public SpeciesServiceStatus Add(string name, string version, string type, string author, string email, string assemblyFullName, byte[] assemblyCode)
{
if (name == null || version == null || type == null || author == null || email == null || assemblyFullName == null || assemblyCode == null)
{
// Special versioning case, if all parameters are not specified then we return an appropriate error.
InstallerInfo.WriteEventLog("AddSpecies", "Suspect: " + Context.Request.ServerVariables["REMOTE_ADDR"].ToString());
return SpeciesServiceStatus.VersionIncompatible;
}
version = new Version(version).ToString(3);
bool nameInappropriate = WordFilter.RunQuickWordFilter(name);
bool authInappropriate = WordFilter.RunQuickWordFilter(author);
bool emailInappropriate = WordFilter.RunQuickWordFilter(email);
bool inappropriate = nameInappropriate | authInappropriate | emailInappropriate;
bool insertComplete = false;
bool allow = !Throttle.Throttled(
Context.Request.ServerVariables["REMOTE_ADDR"].ToString(),
"AddSpecies5MinuteThrottle"
);
if (allow)
{
allow = !Throttle.Throttled(
Context.Request.ServerVariables["REMOTE_ADDR"].ToString(),
"AddSpecies24HourThrottle"
);
if (!allow)
return SpeciesServiceStatus.TwentyFourHourThrottle;
}
else
return SpeciesServiceStatus.FiveMinuteThrottle;
try
{
using (SqlConnection myConnection = new SqlConnection(ServerSettings.SpeciesDsn))
{
myConnection.Open();
SqlTransaction transaction = myConnection.BeginTransaction();
SqlCommand mySqlCommand = new SqlCommand("TerrariumInsertSpecies", myConnection, transaction);
mySqlCommand.CommandType = CommandType.StoredProcedure;
SqlParameterCollection cmdParms = mySqlCommand.Parameters;
SqlParameter parmName = cmdParms.Add("@Name", SqlDbType.VarChar, 255); parmName.Value = name;
SqlParameter parmVersion = cmdParms.Add("@Version", SqlDbType.VarChar, 255); parmVersion.Value = version;
SqlParameter parmType = cmdParms.Add("@Type", SqlDbType.VarChar, 50); parmType.Value = type;
SqlParameter parmAuthor = cmdParms.Add("@Author", SqlDbType.VarChar, 255); parmAuthor.Value = author;
SqlParameter parmAuthorEmail = cmdParms.Add("@AuthorEmail", SqlDbType.VarChar, 255); parmAuthorEmail.Value = email;
SqlParameter parmExtinct = cmdParms.Add("@Extinct", SqlDbType.TinyInt, 1); parmExtinct.Value = 0;
SqlParameter parmDateAdded = cmdParms.Add("@DateAdded", SqlDbType.DateTime, 8); parmDateAdded.Value = DateTime.Now;
SqlParameter parmAssembly = cmdParms.Add("@AssemblyFullName", SqlDbType.Text, Int32.MaxValue); parmAssembly.Value = assemblyFullName;
SqlParameter parmBlackListed = cmdParms.Add("@BlackListed", SqlDbType.Bit, 1); parmBlackListed.Value = inappropriate;
try
{
mySqlCommand.ExecuteNonQuery();
}
catch (System.Data.SqlClient.SqlException e)
{
// 2627 is Primary key violation
if (e.Number == 2627)
return SpeciesServiceStatus.AlreadyExists;
else
throw;
}
int introductionWait = (int)ServerSettings.IntroductionWait;
Throttle.AddThrottle(
Context.Request.ServerVariables["REMOTE_ADDR"].ToString(),
"AddSpecies5MinuteThrottle",
1,
DateTime.Now.AddMinutes(introductionWait)
);
int introductionDailyLimit = (int)ServerSettings.IntroductionDailyLimit;
Throttle.AddThrottle(
Context.Request.ServerVariables["REMOTE_ADDR"].ToString(),
"AddSpecies24HourThrottle",
introductionDailyLimit,
DateTime.Now.AddHours(24)
);
insertComplete = true;
SaveAssembly(assemblyCode, version, name + ".dll");
transaction.Commit();
}
}
catch (ApplicationException e)
{
InstallerInfo.WriteEventLog("AddSpecies", e.ToString());
return SpeciesServiceStatus.AlreadyExists;
}
catch (Exception e)
{
InstallerInfo.WriteEventLog("AddSpecies", e.ToString());
if (insertComplete)
RemoveAssembly(version, name);
return SpeciesServiceStatus.ServerDown;
}
if (inappropriate)
{
if (nameInappropriate)
return SpeciesServiceStatus.PoliCheckSpeciesNameFailure;
if (authInappropriate)
return SpeciesServiceStatus.PoliCheckAuthorNameFailure;
if (emailInappropriate)
return SpeciesServiceStatus.PoliCheckEmailFailure;
return SpeciesServiceStatus.AlreadyExists;
}
else
return SpeciesServiceStatus.Success;
}