using System; using System.Collections.Generic; using System.Configuration; using System.Data.SqlClient; using System.Web.Mvc; using InstaVibe.Models; namespace instavibe.Controllers { public class OpportunityController : Controller { public string connectionString = ConfigurationManager.ConnectionStrings["InstaVibe"].ConnectionString.ToString(); // ================= OPPORTUNITY LIST PAGE ================ public ActionResult Index(string category = "") { List list = new List(); int currentUserId = (int)Session["UserId"]; ViewBag.CurrentUserId = currentUserId; using (SqlConnection con = new SqlConnection(connectionString)) { con.Open(); // JOIN with Users to get username and profile_picture string query = @" SELECT o.*, u.username, u.profile_picture FROM Opportunities o JOIN Users u ON o.user_id = u.user_id"; if (!string.IsNullOrEmpty(category)) query += " WHERE o.category = @category"; query += " ORDER BY o.posted_at DESC"; SqlCommand cmd = new SqlCommand(query, con); if (!string.IsNullOrEmpty(category)) cmd.Parameters.AddWithValue("@category", category); SqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { list.Add(new Opportunity { OpportunityId = Convert.ToInt32(dr["opportunity_id"]), UserId = Convert.ToInt32(dr["user_id"]), Title = dr["title"].ToString(), Category = dr["category"].ToString(), Description = dr["description"].ToString(), Link = dr["link"].ToString(), PostedAt = Convert.ToDateTime(dr["posted_at"]), Username = dr["username"].ToString(), ProfilePicture = dr["profile_picture"].ToString() }); } } return View(list); } // =============== CREATE OPPORTUNITY ================ [HttpPost] public ActionResult Create(Opportunity model) { int currentUserId = (int)Session["UserId"]; // Check if URL format is valid if (!Uri.IsWellFormedUriString(model.Link, UriKind.Absolute)) { ModelState.AddModelError("Link", "Invalid URL format."); return RedirectToAction("Index"); } // Optional - Check if URL is reachable try { var request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(model.Link); request.Method = "HEAD"; request.Timeout = 5000; // 5 seconds timeout using (var response = (System.Net.HttpWebResponse)request.GetResponse()) { if (response.StatusCode != System.Net.HttpStatusCode.OK && response.StatusCode != System.Net.HttpStatusCode.Redirect && response.StatusCode != System.Net.HttpStatusCode.MovedPermanently) { ModelState.AddModelError("Link", "URL is not reachable."); return RedirectToAction("Index"); } } } catch { ModelState.AddModelError("Link", "URL is not reachable."); return RedirectToAction("Index"); } // Insert only if link is valid using (SqlConnection con = new SqlConnection(connectionString)) { con.Open(); string query = @"INSERT INTO Opportunities (user_id, title, category, description, link) VALUES (@userId, @title, @category, @description, @link)"; SqlCommand cmd = new SqlCommand(query, con); cmd.Parameters.AddWithValue("@userId", currentUserId); cmd.Parameters.AddWithValue("@title", model.Title); cmd.Parameters.AddWithValue("@category", model.Category); cmd.Parameters.AddWithValue("@description", model.Description); cmd.Parameters.AddWithValue("@link", model.Link); cmd.ExecuteNonQuery(); } return RedirectToAction("Index"); } } }