The next generation of the Teknik Services. Written in ASP.NET. Fork for blog tags.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

UserController.cs 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Data.Entity;
  4. using System.Linq;
  5. using System.Runtime.InteropServices;
  6. using System.Web;
  7. using System.Web.Mvc;
  8. using System.Web.Security;
  9. using Teknik.Areas.Shortener.Models;
  10. using Teknik.Areas.Blog.Models;
  11. using Teknik.Areas.Error.Controllers;
  12. using Teknik.Areas.Error.ViewModels;
  13. using Teknik.Areas.Users.Models;
  14. using Teknik.Areas.Users.ViewModels;
  15. using Teknik.Controllers;
  16. using Teknik.Helpers;
  17. using Teknik.Models;
  18. using Teknik.ViewModels;
  19. using System.Windows;
  20. using System.Net;
  21. using Teknik.Areas.Users.Utility;
  22. namespace Teknik.Areas.Users.Controllers
  23. {
  24. public class UserController : DefaultController
  25. {
  26. private TeknikEntities db = new TeknikEntities();
  27. // GET: Profile/Profile
  28. [AllowAnonymous]
  29. public ActionResult Index(string username)
  30. {
  31. if (string.IsNullOrEmpty(username))
  32. {
  33. username = User.Identity.Name;
  34. }
  35. ProfileViewModel model = new ProfileViewModel();
  36. ViewBag.Title = "User Does Not Exist - " + Config.Title;
  37. ViewBag.Description = "The User does not exist";
  38. try
  39. {
  40. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  41. if (user != null)
  42. {
  43. ViewBag.Title = username + "'s Profile - " + Config.Title;
  44. ViewBag.Description = "Viewing " + username + "'s Profile";
  45. model.UserID = user.UserId;
  46. model.Username = user.Username;
  47. if (Config.EmailConfig.Enabled)
  48. {
  49. model.Email = string.Format("{0}@{1}", user.Username, Config.EmailConfig.Domain);
  50. }
  51. model.JoinDate = user.JoinDate;
  52. model.LastSeen = UserHelper.GetLastActivity(db, Config, user);
  53. model.UserSettings = user.UserSettings;
  54. model.BlogSettings = user.BlogSettings;
  55. model.UploadSettings = user.UploadSettings;
  56. model.Uploads = db.Uploads.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DateUploaded).ToList();
  57. model.Pastes = db.Pastes.Where(u => u.UserId == user.UserId).OrderByDescending(u => u.DatePosted).ToList();
  58. model.ShortenedUrls = db.ShortenedUrls.Where(s => s.UserId == user.UserId).OrderByDescending(s => s.DateAdded).ToList();
  59. return View(model);
  60. }
  61. model.Error = true;
  62. model.ErrorMessage = "The user does not exist";
  63. }
  64. catch (Exception ex)
  65. {
  66. model.Error = true;
  67. model.ErrorMessage = ex.GetFullMessage(true);
  68. }
  69. return View(model);
  70. }
  71. [AllowAnonymous]
  72. public ActionResult Settings()
  73. {
  74. if (User.Identity.IsAuthenticated)
  75. {
  76. string username = User.Identity.Name;
  77. SettingsViewModel model = new SettingsViewModel();
  78. ViewBag.Title = "User Does Not Exist - " + Config.Title;
  79. ViewBag.Description = "The User does not exist";
  80. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  81. if (user != null)
  82. {
  83. ViewBag.Title = "Settings - " + Config.Title;
  84. ViewBag.Description = "Your " + Config.Title + " Settings";
  85. model.UserID = user.UserId;
  86. model.Username = user.Username;
  87. model.UserSettings = user.UserSettings;
  88. model.BlogSettings = user.BlogSettings;
  89. model.UploadSettings = user.UploadSettings;
  90. return View(model);
  91. }
  92. model.Error = true;
  93. return View(model);
