Ejemplo n.º 1
0
def modify_pwd(request):
    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))
    #print request.POST
    login_id = request.POST.get('login_id', '')
    oldPwd = request.POST.get('oldPwd', '')
    newPwd = request.POST.get('newPwd', '')

    if login_id == '':
        errCode = 1
        msg = u'用户名不存在'
        s = """
            {
            "errcode": %s,
            "errmsg": "%s",
            "login_id": "%s",
            }
            """ % (errCode, msg, login_id)
        response = HttpResponseCORS(request, s)
        return response
    login_id = login_id.replace("'", "")
    if oldPwd != '':
        oldPwd = oldPwd.lower()

    s1 = ''
    sql = """SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password
                   FROM users U LEFT JOIN dept D ON U.dept_id=D.id
                   WHERE U.login_id='%s' AND U.status=1 
                """ % (login_id)
    lT, iN = db.select(sql)
    if iN > 0:
        usr_id = lT[0][0]
        pwd1 = lT[0][5]
        m1 = md5.new()
        m1.update(lT[0][5])
        pwd = m1.hexdigest()
        if oldPwd != pwd:
            errCode = 2
            msg = u'密码错误'
        else:
            sql = "update users set password = '******' where usr_id =%s" % (
                newPwd, usr_id)
            db.executesql(sql)
            errCode = 0
            msg = u'修改成功'
    else:
        errCode = 1
        msg = u'用户名不存在'
    s = """
        {
            "errcode": %s,
            "errmsg": "%s",
            "login_id": "%s",
        }
        """ % (errCode, msg, login_id)
    return HttpResponseCORS(request, s)
Ejemplo n.º 2
0
def forgetpwd_origin(request):
    name =  request.POST.get('usrname','') or request.GET.get('usrname','')
    login_id =  request.POST.get('login_id','') or request.GET.get('login_id','')
    errCode = 0
    # s = ''
    msg = ''
    tel = ''

    # 判断账户填写是否错误
    sql = " select mobil from users where login_id='%s' and usr_name='%s' "%(login_id,name)
    rows,iN = db.select(sql)
    if iN:
        # 获取验证码
        tel = rows[0][-1]
        msg = 'sucess'
        errCode = 0
    else:
        # 登录名或用户名错误
        msg = '请填写正确的用户名和姓名!'
        errCode = -1
    s ="""
            {
            "errcode":"%s",
            "errmsg": "%s",
            "tel": "%s",
            }
        """%(errCode,msg,tel)
    return HttpResponseCORS(request,s)
Ejemplo n.º 3
0
def menu_func(request):
    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))
    sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
                   WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
                   FROM menu_func WMF 
                   Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
                   WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
                   ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                """
    #print sql
    rows, iN = db.select(sql)
    names = 'level menu_id menu_name sort parent_id status url icon'.split()
    data = [dict(zip(names, d)) for d in rows]
    s3 = json.dumps(data, ensure_ascii=False)

    s = """
        {
            "errcode": 0,
            "errmsg": "获取数据成功",
            "menu_data": %s
        }
        """ % (s3)
    return HttpResponseCORS(request, s)
Ejemplo n.º 4
0
def menu_func(request):
    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))

    lang_id = request.POST.get('lang_id') or request.GET.get('lang_id', '')
    usr_id = request.POST.get('usr_id', '') or request.GET.get('usr_id', '')
    if lang_id == '': lang_id = 1
    else: lang_id = int(lang_id)

    if m_muti_lang == 1 and lang_id > 1:
        if str(usr_id) in ['1', '2']:
            sql = """SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
                   WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                   FROM menu_func WMF 
                   Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
                   left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
                   WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
                   ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                """ % (lang_id)
        else:
            sql = """SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
                   WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                   FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
                   left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
                   WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
                   ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                """ % (lang_id, usr_id)
    else:
        if str(usr_id) in ['1', '2']:
            sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
                   WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                   FROM menu_func WMF 
                   Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
                   WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
                   ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                """
        else:
            sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
                   WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                   FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
                   WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
                   ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                """ % usr_id
    #print sql
    rows, iN = db.select(sql)
    names = 'level menu_id menu_name sort parent_id status url icon'.split()
    data = [dict(zip(names, d)) for d in rows]
    s3 = json.dumps(data, ensure_ascii=False)

