Text) && FooStringHelper.IsValidEmailAddress(txtUserEmail.Text) &&
!FooEmailHelper.CheckIfEmailExists(txtUserEmail.Text, userName))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"UPDATE users SET (useralias, email, address, city, country, profilebody) = (@USERALIAS, @EMAIL, @ADDRESS, @CITY, @COUNTRY, @PROFILEBODY) WHERE userid= @USERID",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(idParam);
var aliasParam = new NpgsqlParameter
{
ParameterName = "@USERALIAS",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtUserAlias.Text
};
cmd.Parameters.Add(aliasParam);
var emailParam = new NpgsqlParameter
{
ParameterName = "@EMAIL",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 64,
Direction = ParameterDirection.Input,
Value = txtUserEmail.Text
};
cmd.Parameters.Add(emailParam);
var addressParam = new NpgsqlParameter
{
ParameterName = "@ADDRESS",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 128,
Direction = ParameterDirection.Input,
Value = txtUserAddress.Text
};
cmd.Parameters.Add(addressParam);
var cityParam = new NpgsqlParameter
{
ParameterName = "@CITY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtUserCity.Text
};
cmd.Parameters.Add(cityParam);
var countryParam = new NpgsqlParameter
{
ParameterName = "@COUNTRY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtUserCountry.Text
};
cmd.Parameters.Add(countryParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@PROFILEBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = txtUserBody.Text
};
cmd.Parameters.Add(bodyParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
}
if (imageUploadForm.HasFile)
{
string path = HttpContext.Current.Server.MapPath("~/uploads");
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
HttpPostedFile file = HttpContext.Current.Request.Files[0];
if (file.ContentLength < 2097152)
{
string fileName;
if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE")
{
string[] files = file.FileName.Split(new[] { '\\' });
fileName = files[files.Length - 1];
}
else
{
fileName = file.FileName;
}
fileName = FooStringHelper.RandomFileName(fileName);
string filePath = Path.Combine(path, fileName);
try
{
file.SaveAs(filePath);
Insert_NewImage(fileName, userId);
Reset_Page();
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Upload failed.";
}
}
else
{
errorLabel.Text = "Invalid file.";
}
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
else
{
errorLabel.Text = "Incomplete or invalid input.";
}
Reset_Page();
}
protected void Load_Forms(string catId)
{
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT catname FROM categories WHERE catid= @CATID ORDER BY catname",
conn);
var catParam = new NpgsqlParameter
{
ParameterName = "@CATID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = catId
};
cmd.Parameters.Add(catParam);
object catName = cmd.ExecuteScalar();
if (catName != null)
{
catLabel.Text = catName.ToString();
}
}
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT T1.postid, T1.posttime, T1.catid AS queryid, T1.posttitle, T1.postbrief, T2.catid, T2.catname FROM posts AS T1 LEFT OUTER JOIN categories AS T2 ON T1.catid = T2.catid WHERE T2.catid= @CATID AND postenabled= true ORDER BY T1.posttime",
conn);
var catParam = new NpgsqlParameter
{
ParameterName = "@CATID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = catId
};
cmd.Parameters.Add(catParam);
var da = new NpgsqlDataAdapter(cmd);
var ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count == 0)
{
errorLabel.Text = "Empty category.";
}
else
{
postList.DataSource = ds;
postList.DataBind();
errorLabel.Text = "";
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void PostView_ItemInserting(object sender, DetailsViewInsertEventArgs e)
{
var txtPostTitle = (TextBox)postView.FindControl("txtPostTitle");
var txtPostBrief = (TextBox)postView.FindControl("txtPostBrief");
var txtPostBody = (TextBox)postView.FindControl("txtPostBody");
var postEnabledCheckbox = (CheckBox)postView.FindControl("postEnabledCheckbox");
var catDropdown = (DropDownList)postView.FindControl("catDropdown");
if (!string.IsNullOrEmpty(txtPostTitle.Text) && !string.IsNullOrEmpty(txtPostBrief.Text) &&
!string.IsNullOrEmpty(txtPostBody.Text))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
// Define connection string.
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO posts(catid, posttime, posttitle, postbrief, postbody, postenabled) VALUES (@CATID, @POSTTIME, @POSTTITLE, @POSTBRIEF, @POSTBODY, @POSTENABLED)",
CommandType = CommandType.Text,
Connection = conn
};
var catParam = new NpgsqlParameter
{
ParameterName = "@CATID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = catDropdown.SelectedValue
};
cmd.Parameters.Add(catParam);
var timeParam = new NpgsqlParameter
{
ParameterName = "@POSTTIME",
NpgsqlDbType = NpgsqlDbType.Timestamp,
Size = 32,
Direction = ParameterDirection.Input,
Value = DateTime.Now
};
cmd.Parameters.Add(timeParam);
var titleParam = new NpgsqlParameter
{
ParameterName = "@POSTTITLE",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtPostTitle.Text
};
cmd.Parameters.Add(titleParam);
var briefParam = new NpgsqlParameter
{
ParameterName = "@POSTBRIEF",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = txtPostBrief.Text
};
cmd.Parameters.Add(briefParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@POSTBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Direction = ParameterDirection.Input,
Value = Server.HtmlDecode(txtPostBody.Text)
};
cmd.Parameters.Add(bodyParam);
var enabledParam = new NpgsqlParameter
{
ParameterName = "@POSTENABLED",
NpgsqlDbType = NpgsqlDbType.Boolean,
Direction = ParameterDirection.Input,
Value = postEnabledCheckbox.Checked
};
cmd.Parameters.Add(enabledParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
else
{
errorLabel.Text = "Incomplete or invalid input.";
}
Reset_Page(-1);
}