  94. }
  95. return Redirect(Url.SubRouteUrl("error", "Error.Http403"));
  96. }
  97. [HttpGet]
  98. [AllowAnonymous]
  99. public ActionResult ViewRawPGP(string username)
  100. {
  101. ViewBag.Title = username + "'s Public Key - " + Config.Title;
  102. ViewBag.Description = "The PGP public key for " + username;
  103. User user = db.Users.Where(u => u.Username == username).FirstOrDefault();
  104. if (user != null)
  105. {
  106. if (!string.IsNullOrEmpty(user.UserSettings.PGPSignature))
  107. {
  108. return Content(user.UserSettings.PGPSignature, "text/plain");
  109. }
  110. }
  111. return Redirect(Url.SubRouteUrl("error", "Error.Http404"));
  112. }
  113. [HttpGet]
  114. [AllowAnonymous]
  115. public ActionResult Login(string ReturnUrl)
  116. {
  117. LoginViewModel model = new LoginViewModel();
  118. model.ReturnUrl = ReturnUrl;
  119. return View("/Areas/Users/Views/User/ViewLogin.cshtml", model);
  120. }
  121. [HttpPost]
  122. [AllowAnonymous]
  123. public ActionResult Login(LoginViewModel model)
  124. {
  125. if (ModelState.IsValid)
  126. {
  127. string username = model.Username;
  128. string password = SHA384.Hash(model.Username, model.Password);
  129. User user = db.Users.Where(b => b.Username == username).FirstOrDefault();
  130. if (user != null)
  131. {
  132. if (user.TransferAccount)
  133. {
  134. password = SHA256.Hash(model.Password, Config.Salt1, Config.Salt2);
  135. }
  136. bool userValid = db.Users.Any(b => b.Username == username && b.HashedPassword == password);
  137. if (userValid)
  138. {
  139. if (user.TransferAccount)
  140. {
  141. user.HashedPassword = SHA384.Hash(model.Username, model.Password);
  142. user.TransferAccount = false;
  143. }
  144. user.LastSeen = DateTime.Now;
  145. db.Entry(user).State = EntityState.Modified;
  146. db.SaveChanges();
  147. HttpCookie authcookie = UserHelper.CreateAuthCookie(model.Username, model.RememberMe, Request.Url.Host.GetDomain(), Request.IsLocal);
  148. Response.Cookies.Add(authcookie);
  149. if (string.IsNullOrEmpty(model.ReturnUrl))
  150. {
  151. return Json(new { result = "true" });
  152. }
  153. else
  154. {
  155. return Redirect(model.ReturnUrl);
  156. }
  157. }
  158. }
  159. }
  160. return Json(new { error = "Invalid Username or Password." });
  161. }
  162. public ActionResult Logout()
  163. {
  164. // Get cookie
  165. HttpCookie authCookie = Utility.UserHelper.CreateAuthCookie(User.Identity.Name, false, Request.Url.Host.GetDomain(), Request.IsLocal);
  166. // Signout
  167. FormsAuthentication.SignOut();
  168. Session.Abandon();
  169. // Destroy Cookies
  170. authCookie.Expires = DateTime.Now.AddYears(-1);
  171. Response.Cookies.Add(authCookie);
  172. return Redirect(Url.SubRouteUrl("www", "Home.Index"));
  173. }
  174. [HttpGet]
  175. [AllowAnonymous]
  176. public ActionResult Register(string ReturnUrl)
  177. {
  178. RegisterViewModel model = new RegisterViewModel();
  179. model.ReturnUrl = ReturnUrl;
  180. return View("/Areas/User/Views/User/ViewRegistration.cshtml", model);
  181. }
  182. [HttpPost]
  183. [AllowAnonymous]
  184. public ActionResult Register(RegisterViewModel model)
  185. {
  186. if (ModelState.IsValid)
  187. {
  188. if (Config.UserConfig.RegistrationEnabled)
  189. {
  190. if (UserHelper.UsernameAvailable(db, Config, model.Username))
  191. {
  192. return Json(new { error = "That username is not available." });
  193. }
  194. if (model.Password != model.ConfirmPassword)
  195. {
