protected void Load_Forms()
{
string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
{
errorLabel.Text = "Invalid request.";
return;
}
try
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd =
new NpgsqlCommand(
"SELECT userid, useralias, email, address, city, country, profilebody, profileimg FROM users WHERE userid= @USERID",
conn);
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(idParam);
using (NpgsqlDataReader dr = cmd.ExecuteReader())
{
userView.DataSource = dr;
userView.DataBind();
}
}
errorLabel.Text = "";
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
anonPanel.Visible = false;
userPanel.Visible = true;
UserObject userObj = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current);
string adminGroup = ConfigurationManager.AppSettings["Admin Group ID"];
if (userObj.GroupId == adminGroup)
{
adminPanel.Visible = true;
}
}
Load_Form();
}
public void ProcessRequest(HttpContext context)
{
string userId = FooSessionHelper.GetUserObjectFromCookie(context).UserId;
string jsonString = new StreamReader(context.Request.InputStream).ReadToEnd();
var resetObj = JsonConvert.DeserializeObject <ResetObject>(jsonString);
string password = resetObj.Password.Trim();
string confirmation = resetObj.Confirmation.Trim();
if (password != confirmation)
{
context.Response.Write("Reset Failed");
}
if (!String.IsNullOrEmpty(password))
{
bool reset = do_reset.UpdatePassword(userId, password);
if (reset)
{
string email = FooEmailHelper.GetEmailForAccount(userId);
var emailObj = new EmailObject
{
Body =
"Your FooBlog password has been reset. If you did not perform this action, please contact a FooBlog administrator using your registered email account",
Subject = "FooBlog Password Reset",
ToAddress = email
};
FooEmailHelper.SendEmail(emailObj);
context.Response.Write("Reset OK");
}
else
{
context.Response.Write("Reset Failed");
}
}
}
protected void submitButton_Click(object sender, EventArgs e)
{
string reviewBody = reviewText.Text;
string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
string merchId = Request.QueryString["id"];
if (string.IsNullOrEmpty(reviewBody))
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
reviewErrorLabel.Text = "Incomplete input.";
return;
}
if (!FooStringHelper.IsValidAlphanumeric(merchId, 16))
{
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
reviewErrorLabel.Text = "Invalid input.";
return;
}
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO reviews(reviewid, reviewtime, userid, merchid, reviewbody) VALUES (@REVIEWID, @REVIEWTIME, @USERID, @MERCHID, @REVIEWBODY)",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@REVIEWID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RandomString(16)
};
cmd.Parameters.Add(idParam);
var timeParam = new NpgsqlParameter
{
ParameterName = "@REVIEWTIME",
NpgsqlDbType = NpgsqlDbType.Timestamp,
Size = 32,
Direction = ParameterDirection.Input,
Value = DateTime.Now
};
cmd.Parameters.Add(timeParam);
var userParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(userParam);
var merchParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(merchParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@REVIEWBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = reviewBody
};
cmd.Parameters.Add(bodyParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
reviewErrorLabel.Text = "";
reviewText.Text = "";
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
reviewErrorLabel.Text =
"Something has gone wrong. A log has been forwarded to the site administrator.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
Load_Forms(merchId);
}
protected void UserView_ItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
UserObject userObj = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current);
string userId = userObj.UserId;
string userName = userObj.Username;
if (!FooStringHelper.IsValidAlphanumeric(userId, 16))
{
errorLabel.Text = "Invalid request.";
Reset_Page();
return;
}
var txtUserAlias = (TextBox)userView.FindControl("txtUserAlias");
var txtUserEmail = (TextBox)userView.FindControl("txtUserEmail");
var txtUserAddress = (TextBox)userView.FindControl("txtUserAddress");
var txtUserCity = (TextBox)userView.FindControl("txtUserCity");
var txtUserCountry = (TextBox)userView.FindControl("txtUserCountry");
var txtUserBody = (TextBox)userView.FindControl("txtUserBody");
var imageUploadForm = (FileUpload)userView.FindControl("imageUploadForm");
if (!string.IsNullOrEmpty(txtUserAlias.Text) && !string.IsNullOrEmpty(txtUserEmail.Text) &&
