The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

UserController.cs 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Data.Entity;
  4. using System.Linq;
  5. using System.Runtime.InteropServices;
  6. using System.Web;
  7. using System.Web.Mvc;
  8. using System.Web.Security;
  9. using Teknik.Areas.Shortener.Models;
  10. using Teknik.Areas.Blog.Models;
  11. using Teknik.Areas.Error.Controllers;
  12. using Teknik.Areas.Error.ViewModels;
  13. using Teknik.Areas.Users.Models;
  14. using Teknik.Areas.Users.ViewModels;
  15. using Teknik.Controllers;
  16. using Teknik.Helpers;
  17. using Teknik.Models;
  18. using Teknik.ViewModels;
  19. using System.Windows;
  20. using System.Net;
  21. using Teknik.Areas.Users.Utility;
  22. using Teknik.Filters;
  23. namespace Teknik.Areas.Users.Controllers
  24. {
  25. public class UserController : DefaultController
  26. {
  27. private TeknikEntities db = new TeknikEntities();
  28. // GET: Profile/Profile
  29. [TrackPageView]
  30. [AllowAnonymous]
  31. public ActionResult Index(string username)
  32. {
  33. if (string.IsNullOrEmpty(username))
  34. {
  35. username = User.Identity.Name;
  36. }
  37. ProfileViewModel model = new ProfileViewModel();
  38. ViewBag.Title = "User Does Not Exist - " + Config.Title;
  39. ViewBag.Description = "The User does not exist";
  40. try
  41. {
  42. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  43. if (user != null)
  44. {
  45. ViewBag.Title = username + "'s Profile - " + Config.Title;
  46. ViewBag.Description = "Viewing " + username + "'s Profile";
  47. model.UserID = user.UserId;
  48. model.Username = user.Username;
  49. if (Config.EmailConfig.Enabled)
  50. {
  51. model.Email = string.Format("{0}@{1}", user.Username, Config.EmailConfig.Domain);
  52. }
  53. model.JoinDate = user.JoinDate;
  54. model.LastSeen = UserHelper.GetLastAccountActivity(db, Config, user);
  55. model.UserSettings = user.UserSettings;
  56. model.BlogSettings = user.BlogSettings;
  57. model.UploadSettings = user.UploadSettings;
  58. model.Uploads = db.Uploads.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DateUploaded).ToList();
  59. model.Pastes = db.Pastes.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DatePosted).ToList();
  60. model.ShortenedUrls = db.ShortenedUrls.Where(s => s.UserId == user.UserId).OrderByDescending(s => s.DateAdded).ToList();
  61. return View(model);
  62. }
  63. model.Error = true;
  64. model.ErrorMessage = "The user does not exist";
  65. }
  66. catch (Exception ex)
  67. {
  68. model.Error = true;
  69. model.ErrorMessage = ex.GetFullMessage(true);
  70. }
  71. return View(model);
  72. }
  73. [TrackPageView]
  74. [AllowAnonymous]
  75. public ActionResult Settings()
  76. {
  77. if (User.Identity.IsAuthenticated)
  78. {
  79. string username = User.Identity.Name;
  80. SettingsViewModel model = new SettingsViewModel();
  81. ViewBag.Title = "User Does Not Exist - " + Config.Title;
  82. ViewBag.Description = "The User does not exist";
  83. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  84. if (user != null)
  85. {
  86. ViewBag.Title = "Settings - " + Config.Title;
  87. ViewBag.Description = "Your " + Config.Title + " Settings";
  88. model.UserID = user.UserId;
  89. model.Username = user.Username;
  90. model.UserSettings = user.UserSettings;
  91. model.BlogSettings = user.BlogSettings;
  92. model.UploadSettings = user.UploadSettings;
  93. return View(model);
  94. }
  95. model.Error = true;
  96. return View(model);
