def get_user_info(user_id, user_password):
"""根据用户id和密码获取信息"""
message = {"message": "success"}
if my_db.validate_arg(user_password) and my_db.validate_arg(user_password):
session = my_db.sql_session()
columns = get_columns()
sql = "select " + ",".join(
columns) + " from user_info where user_id='{}'".format(user_id)
try:
proxy_result = session.execute(sql)
result = proxy_result.fetchone()
if result is None:
message['message'] = "此ID不存在"
else:
result = my_db.str_format(result)
result = dict(zip(columns, result))
if user_password.lower() == result['user_password'].lower():
if result['user_status'] == 1:
message['data'] = result
else:
message['message'] = "账户已冻结"
else:
message["message"] = "密码错误"
except Exception as e:
print(e)
message['message'] = '查询失败'
finally:
session.close()
else:
message['message'] = "参数错误"
return message
def change_status(the_type, user_id):
"""启用/禁用/删除账户 ,第一个参数是up/down/delete ,启用或者禁用,第二个是用户id"""
message = {"message": "success"}
if my_db.validate_arg(user_id) and my_db.validate_arg(the_type):
if the_type.strip().lower() == "up":
verb = "启用"
sql = "update user_info set user_status=1 where user_id='{}'".format(
user_id)
elif the_type.strip().lower() == "delete":
verb = "删除"
sql = "delete from user_info where user_id='{}'".format(user_id)
else:
verb = "禁用"
sql = "update user_info set user_status=0 where user_id='{}'".format(
user_id)
session = my_db.sql_session()
try:
session.execute(sql)
session.commit()
except Exception as e:
print(e)
message['message'] = "{}账户失败".format(verb)
finally:
session.close()
else:
message['message'] = "用户ID错误"
return message
def check_admin_args(**kwargs):
"""检查对admin_info进行操作的参数,防止sql注入"""
flag = True
columns = get_columns()
for k, v in kwargs.items():
if k not in columns:
"""有多余的参数"""
flag = False
break
elif k == "create_date":
result = my_db.validate_arg(v, "-:")
if not result:
flag = result
break
elif k == "admin_phone":
result = my_db.check_phone(v)
if not result:
flag = result
break
elif k == "admin_name":
result = my_db.validate_arg(v, "_")
if not result:
flag = result
break
elif k == "admin_mail":
result = my_db.validate_arg(v, "._-@")
if not result:
flag = result
break
else:
result = my_db.validate_arg(v)
if not result:
flag = result
break
return flag
def login(admin_name, admin_password):
"""管理员登录"""
message = {"message": "success"}
if my_db.validate_arg(admin_name) and my_db.validate_arg(admin_password):
session = my_db.sql_session()
columns = get_columns()
sql = "select " + ",".join(
columns) + " from admin_info where admin_name='{}'".format(
admin_name)
try:
proxy_result = session.execute(sql)
result = proxy_result.fetchone()
if result is None:
message['message'] = "管理员账户不存在"
else:
result = my_db.str_format(result)
result = dict(zip(columns, result))
if admin_password.lower() == result['admin_password'].lower():
if result['admin_status'] == 1:
message['data'] = result
else:
message['message'] = "此管理员账户已禁用"
else:
message["message"] = "密码错误"
except Exception as e:
print(e)
message['message'] = '查询失败'
finally:
session.close()
else:
message['message'] = "参数错误"
return message
def edit_admin(**kwargs):
"""修改管理员资料,参数必须是键值对的形式"""
message = {"message": "success"}
if not check_admin_args(**kwargs):
message["message"] = "参数错误"
else:
admin_id = kwargs.pop("admin_id", None)
if admin_id is None or not my_db.validate_arg(admin_id):
message["message"] = "无效的用户ID"
else:
sql = my_db.structure_sql(
"edit",
"admin_info",
query_terms="where admin_id='{}'".format(admin_id),
**kwargs)
session = my_db.sql_session()
try:
session.execute(sql)
session.commit()
except Exception as e:
print(e)
message['message'] = '编辑管理员信息失败'
finally:
session.close()
return message
def check_user_args(**kwargs):
"""检查对user_info进行操作的参数,防止sql注入"""
flag = True
columns = get_columns()
for k, v in kwargs.items():
if k not in columns:
"""有多余的参数"""
flag = False
print("有多余的参数")
break
elif k == 'user_born_date' or k == "user_address":
result = my_db.validate_arg(v, "-")
if not result:
flag = result
print("user_born_date 或 user_address 验证失败")
break
elif k == "create_date":
result = my_db.validate_arg(v, "-:")
if not result:
flag = result
print("create_date 验证失败")
break
elif k == "user_phone":
result = my_db.check_phone(v)
if not result:
flag = result
print("user_phone 验证失败")
break
elif k == "user_nickname":
result = my_db.validate_arg(v, "_")
if not result:
flag = result
print("user_nickname 验证失败")
break
elif k == "user_realname":
result = my_db.validate_arg(v, ".")
if not result:
flag = result
print("user_realname 验证失败")
break
elif k == "user_img_url":
result = my_db.validate_arg(v, "._/-")
if not result:
flag = result
print("user_img_url 验证失败")
break
elif k == "user_mail":
result = my_db.validate_arg(v, "._@-")
if not result:
flag = result
print("user_mail 验证失败")
break
else:
result = my_db.validate_arg(v)
if not result:
flag = result
break
return flag