    s = """
        {
            "errcode": 0,
            "errmsg": "获取数据成功",
            "menu_data": %s,
        }
        """ % (s3)
    return HttpResponseCORS(request, s)
Ejemplo n.º 5
0
def select_func(request):
    #menu_id = request.POST.get('menu_id', 0)
    #print menu_id
    #ret,msg,d_value = mValidateUser(request,"view",menu_id)
    #if ret!=0:
    #    return HttpResponseCORS(request,msg)
    func = request.GET.get('func', '')
    #print func
    if func == 'getSigns':
        msg = get_sign_data(request)
    else:
        msg = get_select_data(request)

    return HttpResponseCORS(request, msg)
Ejemplo n.º 6
0
def LinkToShajd(request):
    AccessToken = request.GET.get('AccessToken', '')
    wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)
    ret, login_id, sTimeStamp = wxcpt.DecryptMsg(AccessToken)
    if (ret != 0):
        s = """
            {
            "errcode": -1,
            "errmsg": "验证信息有误,请重新登陆!",
            }        """
        return HttpResponseCORS(request, s)

    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))
    proj_id = request.GET.get('id', '')
    L = ['', '', '']
    team_uuid = 'e015c3bd59ba11e88a8d7cd30abeb520'

    sql = "select usr_id,login_id,usr_name,password,ifnull(mobil,'') from users where login_id='%s'" % (
        login_id)
    rows, iN = db.select(sql)
    names = 'usr_id login_id usr_name password phone'.split()
    data = dict(zip(names, rows[0]))

    sql = "select id,cname,gc_no from out_proj where id='%s'" % (proj_id)
    rows, iN = db.select(sql)
    names = 'proj_id proj_name proj_code'.split()
    data1 = dict(zip(names, rows[0]))

    L[0] = team_uuid
    L[1] = data
    L[2] = data1
    names = 'team_uuid user proj'.split()
    L = dict(zip(names, L))
    info = json.dumps(L, ensure_ascii=True)

    #print info
    sTimeStamp = str(time.time())
    wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)

    ret, token = wxcpt.EncryptMsg(info, random_no, sTimeStamp)

    #wxcpt1=WXBizMsgCrypt('szoworld',m_aesKey)
    #ret,info1,sTimeStamp1 = wxcpt1.DecryptMsg(token)

    url = "https://www.shajd.cn/login_schedule.html?team_id=%s&token=%s" % (
        team_uuid, urllib.quote(token))
    return HttpResponseRedirect(url)
Ejemplo n.º 7
0
def update_login(request):
    # 取消账户过期提示(90天)
    login_id =  request.POST.get('login_id','') or request.GET.get('login_id','')
    ignore   = request.POST.get('is_ignore','') or request.GET.get('is_ignore','')
    now = datetime.datetime.now()
    if ignore:
        DB_Op('usr_info',['update_time'],["'%s'"%now]," where login_id='%s'"%login_id)
    errCode = 0
    msg = u'操作成功'
    s = """
        {
        "errcode": %s,
        "errmsg": "%s",
        "login_id": "%s",
        }
        """ %(errCode,msg,login_id)
    response = HttpResponseCORS(request,s)
    return response
Ejemplo n.º 8
0
def logout_func(request):
    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))

    login_id = request.GET.get('login_id', '')

    errCode = 0
    msg = u'Log Out'
    try:
        del request.session['usr_id']
    except KeyError:
        pass
    print request.POST
    s = """
        {
            "errcode": %s,
            "errmsg": "%s",
            "login_id": "%s",
        }
        """ % (errCode, msg, login_id)
    return HttpResponseCORS(request, s)
Ejemplo n.º 9
0
def valid_generater(request):
    errCode = 0
    imgcode = ''

    login_id =  request.POST.get('login_id','') or request.GET.get('login_id','')
    if request.META.has_key('HTTP_X_FORWARDED_FOR'):  
        login_ip =  request.META['HTTP_X_FORWARDED_FOR']  
    else:  
        login_ip = request.META['REMOTE_ADDR']  
    try:
        imgcode,_real_valid = generate_valid()
        msg = u'获取成功'
        s = """
            {
            "errcode": %s,
            "errmsg": "%s",
            "imgcode": "%s",
            "login_id":'%s',
            }
            """%(errCode,msg,imgcode,login_id)
        DB_Op('temp_sheet',['valid_code'],\
                    ["'%s'"%_real_valid],"where temp_id='%s' and temp_ip='%s' "%(login_id,login_ip))
        print("where temp_id='%s' and temp_ip='%s' "%(login_id,login_ip))
    
    except:
        errCode = -1
        msg = u'获取失败'
        imgcode = ''
        s = """
            {
            "errcode": %s,
            "errmsg": "%s",
            "imgcode": "%s",
            }
            """%(errCode,msg,imgcode)