  97. }
  98. return Redirect(Url.SubRouteUrl("error", "Error.Http403"));
  99. }
  100. [HttpGet]
  101. [TrackPageView]
  102. [AllowAnonymous]
  103. public ActionResult ViewRawPGP(string username)
  104. {
  105. ViewBag.Title = username + "'s Public Key - " + Config.Title;
  106. ViewBag.Description = "The PGP public key for " + username;
  107. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  108. if (user != null)
  109. {
  110. if (!string.IsNullOrEmpty(user.UserSettings.PGPSignature))
  111. {
  112. return Content(user.UserSettings.PGPSignature, "text/plain");
  113. }
  114. }
  115. return Redirect(Url.SubRouteUrl("error", "Error.Http404"));
  116. }
  117. [HttpGet]
  118. [TrackPageView]
  119. [AllowAnonymous]
  120. public ActionResult Login(string ReturnUrl)
  121. {
  122. LoginViewModel model = new LoginViewModel();
  123. model.ReturnUrl = ReturnUrl;
  124. return View("/Areas/User/Views/User/ViewLogin.cshtml", model);
  125. }
  126. [HttpPost]
  127. [AllowAnonymous]
  128. public ActionResult Login([Bind(Prefix = "Login")]LoginViewModel model)
  129. {
  130. if (ModelState.IsValid)
  131. {
  132. string username = model.Username;
  133. string password = SHA384.Hash(model.Username, model.Password);
  134. User user = db.Users.Where(b => b.Username == username).FirstOrDefault();
  135. if (user != null)
  136. {
  137. if (user.TransferAccount)
  138. {
  139. password = SHA256.Hash(model.Password, Config.Salt1, Config.Salt2);
  140. }
  141. bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
  142. if (userValid)
  143. {
  144. if (user.TransferAccount)
  145. {
  146. user.HashedPassword = SHA384.Hash(model.Username, model.Password);
  147. user.TransferAccount = false;
  148. }
  149. user.LastSeen = DateTime.Now;
  150. db.Entry(user).State = EntityState.Modified;
  151. db.SaveChanges();
  152. HttpCookie authcookie = UserHelper.CreateAuthCookie(model.Username, model.RememberMe, Request.Url.Host.GetDomain(), Request.IsLocal);
  153. Response.Cookies.Add(authcookie);
  154. if (string.IsNullOrEmpty(model.ReturnUrl))
  155. {
  156. return Json(new { result = "true" });
  157. }
  158. else
  159. {
  160. return Redirect(model.ReturnUrl);
  161. }
  162. }
  163. }
  164. }
  165. return Json(new { error = "Invalid Username or Password." });
  166. }
  167. public ActionResult Logout()
  168. {
  169. // Get cookie
  170. HttpCookie authCookie = Utility.UserHelper.CreateAuthCookie(User.Identity.Name, false, Request.Url.Host.GetDomain(), Request.IsLocal);
  171. // Signout
  172. FormsAuthentication.SignOut();
  173. Session.Abandon();
  174. // Destroy Cookies
  175. authCookie.Expires = DateTime.Now.AddYears(-1);
  176. Response.Cookies.Add(authCookie);
  177. return Redirect(Url.SubRouteUrl("www", "Home.Index"));
  178. }
  179. [HttpGet]
  180. [TrackPageView]
  181. [AllowAnonymous]
  182. public ActionResult Register(string ReturnUrl)
  183. {
  184. RegisterViewModel model = new RegisterViewModel();
  185. model.ReturnUrl = ReturnUrl;
  186. return View("/Areas/User/Views/User/ViewRegistration.cshtml", model);
  187. }
  188. [HttpPost]
  189. [AllowAnonymous]
  190. public ActionResult Register([Bind(Prefix="Register")]RegisterViewModel model)
  191. {
  192. if (ModelState.IsValid)
  193. {
  194. if (Config.UserConfig.RegistrationEnabled)
  195. {
  196. if (!UserHelper.ValidUsername(Config, model.Username))
  197. {
  198. return Json(new { error = "That username is not valid" });
  199. }
  200. if (!UserHelper.UsernameAvailable(db, Config, model.Username))
