The next generation of the Teknik Services. Written in ASP.NET. Fork for blog tags.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

UserController.cs 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Data.Entity;
  4. using System.Linq;
  5. using System.Runtime.InteropServices;
  6. using System.Web;
  7. using System.Web.Mvc;
  8. using System.Web.Security;
  9. using Teknik.Areas.Shortener.Models;
  10. using Teknik.Areas.Blog.Models;
  11. using Teknik.Areas.Error.Controllers;
  12. using Teknik.Areas.Error.ViewModels;
  13. using Teknik.Areas.Users.Models;
  14. using Teknik.Areas.Users.ViewModels;
  15. using Teknik.Controllers;
  16. using Teknik.Helpers;
  17. using Teknik.Models;
  18. using Teknik.ViewModels;
  19. using System.Windows;
  20. using System.Net;
  21. using Teknik.Areas.Users.Utility;
  22. namespace Teknik.Areas.Users.Controllers
  23. {
  24. public class UserController : DefaultController
  25. {
  26. private TeknikEntities db = new TeknikEntities();
  27. // GET: Profile/Profile
  28. [AllowAnonymous]
  29. public ActionResult Index(string username)
  30. {
  31. if (string.IsNullOrEmpty(username))
  32. {
  33. username = User.Identity.Name;
  34. }
  35. ProfileViewModel model = new ProfileViewModel();
  36. ViewBag.Title = "User Does Not Exist - " + Config.Title;
  37. ViewBag.Description = "The User does not exist";
  38. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  39. if (user != null)
  40. {
  41. ViewBag.Title = username + "'s Profile - " + Config.Title;
  42. ViewBag.Description = "Viewing " + username + "'s Profile";
  43. model.UserID = user.UserId;
  44. model.Username = user.Username;
  45. if (Config.EmailConfig.Enabled)
  46. {
  47. model.Email = string.Format("{0}@{1}", user.Username, Config.EmailConfig.Domain);
  48. }
  49. model.JoinDate = user.JoinDate;
  50. model.LastSeen = UserHelper.GetLastActivity(db, Config, user);
  51. model.UserSettings = user.UserSettings;
  52. model.BlogSettings = user.BlogSettings;
  53. model.UploadSettings = user.UploadSettings;
  54. model.Uploads = db.Uploads.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DateUploaded).ToList();
  55. model.Pastes = db.Pastes.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DatePosted).ToList();
  56. model.ShortenedUrls = db.ShortenedUrls.Where(s => s.UserId == user.UserId).OrderByDescending(s => s.DateAdded).ToList();
  57. return View(model);
  58. }
  59. model.Error = true;
  60. model.ErrorMessage = "The user does not exist";
  61. return View(model);
  62. }
  63. [AllowAnonymous]
  64. public ActionResult Settings()
  65. {
  66. if (User.Identity.IsAuthenticated)
  67. {
  68. string username = User.Identity.Name;
  69. SettingsViewModel model = new SettingsViewModel();
  70. ViewBag.Title = "User Does Not Exist - " + Config.Title;
  71. ViewBag.Description = "The User does not exist";
  72. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  73. if (user != null)
  74. {
  75. ViewBag.Title = "Settings - " + Config.Title;
  76. ViewBag.Description = "Your " + Config.Title + " Settings";
  77. model.UserID = user.UserId;
  78. model.Username = user.Username;
  79. model.UserSettings = user.UserSettings;
  80. model.BlogSettings = user.BlogSettings;
  81. model.UploadSettings = user.UploadSettings;
  82. return View(model);
  83. }
  84. model.Error = true;
  85. return View(model);
  86. }
  87. return Redirect(Url.SubRouteUrl("error", "Error.Http403"));
  88. }
  89. [HttpGet]
  90. [AllowAnonymous]
  91. public ActionResult ViewRawPGP(string username)
  92. {
  93. ViewBag.Title = username + "'s Public Key - " + Config.Title;
  94. ViewBag.Description = "The PGP public key for " + username;
  95. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  96. if (user != null)
  97. {
  98. if (!string.IsNullOrEmpty(user.UserSettings.PGPSignature))
  99. {
  100. return Content(user.UserSettings.PGPSignature, "text/plain");
  101. }
  102. }
  103. return Redirect(Url.SubRouteUrl("error", "Error.Http404"));
  104. }
  105. [HttpGet]
  106. [AllowAnonymous]
  107. public ActionResult Login(string ReturnUrl)
  108. {
  109. LoginViewModel model = new LoginViewModel();
  110. model.ReturnUrl = ReturnUrl;
  111. return View("/Areas/Users/Views/User/ViewLogin.cshtml", model);
  112. }
  113. [HttpPost]
  114. [AllowAnonymous]
  115. public ActionResult Login(LoginViewModel model)
  116. {
  117. if (ModelState.IsValid)
  118. {
  119. string username = model.Username;
  120. string password = SHA384.Hash(model.Username, model.Password);
  121. User user = db.Users.Where(b => b.Username == username).FirstOrDefault();
  122. if (user != null)
  123. {
  124. if (user.TransferAccount)
  125. {
  126. password = SHA256.Hash(model.Password, Config.Salt1, Config.Salt2);
  127. }
  128. bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
  129. if (userValid)
  130. {
  131. if (user.TransferAccount)
  132. {
  133. user.HashedPassword = SHA384.Hash(model.Username, model.Password);
  134. user.TransferAccount = false;
  135. }
  136. user.LastSeen = DateTime.Now;