    
    response = HttpResponseCORS(request,s)
    return response
Ejemplo n.º 10
0
def getData_func(request):
    audit = request.GET.get('audit', '')
    field_id = request.GET.get('field_id') or 0
    pk = request.GET.get('pk') or 0
    func = request.GET.get('func', '')
    lang_id = request.POST.get('lang_id') or request.GET.get('lang_id', '')
    if lang_id == '': lang_id = 1
    else: lang_id = int(lang_id)

    if func == 'refresh':
        menu_id = request.GET.get('menu_id', 0)
        ret, errmsg, d_value = mValidateUser(request, "view", menu_id)
        if ret != 0:
            return HttpResponseCORS(request, errmsg)
        usr_id = g_data.usr_id
        #print usr_id
        #if usr_id == 187:usr_id = 144
        #print usr_id

        if audit == '1':
            field_value = request.POST.get('field_value', '')
            next_flow = request.POST.get('next_flow', '')
            opt = request.POST.get('flow_opt', '')
            formData = getAuditData(pk, field_id, field_value, usr_id,
                                    next_flow, opt, menu_id)
            names = 'cid label field_type required size readonly value hide max_length hint field_options table_col table_data btn_type btn_color url'.split(
            )
            data = [dict(zip(names, d)) for d in formData]
            formData = json.dumps(data, ensure_ascii=False)
            s = """
                {
                "errcode":0,
                "errmsg":"",
                "formData":%s,
                }
                """ % (formData)
            #print ToGBK(s)
            return HttpResponseCORS(request, s)
        else:
            #print request.POST
            #AccessToken = request.POST.get('AccessToken', '')
            #t = time.time()
            #print (int(round(t * 1000)))    #毫秒级时间戳
            #request.session['AccessToken']
            if m_prjname == 'oWorld' and field_id in ['187', '3368']:
                formData = getFormData187(pk, field_id, menu_id, usr_id,
                                          request)
            elif field_id in ['107', '1516', '112']:
                formData = getFormData107(pk, field_id, menu_id, usr_id,
                                          request)
            elif field_id in ['1518']:
                formData = getFormData1518(pk, field_id, menu_id, usr_id,
                                           request)
            elif field_id in ['2076']:
                formData = getFormData2076(pk, field_id, menu_id, usr_id,
                                           request)
            else:
                formData = getFormData(pk, field_id, menu_id, usr_id, request,
                                       lang_id)

            #添加常用选择项
            field_type = request.GET.get('field_type', '')
            options_type = request.GET.get('options_type', '')
            usr_id = request.GET.get('usr_id', '')
            sel_value = request.POST.get('sel_value', '')
            if str(field_type) in ['18', '32']:
                saveSelectedOptions(field_type, options_type, usr_id,
                                    sel_value)
            s = """
                {
                "errcode":0,
                "errmsg":"",
                "formData":%s,
                }
                """ % (formData)
            #print ToGBK(s)
            return HttpResponseCORS(request, s)
    elif func == 'filter':
        formData = getFilterData(field_id, request)
        s = """
            {
            "errcode":0,
            "errmsg":"",
            "filter":%s,
            }
            """ % (formData)
        #print ToGBK(s)
        return HttpResponseCORS(request, s)
    elif func == 'search':
        field_type = request.GET.get('field_type', '')
        options_type = request.GET.get('options_type', '')
        usr_id = request.GET.get('usr_id', '')
        search = request.POST.get('search', '')
        page_limit = request.POST.get('page_limit') or 10
        field_id = request.GET.get('field_id', '')
        if str(field_id) == '2753':
            formData = get_options_2753(search, page_limit, usr_id, request)
        else:
            search = MySQLdb.escape_string(search)
            formData = get_options(field_type, options_type, search,
                                   page_limit, usr_id, field_id, request)
        #t = time.time()
        #print "search %s %s %s"%(field_id,ToGBK(int(round(t * 1000))))    #毫秒级时间戳
        s = """
            {
            "errcode":0,
            "errmsg":"",
            "data":%s,
            }
            """ % (formData)
        #print ToGBK(s)
        return HttpResponseCORS(request, s)
    elif func == 'validity':
        field_id = request.GET.get('field_id', '')
        ret = getValidityResult(field_id, request)
        s = """
            {
            "errcode":0,
            "errmsg":"获取有效性结果成功",
            "validity":%s,
            }
            """ % (ret)
        return HttpResponseCORS(request, s)