  196. return Json(new { error = "Passwords must match." });
  197. }
  198. try
  199. {
  200. User newUser = db.Users.Create();
  201. newUser.JoinDate = DateTime.Now;
  202. newUser.Username = model.Username;
  203. newUser.UserSettings = new UserSettings();
  204. newUser.BlogSettings = new BlogSettings();
  205. newUser.UploadSettings = new UploadSettings();
  206. UserHelper.AddUser(db, Config, newUser, model.Password);
  207. }
  208. catch (Exception ex)
  209. {
  210. return Json(new { error = ex.GetFullMessage(true) });
  211. }
  212. return Login(new LoginViewModel { Username = model.Username, Password = model.Password, RememberMe = false, ReturnUrl = model.ReturnUrl });
  213. }
  214. return Json(new { error = "User Registration is Disabled" });
  215. }
  216. return Json(new { error = "You must include all fields." });
  217. }
  218. [HttpPost]
  219. public ActionResult Edit(string curPass, string newPass, string newPassConfirm, string pgpPublicKey, string website, string quote, string about, string blogTitle, string blogDesc, bool saveKey, bool serverSideEncrypt)
  220. {
  221. if (ModelState.IsValid)
  222. {
  223. try
  224. {
  225. User user = UserHelper.GetUser(db, User.Identity.Name);
  226. if (user != null)
  227. {
  228. bool changePass = false;
  229. string email = string.Format("{0}@{1}", User.Identity.Name, Config.EmailConfig.Domain);
  230. // Changing Password?
  231. if (!string.IsNullOrEmpty(curPass) && (!string.IsNullOrEmpty(newPass) || !string.IsNullOrEmpty(newPassConfirm)))
  232. {
  233. // Old Password Valid?
  234. if (SHA384.Hash(User.Identity.Name, curPass) != user.HashedPassword)
  235. {
  236. return Json(new { error = "Invalid Original Password." });
  237. }
  238. // The New Password Match?
  239. if (newPass != newPassConfirm)
  240. {
  241. return Json(new { error = "New Password Must Match." });
  242. }
  243. changePass = true;
  244. }
  245. // PGP Key valid?
  246. if (!string.IsNullOrEmpty(pgpPublicKey) && !PGP.IsPublicKey(pgpPublicKey))
  247. {
  248. return Json(new { error = "Invalid PGP Public Key" });
  249. }
  250. user.UserSettings.PGPSignature = pgpPublicKey;
  251. user.UserSettings.Website = website;
  252. user.UserSettings.Quote = quote;
  253. user.UserSettings.About = about;
  254. user.BlogSettings.Title = blogTitle;
  255. user.BlogSettings.Description = blogDesc;
  256. user.UploadSettings.SaveKey = saveKey;
  257. user.UploadSettings.ServerSideEncrypt = serverSideEncrypt;
  258. UserHelper.EditUser(db, Config, user, changePass, newPass);
  259. return Json(new { result = true });
  260. }
  261. return Json(new { error = "User does not exist" });
  262. }
  263. catch (Exception ex)
  264. {
  265. return Json(new { error = ex.GetFullMessage(true) });
  266. }
  267. }
  268. return Json(new { error = "Invalid Parameters" });
  269. }
  270. [HttpPost]
  271. public ActionResult Delete()
  272. {
  273. if (ModelState.IsValid)
  274. {
  275. try
  276. {
  277. User user = UserHelper.GetUser(db, User.Identity.Name);
  278. if (user != null)
  279. {
  280. try
  281. {
  282. UserHelper.DeleteUser(db, Config, user);
  283. }
  284. catch (Exception ex)
  285. {
  286. return Json(new { error = ex.Message });
  287. }
  288. // Sign Out
  289. Logout();
  290. return Json(new { result = true });
  291. }
  292. }
  293. catch (Exception ex)
  294. {
  295. return Json(new { error = ex.GetFullMessage(true) });
  296. }
  297. }
  298. return Json(new { error = "Unable to delete user" });
  299. }
  300. }
  301. }