  137. db.Entry(user).State = EntityState.Modified;
  138. db.SaveChanges();
  139. HttpCookie authcookie = UserHelper.CreateAuthCookie(model.Username, model.RememberMe, Request.Url.Host.GetDomain(), Request.IsLocal);
  140. Response.Cookies.Add(authcookie);
  141. if (string.IsNullOrEmpty(model.ReturnUrl))
  142. {
  143. return Json(new { result = "true" });
  144. }
  145. else
  146. {
  147. return Redirect(model.ReturnUrl);
  148. }
  149. }
  150. }
  151. }
  152. return Json(new { error = "Invalid Username or Password." });
  153. }
  154. public ActionResult Logout()
  155. {
  156. // Get cookie
  157. HttpCookie authCookie = Utility.UserHelper.CreateAuthCookie(User.Identity.Name, false, Request.Url.Host.GetDomain(), Request.IsLocal);
  158. // Signout
  159. FormsAuthentication.SignOut();
  160. Session.Abandon();
  161. // Destroy Cookies
  162. authCookie.Expires = DateTime.Now.AddYears(-1);
  163. Response.Cookies.Add(authCookie);
  164. return Redirect(Url.SubRouteUrl("www", "Home.Index"));
  165. }
  166. [HttpGet]
  167. [AllowAnonymous]
  168. public ActionResult Register(string ReturnUrl)
  169. {
  170. RegisterViewModel model = new RegisterViewModel();
  171. model.ReturnUrl = ReturnUrl;
  172. return View("/Areas/User/Views/User/ViewRegistration.cshtml", model);
  173. }
  174. [HttpPost]
  175. [AllowAnonymous]
  176. public ActionResult Register(RegisterViewModel model)
  177. {
  178. if (ModelState.IsValid)
  179. {
  180. if (Config.UserConfig.RegistrationEnabled)
  181. {
  182. if (UserHelper.UserExists(db, model.Username))
  183. {
  184. return Json(new { error = "That username already exists." });
  185. }
  186. if (model.Password != model.ConfirmPassword)
  187. {
  188. return Json(new { error = "Passwords must match." });
  189. }
  190. try
  191. {
  192. User newUser = db.Users.Create();
  193. newUser.JoinDate = DateTime.Now;
  194. newUser.Username = model.Username;
  195. newUser.HashedPassword = SHA384.Hash(model.Username, model.Password);
  196. newUser.UserSettings = new UserSettings();
  197. newUser.BlogSettings = new BlogSettings();
  198. newUser.UploadSettings = new UploadSettings();
  199. UserHelper.AddUser(db, Config, newUser, model.Password);
  200. }
  201. catch (Exception ex)
  202. {
  203. return Json(new { error = ex.Message });
  204. }
  205. return Login(new LoginViewModel { Username = model.Username, Password = model.Password, RememberMe = false, ReturnUrl = model.ReturnUrl });
  206. }
  207. return Json(new { error = "User Registration is Disabled" });
  208. }
  209. return Json(new { error = "You must include all fields." });
  210. }
  211. [HttpPost]
  212. public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string pgpPublicKey, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt)
  213. {
  214. if (ModelState.IsValid)
  215. {
  216. User user = UserHelper.GetUser(db, User.Identity.Name);
  217. if (user != null)
  218. {
  219. bool changePass = false;
  220. string email = string.Format("{0}@{1}", User.Identity.Name, Config.EmailConfig.Domain);
  221. // Changing Password?
  222. if (!string.IsNullOrEmpty(curPass) && (!string.IsNullOrEmpty(newPass) || !string.IsNullOrEmpty(newPassConfirm)))
  223. {
  224. // Old Password Valid?
  225. if (SHA384.Hash(User.Identity.Name, curPass) != user.HashedPassword)
  226. {
  227. return Json(new { error = "Invalid Original Password." });
  228. }
  229. // The New Password Match?
  230. if (newPass != newPassConfirm)
  231. {
  232. return Json(new { error = "New Password Must Match." });
  233. }
  234. user.HashedPassword = SHA384.Hash(User.Identity.Name, newPass);
  235. changePass = true;
  236. }
  237. // PGP Key valid?
  238. if (!string.IsNullOrEmpty(pgpPublicKey) && !PGP.IsPublicKey(pgpPublicKey))
  239. {
  240. return Json(new { error = "Invalid PGP Public Key" });
  241. }
  242. user.UserSettings.PGPSignature = pgpPublicKey;
  243. user.UserSettings.Website = website;
  244. user.UserSettings.Quote = quote;
  245. user.UserSettings.About = about;
  246. user.BlogSettings.Title = blogTitle;
  247. user.BlogSettings.Description = blogDesc;
  248. user.UploadSettings.SaveKey = saveKey;
  249. user.UploadSettings.ServerSideEncrypt = serverSideEncrypt;
  250. UserHelper.SaveUser(db, Config, user, changePass, newPass);
  251. return Json(new { result = true });
  252. }
  253. return Json(new { error = "User does not exist" });
  254. }
  255. return Json(new { error = "Invalid Parameters" });
  256. }
  257. [HttpPost]
  258. public ActionResult Delete()
  259. {
  260. if (ModelState.IsValid)
  261. {
  262. User user = UserHelper.GetUser(db, User.Identity.Name);
  263. if (user != null)
  264. {
  265. try
  266. {
  267. UserHelper.DeleteUser(db, Config, user);
  268. }
  269. catch (Exception ex)
  270. {
  271. return Json(new { error = ex.Message });
  272. }
  273. // Sign Out
  274. Logout();
  275. return Json(new { result = true });
  276. }
  277. }
  278. return Json(new { error = "Unable to delete user" });
  279. }
  280. }
  281. }