    filed_name = request.GET.get('fname', '')
    para1, para2, para3, para4 = '', '', '', ''
    if filed_name == 'gw_type':
        para1 = request.POST.get('parent_id', '') or request.GET.get(
            'parent_id', '')
    elif filed_name == 'flow':
        para1 = request.POST.get('type_id', '') or request.GET.get(
            'type_id', '')
        para2 = request.POST.get('has_flow', '') or request.GET.get(
            'has_flow', '')
    elif filed_name == 'first_flow':
        para1 = request.POST.get('type_id', '') or request.GET.get(
            'type_id', '')
    elif filed_name == 'cols':
        para1 = request.POST.get('table_name', '') or request.GET.get(
            'table_name', '')
    elif filed_name == 'sel_cols':  #获取弹出框所有字段
        para1 = request.POST.get('sel_type', '')
        para2 = request.GET.get('single', '')
    elif filed_name == 'roles':
        para1 = request.POST.get('dept', '') or request.GET.get('dept', '')
    elif filed_name == 'next_flow':
        para1 = request.GET.get('pk', '')
        para2 = request.GET.get('flow_id', '')
        para3 = request.POST.get('opt', '')
        para4 = request.GET.get('usr_id', '')
    L1 = getData(filed_name, '', para1, para2, para3, para4)
    s1 = json.dumps(L1, ensure_ascii=False)
    s = """
        {
        "errcode": 0,
        "errmsg": "操作成功",
        "data":%s,
        }
        """ % s1
    #print ToGBK(s)
    return HttpResponseCORS(request, s)
Ejemplo n.º 11
0
def login_wx_func(request):
    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))
    usr_id, usr_name, dept_id, dept_name = '', '', '', ''
    source = 'wx'
    if request.META.has_key('HTTP_X_FORWARDED_FOR'):
        ip = request.META['HTTP_X_FORWARDED_FOR']
    else:
        ip = request.META['REMOTE_ADDR']

    code = request.GET.get('code', '')
    login_id = getLoginID(code)
    if login_id == '':
        errCode = 1
        msg = u'用户名不存在'
        s = """
            {
            "errcode": %s,
            "errmsg": "%s",
            "login_id": "%s",
            }
            """ % (errCode, msg, login_id)
        return s

    login_id = login_id.replace("'", "")

    s1 = ''
    sql = """SELECT U.usr_id,U.usr_name,U.dept_id,D.cname,IFNULL(U.pic,''),U.password,U.login_id
                   FROM users U LEFT JOIN dept D ON U.dept_id=D.id
                   WHERE ifnull(U.wxqy_id,U.login_id)='%s' AND U.status=1 
                """ % (login_id)
    lT, iN = db.select(sql)
    if iN > 0:
        usr_id = lT[0][0]
        login_id = lT[0][6]
        #求得用户的权限
        dActiveUser[usr_id] = {}
        dActiveUser[usr_id]['roles'] = {}  #用户角色
        dActiveUser[usr_id]['access_dept_data'] = [
        ]  #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...]
        dActiveUser[usr_id]['access_person_data'] = [
        ]  #访问人员数据的权限,格式:['人员ID1','人员ID2',...]
        dActiveUser[usr_id]['login_time'] = time.time()  #登入时间
        dActiveUser[usr_id]['usr_name'] = lT[0][1]  #用户名
        dActiveUser[usr_id]['login_id'] = login_id
        dActiveUser[usr_id]['usr_dept'] = lT[0][2], lT[0][3]  #用户部门
        dActiveUser[usr_id]['pic'] = lT[0][4]

        #用户角色/访问部门内所有人员数据的权限
        sql = """SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id
                       FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id
                       WHERE WUR.usr_id=%s
            """ % usr_id
        lT1, iN1 = db.select(sql)
        if iN1 > 0:
            for e in lT1:
                #用户角色
                dActiveUser[usr_id]['roles'][e[0]] = e[1:]

        request.session['usr_id'] = usr_id
        request.session['usr_name'] = dActiveUser[usr_id]['usr_name']
        request.session['dept_id'] = lT[0][2]
        request.session['dept_name'] = lT[0][3]
        request.session['dActiveUser'] = dActiveUser
        d_value = ['', '', '', '', '']
        d_value[0] = usr_id
        d_value[1] = dActiveUser[usr_id]['usr_name']
        d_value[2] = lT[0][2]
        d_value[3] = lT[0][3]
        d_value[4] = 0
        g_data.set_value(d_value)
        errCode = 0
        msg = 'OK'
        pic = lT[0][4]
        if pic == '':
            pic_url = "%s/user_pic/default.jpg" % fs_url
        else:
            pic_url = "%s/user_pic/small_" % fs_url + pic
        sTimeStamp = str(time.time())
        wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)
        ret, token = wxcpt.EncryptMsg(login_id, random_no, sTimeStamp)

