Permalink
Browse files

Add database registration, thanks to Gonzalo who wrote all the databa…

…se glue.

svn path=/trunk/monomeeting/; revision=63743
  • Loading branch information...
1 parent d882c03 commit 4903620018d6dac6df71251d61d0b320a27a4ebc @migueldeicaza migueldeicaza committed Aug 15, 2006
Showing with 133 additions and 13 deletions.
  1. +124 −0 base.cs
  2. BIN bin/MySql.Data.dll
  3. +7 −6 confirm.aspx
  4. +1 −1 header.inc
  5. +1 −6 registration.aspx
View
124 base.cs
@@ -0,0 +1,124 @@
+using System;
+using System.Web;
+using System.Web.Security;
+using System.Web.UI;
+using System.Data;
+using MySql.Data.MySqlClient;
+using System.Data.Common;
+using System.Globalization;
+using System.IO;
+using System.Security.Cryptography;
+
+namespace Meeting {
+ public class MyBase : Page {
+
+ //
+ // Notice that am including this because Gonzalo forced me to!
+ //
+
+ string create_table = "create table Meeting ( id int not null auto_increment primary key, name varchar(100) unique not null, email varchar(100) not null, country varchar (50) not null, comment blob not null, validated int default 0 );";
+
+ static string constr;
+
+ static IDbConnection GetConnection ()
+ {
+ if (constr == null){
+ using (Stream str = File.OpenRead ("/etc/connection-string")){
+ Console.WriteLine ("reading");
+ constr = new StreamReader (str).ReadLine ();
+ }
+ }
+
+ IDbConnection cnc = new MySqlConnection("Server=localhost; database=meeting;user id=miguel; Password=miguel;");
+ cnc.Open ();
+ return cnc;
+ }
+
+ static IDbDataParameter CreateParameter (IDbCommand cmd, string name, string val)
+ {
+ IDbDataParameter par = cmd.CreateParameter ();
+ par.ParameterName = name;
+ par.Value = val;
+ par.DbType = DbType.String;
+ return par;
+ }
+
+
+ static int InsertNew (string name, string email, string country, string comment)
+ {
+ if (name == null || email == null || country == null || comment == null)
+ throw new ArgumentNullException ();
+
+ using (IDbConnection cnc = GetConnection ()){
+ IDbCommand cmd = cnc.CreateCommand ();
+ //cmd.CommandText = "INSERT INTO Meeting set name = @name, email = @email, country = @country, comment = @comment ;";
+ cmd.CommandText = "INSERT INTO Meeting (name, email, country, comment) VALUES (?name, ?email, ?country, ?comment)";
+ cmd.Parameters.Add (CreateParameter (cmd, "?name", name));
+ cmd.Parameters.Add (CreateParameter (cmd, "?email", email));
+ cmd.Parameters.Add (CreateParameter (cmd, "?country", country));
+ cmd.Parameters.Add (CreateParameter (cmd, "?comment", comment));
+ try {
+ cmd.ExecuteNonQuery ();
+ } catch (MySqlException m){
+ // Duplicate entry
+ if (m.Number != 1062)
+ throw;
+ }
+ cmd.Dispose ();
+ cmd = cnc.CreateCommand ();
+ cmd.CommandText = "SELECT id FROM Meeting WHERE name = ?name";
+ cmd.Parameters.Add (CreateParameter (cmd, "?name", name));
+ IDataReader reader = cmd.ExecuteReader ();
+ if (reader.Read () == false)
+ throw new Exception ("Reader.Read is false");
+ return (int) reader.GetValue (0);
+ }
+ }
+
+ static string MakeHash (int number)
+ {
+ using (Stream s = File.OpenRead ("/etc/clave")){
+ byte [] buffer = new byte [100];
+
+ int n = s.Read (buffer, 4, 96);
+ buffer [0] = (byte) (number & 0xff);
+ buffer [1] = (byte) ((number >> 8) & 0xff);
+ buffer [2] = (byte) ((number >> 16) & 0xff);
+ buffer [3] = (byte) ((number >> 24) & 0xff);
+
+ byte [] hash = SHA1.Create ().ComputeHash (buffer, 0, n+4);
+ return Convert.ToBase64String (hash);
+ }
+ }
+
+ static string GenerateToken (int idx)
+ {
+ return String.Format ("{0}:{1}", idx, HttpUtility.UrlEncode (MakeHash (idx)));
+ }
+
+ public static void ValidateToken (string token)
+ {
+ int p = token.IndexOf (':');
+ if (p == -1)
+ throw new Exception ("Invalid token format");
+ int uid = (int) UInt32.Parse (token.Substring (0, p));
+ string hash = token.Substring (p+1);
+
+ if (MakeHash (uid) != hash)
+ throw new Exception ("Tampered token");
+
+ using (IDbConnection cnc = GetConnection ()){
+ IDbCommand cmd;
+ cmd = cnc.CreateCommand ();
+ cmd.CommandText = "UPDATE Meeting SET validated = 1 WHERE id = " + uid.ToString (CultureInfo.InvariantCulture);
+ cmd.ExecuteNonQuery ();
+ }
+ }
+
+ public static string InsertData (string name, string email, string country, string comment)
+ {
+ int idx = InsertNew (name, email, country, comment);
+ return GenerateToken (idx);
+ }
+ }
+}
View
Binary file not shown.
View
@@ -4,12 +4,12 @@
void Page_Load ()
{
try {
- if (DbValidate (Request.QueryString ["token"])){
- ok.Visible = true;
- } else
- error.Visible = true;
- } catch {
- error.Visible = true;
+ ValidateToken (Request.QueryString ["token"]);
+ ok.Visible = true;
+ } catch (Exception e) {
+ debug.InnerText = e.ToString ();
+ // Exception if the token does not decrypt properly
+ error.Visible = true;
}
}
@@ -37,6 +37,7 @@ bool DbValidate (string s)
</div>
+ <div id="debug" style="display: none;" runat="server"/>
</form>
</div>
</body>
View
@@ -1,4 +1,4 @@
-<%@ Page Language="C#" %>
+<%@ Page Language="C#" Src="base.cs" Inherits="Meeting.MyBase" %>
<%@ Import Namespace="System.Web" %>
<%@ Import Namespace="System.Web.Mail" %>
<html>
View
@@ -8,16 +8,11 @@ void Page_Load ()
}
Page.Validate ();
- string token = InsertRegister (name.Text, email.Text, country.Text, comments.Text);
+ string token = InsertData (name.Text, email.Text, country.Text, comments.Text);
mail (email.Text, token);
Response.Redirect ("thanks.aspx");
}
-string InsertRegister (string name, string email, string country, string comments)
-{
- return "token";
-}
-
static void mail (string recipient, string token)
{
MailMessage m = new MailMessage ();

0 comments on commit 4903620

Please sign in to comment.