using System; using System.Collections; using System.ComponentModel; using System.Data; using System.Diagnostics; using System.Web; using System.Web.Services; namespace Blinky { [WebService(Namespace = "http://harbormist.com/", Description = "A web service which writes to a blog database " + " (dB=Blinky). [Original programmer: Gayle Laakmann; maintained by Pat Palmer.]")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class Blinky : System.Web.Services.WebService { public Blinky() { InitializeComponent(); // required by the ASP.NET Designer } private System.Data.SqlClient.SqlConnection BlinkySQL; #region Component Designer generated code //Required by the Web Services Designer private IContainer components = null; ///

/// Required method for Designer support - do not modify /// the contents of this method with the code editor. ///

private void InitializeComponent() { this.BlinkySQL = new System.Data.SqlClient.SqlConnection(); // // BlinkySQL // this.BlinkySQL.ConnectionString = "workstation id=BERTHA;" + "packet size=4096;user id=********;" + "data source=\"sql2k502.discountasp.net\";" + "persist security info=True;" + "initial catalog=SQL2005_229378_harbor;password=********"; this.BlinkySQL.InfoMessage += new System.Data.SqlClient.SqlInfoMessageEventHandler( BlinkySQL_InfoMessage_1); } ///

/// Clean up any resources being used. ///

protected override void Dispose( bool disposing ) { if(disposing && components != null) { components.Dispose(); } base.Dispose(disposing); } #endregion public string ReplaceChars(string s) { return s.Replace("'", "''"); } [WebMethod(Description="Adds userID, displayName, and password to " + "the database. Returns false if the action fails.")] public bool RegisterUser(string userID, string displayName, string password) { if ((userID.Length >= 16) || (displayName.Length >= 16) || (password.Length >= 16)) { return false; } userID = ReplaceChars(userID); displayName = ReplaceChars(displayName); password = ReplaceChars(password); if ((userID != null) && (password != null)) { userID = userID.Trim(); password = password.Trim(); if ((userID.Length == 0) || (password.Length == 0)) // "" { return false; } } try { string querystring = "insert into BlogUsers (UserID, DisplayName, UserPassword) " + "values ('" + userID + "', '" + displayName + "', '" + password +"')"; BlinkySQL.Open(); System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); c.ExecuteNonQuery(); BlinkySQL.Close(); return true; } catch { return false; } } [WebMethod(Description="Returns true if the password matches the userID. " + "Returns false otherwise.")] public bool PasswordOK(string userID, string password) { if ((userID.Length >= 16) || (password.Length >= 16)) { return false; } userID = ReplaceChars(userID); password = ReplaceChars(password); try { userID = userID.Trim(); password = password.Trim(); if ((userID == "") || (password == "")) { return false; } string querystring = "select UserPassword from BlogUsers where UserID = '" + userID + "'"; BlinkySQL.Open(); System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); string pswd = (string) c.ExecuteScalar(); BlinkySQL.Close(); if (pswd == null) { return false; } pswd = pswd.Trim(); if (pswd.Equals(password)) { return true; } } catch { } return false; } [WebMethod(Description="Returns the DisplayName for specified user. " + "Returns empty string if user doesn't exist.")] public string GetUserDisplayName(string userID) { if (userID.Length >= 16) { return ""; } userID = ReplaceChars(userID); try { userID = userID.Trim(); if (userID.Length == 0) // "" { return ""; } string querystring = "select DisplayName from BlogUsers where UserID = '" + userID + "'"; BlinkySQL.Open(); System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); string user = (string) c.ExecuteScalar(); BlinkySQL.Close(); if (user == null) { return ""; } user = user.Trim(); return user; } catch { } return ""; } [WebMethod(Description="Returns true if user exists. Returns false otherwise.")] public bool UserExists(string userID) { if (userID.Length >= 16) { return false; } userID = ReplaceChars(userID); try { string querystring = "select UserID from BlogUsers where UserID = '" + userID + "'"; BlinkySQL.Open(); System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); string user = (string) c.ExecuteScalar(); BlinkySQL.Close(); if (user == null) { return false; } user = user.Trim(); if (user.Equals("")) { return false; } return true; } catch { return false; } } [WebMethod(Description="Returns true if a blog with the specified ID exists. " + "Returns false otherwise.")] public bool BlogIDExists(int blogID) { try { string querystring = "select UserID from Blogs where BlogID = " + blogID.ToString(); BlinkySQL.Open(); System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); string user = (string) c.ExecuteScalar(); BlinkySQL.Close(); if (user == null) { return false; } user = user.Trim(); if (user.Equals("")) { return false; } return true; } catch { return false; } } [WebMethod(Description="Returns true if a comment with the specified ID exists. " + "Returns false otherwise.")] public bool CommentIDExists(int commentID) { try { string querystring = "select CommentUserID from BlogComments where CommentID = " + commentID.ToString(); BlinkySQL.Open(); System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); string user = (string) c.ExecuteScalar(); BlinkySQL.Close(); if (user == null) { return false; } user = user.Trim(); if (user.Equals("")) { return false; } return true; } catch { return false; } } private int GenerateBlogID() { Random r = new Random(); int id; do { id = r.Next(); } while (BlogIDExists(id)); return id; } private int GenerateCommentID() { Random r = new Random(); int id; do { id = r.Next(); } while (CommentIDExists(id)); return id; } [WebMethod(Description="Returns true if the specified user has a blog with the " + "specified id. Returns false otherwise.")] public bool BlogIDMatchesUser(string userID, int blogID) { if (userID.Length >= 16) { return false; } userID = ReplaceChars(userID); try { userID = userID.Trim(); if (userID == "") { return false; } string querystring = "select UserID from Blogs where BlogID = " + blogID.ToString(); BlinkySQL.Open(); System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); string user = (string) c.ExecuteScalar(); BlinkySQL.Close(); if (user == null) { return false; } user = user.Trim(); if (user.Equals(userID)) { return true; } } catch { } return false; } [WebMethod(Description="Returns max length of a page.")] public int GetPageLength() { return 2048; } [WebMethod(Description="Returns max length of a title.")] public int GetTitleLength() { return 256; } [WebMethod(Description="Returns max length of a comment.")] public int GetCommentLength() { return 2048; } [WebMethod(Description="If the userID and password match, it writes the " + "title/blog to the database. Returns the blogID if the action succeeds. " + "Returns -1 if anything fails.")] public int PostBlog(string userID, string password, string title, string body) { if ((userID.Length >= 16) || (title.Length >= 256) || (password.Length >= 16)) { return -1; } userID = ReplaceChars(userID); password = ReplaceChars(password); try { if ((userID == null) || (password == null) || (title == null) || (body == null)) { return -1; } title = title.Trim(); body = body.Trim(); if (title.Length > GetTitleLength()) { return -1; } userID = userID.Trim(); password = password.Trim(); if ((userID == "") || (password == "")) { return -1; } if (PasswordOK(userID, password)) { int pageLength = GetPageLength(); body = body.Replace("'", "''"); title = title.Replace("'", "''"); int nPages = (int) Math.Ceiling( ((double) body.Length) / ((double) pageLength)); string[] pages = new string[nPages]; for (int i = 0; i < nPages; i++) { int startIndex = i * pageLength; int len = Math.Min(pageLength, body.Length - startIndex); pages[i] = body.Substring(startIndex, len); } int id = GenerateBlogID(); DateTime blogDate = DateTime.Now; BlinkySQL.Open(); string columns = "(UserID, BlogID, DatePosted, BlogTitle, BlogBody)"; string table = "Blogs"; string insertstring = GetInsertString(userID, id, blogDate, title, pages[0]); string querystring = "insert into " + table + " " + columns + " values " + insertstring; System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); c.ExecuteNonQuery(); columns = "(BlogID, PageNumber, PageBody)"; table = "BlogPages"; for (int i = 1; i < nPages; i++) { insertstring = GetInsertString(id, i, pages[i]); querystring = "insert into " + table + " " + columns + " values " + insertstring; c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); c.ExecuteNonQuery(); } BlinkySQL.Close(); return id; } } catch { } return -1; } // end PostBlog [WebMethod(Description="If the userID and password match, it writes " + "the comment with body to the blog with id blogID. Returns " + "the commentID if the action succeeds. Returns -1 if anything fails.")] public int PostBlogComment(string userID, string password, int blogID, string body) { if ((userID.Length >= 16) || (body.Length >= 2048) || (password.Length >= 16)) { return -1; } userID = ReplaceChars(userID); password = ReplaceChars(password); try { if ((userID == null) || (password == null) || (body == null)) { return -1; } body = body.Trim(); if (body.Length > GetCommentLength()) { return -1; } userID = userID.Trim(); password = password.Trim(); if ((userID == "") || (password == "")) { return -1; } if (!BlogIDExists(blogID)) { return -1; } if (PasswordOK(userID, password)) { body = body.Replace("'", "''"); int id = GenerateCommentID(); DateTime commentDate = DateTime.Now; BlinkySQL.Open(); string columns = "(OrgBlogID, CommentID, CommentDate, CommentUserID, CommentBody)"; string table = "BlogComments"; string insertstring = GetInsertString(blogID, id, commentDate, userID, body); string querystring = "insert into " + table + " " + columns + " values " + insertstring; System.Data.SqlClient.SqlCommand c = new System.Data.SqlClient.SqlCommand(querystring, BlinkySQL); c.ExecuteNonQuery(); BlinkySQL.Close(); return id; } } catch { } return -1; } // end PostBlogComment private string GetInsertString(object a) { string start = "('"; string end = "')"; return start + a.ToString() + end; } private void BlinkySQL_InfoMessage_1(object sender, System.Data.SqlClient.SqlInfoMessageEventArgs e) { } private void BlinkySQL_InfoMessage(object sender, System.Data.SqlClient.SqlInfoMessageEventArgs e) { } private string GetInsertString(object a, object b) { string start = "('"; string middle = "', '"; string end = "')"; return start + a.ToString() + middle + b.ToString() + end; } private string GetInsertString(object a, object b, object c) { string start = "('"; string middle = "', '"; string end = "')"; return start + a.ToString() + middle + b.ToString() + middle + c.ToString() + end; } private string GetInsertString(object a, object b, object c, object d) { string start = "('"; string middle = "', '"; string end = "')"; return start + a.ToString() + middle + b.ToString() + middle + c.ToString() + middle + d.ToString() + end; } private string GetInsertString(object a, object b, object c, object d, object e) { string start = "('"; string middle = "', '"; string end = "')"; return start + a.ToString() + middle + b.ToString() + middle + c.ToString() + middle + d.ToString() + middle + e.ToString() + end; } } // end class } // end namespace