        if usr_id in [1, 2]:
            sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
                   WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                   FROM menu_func WMF 
                   Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
                   WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
                   ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                """
        else:
            sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
                   WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                   FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
                   WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
                   ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                """ % usr_id
        #print sql
        rows, iN = db.select(sql)
        L1 = [2]
        L2 = []
        #L = formatData(rows,L1,L2)
        names = 'level menu_id menu_name sort parent_id status url icon'.split(
        )
        data = [dict(zip(names, d)) for d in rows]

        s3 = json.dumps(data, ensure_ascii=False)

        s1 = """"userid":%s,
                "username":"******",
                "dept_id":%s,
                "dept_name":"%s",
                "pic_url":"%s",
                "AccessToken":"%s",
                "menu_data":%s,""" % (lT[0][0], (lT[0][1]), lT[0][2],
                                      (lT[0][3]), pic_url, token, s3)
        sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
                 values (%s,'%s','%s','%s',now(),now(),%s) 
                """ % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
        #print ToGBK(sql)

        db.executesql(sql)
    else:
        errCode = 1
        msg = u'用户名不存在'
    s = """
        {
            "errcode": %s,
            "errmsg": "%s",
            "login_id": "%s",
            %s
        }
        """ % (errCode, msg, login_id, s1)
    #print ToGBK(s)
    response = HttpResponseCORS(request, s)
    return response
Ejemplo n.º 12
0
def home_func(request):
    audit_data = ['','']
    ret,errmsg,d_value = mValidateUser(request,"view",'')
    if ret!=0:
        return HttpResponseCORS(request,errmsg)
    usr_id = d_value[0]
    dept_id = d_value[2]
    sql = "select cname,start_s,end_s,style from chkdatetime order by end_s"
    lT1,iN1 = db.select(sql)

    sql = """SELECT case source when 1 then ga.title 
                     else case ifnull(d.title,'') when '' then concat(op.gc_no,'/',op.cname)
                      else d.title
                     end
                    end,
                    case source when 1 then ga.type_name
                    else gfd.cname
                    end,
                    ga.cusrname,
                    date_format(ga.ctime,'%%Y-%%m-%%d %%T'),
                    d.menu_id,
                    d.id,
                    '',
                    ifnull(ga.url,''),
                    TIMESTAMPDIFF(SECOND,ga.ctime,now())/60,
                    datediff(now(),ga.ctime)
              FROM gw_audit ga
              left join gw_doc d on ga.gw_id= d.id
              left join gw_type gfd on ga.type_id= gfd.id
              left join out_proj op on op.id= d.proj_id
             where ga.usr_id= '%s' order by ga.ctime desc"""%(usr_id)
    #print sql
    lT,iN = db.select(sql)
    L = []
    iN2 = iN
    if iN2 > 10: iN2 = 10
    for i in range(0,iN2):
        e = list(lT[i])
        i = 0
        for a in lT1:
            if e[9]>30: e[8] = e[9]*1440
            if float(e[8]) < float(a[2]):
                if i < iN1:
                    e[3] = a[0]
                    e[6] = a[3]
                else:
                    e[3] = '1年前'
                break
            i+=1
        L.append(e)

    names = 'title gw_type usr_name ctime menu_id pk style url'.split()
    data = [dict(zip(names, d)) for d in L]
    audit_data[0] = data
    audit_data[1] = iN
    names = 'data count'.split()
    L1 = dict(zip(names, audit_data))
    audit = json.dumps(L1,ensure_ascii=False)
 