!string.IsNullOrEmpty(txtUserAddress.Text) && !string.IsNullOrEmpty(txtUserCity.Text) &&
!string.IsNullOrEmpty(txtUserCountry.Text) && !string.IsNullOrEmpty(txtUserBody.Text) &&
!string.IsNullOrEmpty(txtUserEmail.Text) && FooStringHelper.IsValidEmailAddress(txtUserEmail.Text) &&
!FooEmailHelper.CheckIfEmailExists(txtUserEmail.Text, userName))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"UPDATE users SET (useralias, email, address, city, country, profilebody) = (@USERALIAS, @EMAIL, @ADDRESS, @CITY, @COUNTRY, @PROFILEBODY) WHERE userid= @USERID",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(idParam);
var aliasParam = new NpgsqlParameter
{
ParameterName = "@USERALIAS",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtUserAlias.Text
};
cmd.Parameters.Add(aliasParam);
var emailParam = new NpgsqlParameter
{
ParameterName = "@EMAIL",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 64,
Direction = ParameterDirection.Input,
Value = txtUserEmail.Text
};
cmd.Parameters.Add(emailParam);
var addressParam = new NpgsqlParameter
{
ParameterName = "@ADDRESS",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 128,
Direction = ParameterDirection.Input,
Value = txtUserAddress.Text
};
cmd.Parameters.Add(addressParam);
var cityParam = new NpgsqlParameter
{
ParameterName = "@CITY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtUserCity.Text
};
cmd.Parameters.Add(cityParam);
var countryParam = new NpgsqlParameter
{
ParameterName = "@COUNTRY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 32,
Direction = ParameterDirection.Input,
Value = txtUserCountry.Text
};
cmd.Parameters.Add(countryParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@PROFILEBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = txtUserBody.Text
};
cmd.Parameters.Add(bodyParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
}
if (imageUploadForm.HasFile)
{
string path = HttpContext.Current.Server.MapPath("~/uploads");
if (!Directory.Exists(path))
{
Directory.CreateDirectory(path);
}
HttpPostedFile file = HttpContext.Current.Request.Files[0];
if (file.ContentLength < 2097152)
{
string fileName;
if (HttpContext.Current.Request.Browser.Browser.ToUpper() == "IE")
{
string[] files = file.FileName.Split(new[] { '\\' });
fileName = files[files.Length - 1];
}
else
{
fileName = file.FileName;
}
fileName = FooStringHelper.RandomFileName(fileName);
string filePath = Path.Combine(path, fileName);
try
{
file.SaveAs(filePath);
Insert_NewImage(fileName, userId);
Reset_Page();
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Upload failed.";
}
}
else
{
errorLabel.Text = "Invalid file.";
}
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
else
{
errorLabel.Text = "Incomplete or invalid input.";
}
Reset_Page();
}
protected void submitButton_Click(object sender, EventArgs e)
{
string commentBody = commentText.Text;
string userId = FooSessionHelper.GetUserObjectFromCookie(HttpContext.Current).UserId;
string postId = Request.QueryString["id"];
if (!string.IsNullOrEmpty(commentBody))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO comments(commentid, commenttime, userid, postid, commentbody) VALUES (@COMMENTID, @COMMENTTIME, @USERID, @POSTID, @COMMENTBODY)",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@COMMENTID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RandomString(16)
};
cmd.Parameters.Add(idParam);
var timeParam = new NpgsqlParameter
{
ParameterName = "@COMMENTTIME",
NpgsqlDbType = NpgsqlDbType.Timestamp,
Size = 32,
Direction = ParameterDirection.Input,
Value = DateTime.Now
};
cmd.Parameters.Add(timeParam);
var userParam = new NpgsqlParameter
{
ParameterName = "@USERID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(userId)
};
cmd.Parameters.Add(userParam);
var postParam = new NpgsqlParameter
{
ParameterName = "@POSTID",
NpgsqlDbType = NpgsqlDbType.Integer,
Size = 16,
Direction = ParameterDirection.Input,
Value = FooStringHelper.RemoveInvalidChars(postId)
};
cmd.Parameters.Add(postParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@COMMENTBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = commentBody
};
cmd.Parameters.Add(bodyParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
commentText.Text = "";
commentErrorLabel.Text = "";
}
}
else
{
errorLabel.Text = "Invalid request.";
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
commentErrorLabel.Text =
"Something has gone wrong. A log has been forwarded to the site administrator.";
}
Load_Forms();
}
else
{
commentErrorLabel.Text = "Incomplete input.";
}
RequestToken.Value = FooSessionHelper.SetToken(HttpContext.Current);
}