  201. {
  202. return Json(new { error = "That username is not available" });
  203. }
  204. if (model.Password != model.ConfirmPassword)
  205. {
  206. return Json(new { error = "Passwords must match" });
  207. }
  208. try
  209. {
  210. User newUser = db.Users.Create();
  211. newUser.JoinDate = DateTime.Now;
  212. newUser.Username = model.Username;
  213. newUser.UserSettings = new UserSettings();
  214. newUser.BlogSettings = new BlogSettings();
  215. newUser.UploadSettings = new UploadSettings();
  216. UserHelper.AddAccount(db, Config, newUser, model.Password);
  217. }
  218. catch (Exception ex)
  219. {
  220. return Json(new { error = ex.GetFullMessage(true) });
  221. }
  222. return Login(new LoginViewModel { Username = model.Username, Password = model.Password, RememberMe = false, ReturnUrl = model.ReturnUrl });
  223. }
  224. return Json(new { error = "User Registration is Disabled" });
  225. }
  226. return Json(new { error = "You must include all fields." });
  227. }
  228. [HttpPost]
  229. public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string pgpPublicKey, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt)
  230. {
  231. if (ModelState.IsValid)
  232. {
  233. try
  234. {
  235. User user = UserHelper.GetUser(db, User.Identity.Name);
  236. if (user != null)
  237. {
  238. bool changePass = false;
  239. string email = string.Format("{0}@{1}", User.Identity.Name, Config.EmailConfig.Domain);
  240. // Changing Password?
  241. if (!string.IsNullOrEmpty(curPass) && (!string.IsNullOrEmpty(newPass) || !string.IsNullOrEmpty(newPassConfirm)))
  242. {
  243. // Old Password Valid?
  244. if (SHA384.Hash(User.Identity.Name, curPass) != user.HashedPassword)
  245. {
  246. return Json(new { error = "Invalid Original Password." });
  247. }
  248. // The New Password Match?
  249. if (newPass != newPassConfirm)
  250. {
  251. return Json(new { error = "New Password Must Match." });
  252. }
  253. changePass = true;
  254. }
  255. // PGP Key valid?
  256. if (!string.IsNullOrEmpty(pgpPublicKey) && !PGP.IsPublicKey(pgpPublicKey))
  257. {
  258. return Json(new { error = "Invalid PGP Public Key" });
  259. }
  260. user.UserSettings.PGPSignature = pgpPublicKey;
  261. user.UserSettings.Website = website;
  262. user.UserSettings.Quote = quote;
  263. user.UserSettings.About = about;
  264. user.BlogSettings.Title = blogTitle;
  265. user.BlogSettings.Description = blogDesc;
  266. user.UploadSettings.SaveKey = saveKey;
  267. user.UploadSettings.ServerSideEncrypt = serverSideEncrypt;
  268. UserHelper.EditAccount(db, Config, user, changePass, newPass);
  269. return Json(new { result = true });
  270. }
  271. return Json(new { error = "User does not exist" });
  272. }
  273. catch (Exception ex)
  274. {
  275. return Json(new { error = ex.GetFullMessage(true) });
  276. }
  277. }
  278. return Json(new { error = "Invalid Parameters" });
  279. }
  280. [HttpPost]
  281. public ActionResult Delete()
  282. {
  283. if (ModelState.IsValid)
  284. {
  285. try
  286. {
  287. User user = UserHelper.GetUser(db, User.Identity.Name);
  288. if (user != null)
  289. {
  290. UserHelper.DeleteAccount(db, Config, user);
  291. // Sign Out
  292. Logout();
  293. return Json(new { result = true });
  294. }
  295. }
  296. catch (Exception ex)
  297. {
  298. return Json(new { error = ex.GetFullMessage(true) });
  299. }
  300. }
  301. return Json(new { error = "Unable to delete user" });
  302. }
  303. }
  304. }