    sign_data = ['','']
    sql = """SELECT ifnull(ga.title, op.cname),
                    case source when 1 then ga.type_name
                    else gfd.cname
                    end,
                    ga.cusrname,
                    date_format(ga.ctime,'%%Y-%%m-%%d %%T'),
                    d.menu_id,
                    d.id,
                    '',
                    ifnull(ga.url,''),
                    TIMESTAMPDIFF(SECOND,ga.ctime,now())/60,
                    datediff(now(),ga.ctime)
              FROM gw_sign ga
              left join gw_doc d on ga.gw_id= d.id
              left join gw_type gfd on ga.type_id= gfd.id
              left join out_proj op on op.id= d.proj_id
             where ga.usr_id= %s order by ga.ctime desc """%(usr_id)
    lT,iN = db.select(sql)
    L = []
    iN2 = iN
    if iN2 > 10: iN2 = 10
    for i in range(0,iN2):
        e = list(lT[i])
        i = 0
        for a in lT1:
            if e[9]>30: e[8] = e[9]*1440
            if float(e[8]) < float(a[2]):
                if i < iN1:
                    e[3] = a[0]
                    e[6] = a[3]
                else:
                    e[3] = '1年前'
                break
            i+=1
        L.append(e)

    names = 'title gw_type usr_name ctime menu_id pk style url'.split()
    data = [dict(zip(names, d)) for d in L]
    sign_data[0] = data
    sign_data[1] = iN
    names = 'data count'.split()
    L1 = dict(zip(names, sign_data))
    sign = json.dumps(L1,ensure_ascii=False)

    sql = """SELECT 
                    WB.id
                    ,CASE ifnull(RLOG.bb_id,'0') WHEN '0' THEN '0' ELSE '1' END as r_flag
                    ,WB.title
                    ,date_format(WB.ref_date,'%%Y-%%m-%%d %%T')
                    ,WB.cusrname
                    ,NT.cname
                    ,ifnull(U.pic,'')
                    ,case when ifnull(MD.lytime,'')>ifnull(RLOG.read_time,'') then 1 else 0 end as l_flag
                    ,TIMESTAMPDIFF(SECOND,WB.ref_date,now())/60
                    ,''
                    ,datediff(now(),ifnull(WB.ref_date,now()))
               FROM bumph_bubbl WB
               LEFT JOIN users U ON WB.cid=U.usr_id
               LEFT JOIN (
                   select DISTINCT bb_id from bumph_bubbl_groups where group_id in (
                       select id from news_group where is_all=1 or find_in_set(%s,depts) or find_in_set(%s,users))
               ) G ON G.bb_id=WB.id
               LEFT JOIN (select bb_id,usr_id,MAX(read_time) as read_time from bumph_bubbl_read_log where usr_id = %s group by bb_id,usr_id) RLOG ON RLOG.bb_id=WB.id
               LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
               LEFT JOIN (select bb_id,MAX(ctime) as lytime from bumph_bubbl_comment group by bb_id) MD on MD.bb_id = WB.id
               where (G.bb_id is not NULL or find_in_set(%s,recv_users)) and ifnull(audit,3) >= 2 and gw_type = 'A05'
               order by WB.ref_date desc limit 10"""%(dept_id,usr_id,usr_id,usr_id)
    #print sql
    lT,iN = db.select(sql)
    L = []
    for i in range(0,iN):
        e = list(lT[i])
        i = 0
        for a in lT1:
            if e[10]>30: e[8] = e[10]*1440
            if float(e[8]) < float(a[2]):
                if i < iN1:
                    e[8] = a[0]
                    e[9] = a[3]
                else:
                    e[8] = '1年前'
                break
            i+=1
        L.append(e)

    names = 'id r_flag title ref_date cusrname news_type pic l_flag timediff style'.split()
    data = [dict(zip(names, d)) for d in L]
    notice = json.dumps(data,ensure_ascii=False)
               

    sql = """SELECT 
                    WB.id
                    ,CASE ifnull(RLOG.bb_id,'0') WHEN '0' THEN '0' ELSE '1' END as r_flag
                    ,WB.title
                    ,date_format(WB.ref_date,'%%Y-%%m-%%d %%T')
                    ,WB.cusrname
                    ,NT.cname
                    ,ifnull(U.pic,'')
                    ,case when ifnull(MD.lytime,'')>ifnull(RLOG.read_time,'') then 1 else 0 end as l_flag
                    ,TIMESTAMPDIFF(SECOND,WB.ref_date,now())/60
                    ,''
                    ,datediff(now(),ifnull(WB.ref_date,now()))
               FROM bumph_bubbl WB
               LEFT JOIN users U ON WB.cid=U.usr_id
               LEFT JOIN (
                   select DISTINCT bb_id from bumph_bubbl_groups where group_id in (
                       select id from news_group where is_all=1 or find_in_set(%s,depts) or find_in_set(%s,users))
               ) G ON G.bb_id=WB.id
               LEFT JOIN (select bb_id,usr_id,MAX(read_time) as read_time from bumph_bubbl_read_log where usr_id = %s group by bb_id,usr_id) RLOG ON RLOG.bb_id=WB.id
               LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
               LEFT JOIN (select bb_id,MAX(ctime) as lytime from bumph_bubbl_comment group by bb_id) MD on MD.bb_id = WB.id
               where (G.bb_id is not NULL or find_in_set(%s,recv_users)) and ifnull(audit,3) >= 2 and gw_type != 'A05'
               order by WB.ref_date desc limit 10"""%(dept_id,usr_id,usr_id,usr_id)
    #print sql
    lT,iN = db.select(sql)
    L = []
    for i in range(0,iN):
        e = list(lT[i])
        i = 0
        for a in lT1:
            if e[10]>30: e[8] = e[10]*1440
            if float(e[8]) < float(a[2]):
                if i < iN1:
                    e[8] = a[0]
                    e[9] = a[3]
                else:
                    e[8] = '1年前'
                break
            i+=1
        pic = e[6]
        if pic=='':
            e[6] = "%s/user_pic/default.jpg"%(fs_url)
        else:
            e[6] = "%s/user_pic/small_%s"%(fs_url,pic)
        L.append(e)

    names = 'id r_flag title ref_date cusrname news_type pic l_flag timediff style'.split()
    data = [dict(zip(names, d)) for d in L]
    recv_info = json.dumps(data,ensure_ascii=False)

    sql ="""SELECT  
                    WB.id
                    ,0
                    ,WB.title
                    ,left(WB.content,300)
                    ,date_format(WB.ctime,'%%Y-%%m-%%d %%T')
                    ,WB.cusrname
                    ,ifnull(WB.ifaud,0)
                    ,NT.cname
                    ,D.cname
                    ,ifnull(WB.must_reply,0)
                    ,ifnull(U.pic,'')
                    ,ifnull(WB.audit,3)
               FROM bumph_bubbl WB
               LEFT JOIN users U ON WB.cid=U.usr_id
               LEFT JOIN dept D ON D.id=U.dept_id
               LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
               where WB.audusrid=%s and WB.audit in (1) order by WB.ctime desc limit 10
            """%(usr_id)
    names = 'seq r_flag title content ref_date usr_name needsh news_type dept must_reply pic audit'.split()
    rows,iN = db.select(sql)
    L = []
    for e in rows:
        L2 = list(e)
        pic = L2[10]
        if pic=='':
            L2[10] = "%s/user_pic/default.jpg"%(fs_url)
        else:
            L2[10] = "%s/user_pic/small_%s"%(fs_url,pic)

        L.append(L2)

    data = [dict(zip(names, d)) for d in L]
    waitAudit = json.dumps(data,ensure_ascii=False)

    sql = """SELECT 
                    WB.id
                    ,CASE ifnull(RLOG.bb_id,'0') WHEN '0' THEN '0' ELSE '1' END as r_flag
                    ,WB.title
                    ,date_format(WB.ref_date,'%%Y-%%m-%%d %%T')
                    ,WB.cusrname
                    ,NT.cname
                    ,ifnull(U.pic,'')
                    ,case when ifnull(MD.lytime,'')>ifnull(RLOG.read_time,'') then 1 else 0 end as l_flag
                    ,TIMESTAMPDIFF(SECOND,WB.ref_date,now())/60
                    ,''
                    ,datediff(now(),ifnull(WB.ref_date,now()))
               FROM bumph_bubbl WB
               LEFT JOIN users U ON WB.cid=U.usr_id
               LEFT JOIN (
                   select DISTINCT bb_id from bumph_bubbl_groups where group_id in (
                       select id from news_group where is_all=1 or find_in_set(%s,depts) or find_in_set(%s,users))
               ) G ON G.bb_id=WB.id
               LEFT JOIN (select bb_id,usr_id,MAX(read_time) as read_time from bumph_bubbl_read_log where usr_id = %s group by bb_id,usr_id) RLOG ON RLOG.bb_id=WB.id
               LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
               LEFT JOIN (select bb_id,MAX(ctime) as lytime from bumph_bubbl_comment group by bb_id) MD on MD.bb_id = WB.id
               where (G.bb_id is not NULL or find_in_set(%s,recv_users)) and ifnull(audit,3) >= 2 and gw_type = 'A09'
               order by WB.ref_date desc limit 10"""%(dept_id,usr_id,usr_id,usr_id)
    #print sql
    lT,iN = db.select(sql)
    L = []
    for i in range(0,iN):
        e = list(lT[i])
        i = 0
        for a in lT1:
            if e[10]>30: e[8] = e[10]*1440
            if float(e[8]) < float(a[2]):
                if i < iN1:
                    e[8] = a[0]
                    e[9] = a[3]
                else:
                    e[8] = '1年前'
                break
            i+=1
        L.append(e)

    names = 'id r_flag title ref_date cusrname news_type pic l_flag timediff style'.split()
    data = [dict(zip(names, d)) for d in L]
    zhidu = json.dumps(data,ensure_ascii=False)

    s = """
        {
        "errcode": 0,
        "errmsg": "获取主页数据成功",
        "audit":%s,
        "sign":%s,
        "notice":%s,
        "zhidu":%s,
        "recv_info":%s,
        "audit_info":%s
        }        """%(audit,sign,notice,zhidu,recv_info,waitAudit)
    #print ToGBK(s)
    return HttpResponseCORS(request,s)
Ejemplo n.º 13
0
def login_wx_func(request):
    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))
    usr_id, usr_name, dept_id, dept_name = '', '', '', ''
    source = 'wx'
    if request.META.has_key('HTTP_X_FORWARDED_FOR'):
        ip = request.META['HTTP_X_FORWARDED_FOR']
    else:
        ip = request.META['REMOTE_ADDR']

    code = request.GET.get('code', '')
    union_id = ''
    if code != '':
        conn = httplib.HTTPSConnection('api.weixin.qq.com')
        sToken = read_access_token_common('access_token_web')
        if sToken == '':
            url = "/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s" % (
                AppId_web, AppSecret_web)
            conn.request('GET', '%s' % url)
            res = conn.getresponse()
            body = res.read()
            ddata = json.loads(body)
            sToken = ddata['access_token']
            conn.close()
            write_access_token_common(body, 'access_token_web')
        url = "/sns/oauth2/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code" % (
            AppId_web, AppSecret_web, code)
        conn.request('GET', '%s' % url)
        res = conn.getresponse()
        body = res.read()
        print body
        ddata = json.loads(body)
        access_token = ddata['access_token']
        openid = ddata['openid']
        union_id = ddata.get('unionid', '')
    if union_id == '':
        errCode = 1
        msg = u'用户未注册供应商服务平台'
        s = """
            {
            "errcode": %s,
            "errmsg": "%s",
            }
            """ % (errCode, msg)
        response = HttpResponseCORS(request, s)
        return response
    s1 = ''

    if union_id == 'or0EJv-sW7K_rmSakUfKH1ONE5hg':
        union_id = 'or0EJvw-Y-E7k7zPTdR6vX0OdRlI'
    sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'')
                   FROM users_gy U 
                   LEFT JOIN addr_book ab on ab.id = U.addr_id
                   LEFT JOIN suppliers su on su.id = ab.sup_id
                   WHERE U.unionid='%s' AND U.status=1 
                """ % (union_id)
    print sql
    lT, iN = db.select(sql)
    if iN > 0:
        usr_id = lT[0][0]

        request.session['usr_id'] = usr_id
        request.session['usr_name'] = lT[0][1]
        request.session['sup_id'] = lT[0][2]
        request.session['sup_name'] = lT[0][3]
        d_value = ['', '', '', '', '']
        d_value[0] = usr_id
        d_value[1] = lT[0][1]
        d_value[2] = lT[0][2]
        d_value[3] = lT[0][3]
        d_value[4] = 0
        g_data.set_value(d_value)
        errCode = 0
        msg = 'OK'
        pic = lT[0][4]

        sTimeStamp = str(time.time())
        wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey)
        ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp)

        sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
               WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
               FROM menu_func WMF 
               Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
               WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
               ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
            """

        #print sql
        rows, iN = db.select(sql)
        L1 = [2]
        L2 = []
        #L = formatData(rows,L1,L2)
        names = 'level menu_id menu_name sort parent_id status url icon'.split(
        )
        data = [dict(zip(names, d)) for d in rows]

        s3 = json.dumps(data, ensure_ascii=False)

        s1 = """"userid":%s,
                "username":"******",
                "sup_id":%s,
                "sup_name":"%s",
                "pic_url":"%s",
                "AccessToken":"%s",
                "menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2],
                                     (lT[0][3]), pic, token, s3)
        sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
                     values (%s,'%s','%s','%s',now(),now(),%s) 
                    """ % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
        #print ToGBK(sql)

        db.executesql(sql)
    else:
        errCode = 1
        msg = u'用户未注册供应商服务平台'
    s = """
        {
            "errcode": %s,
            "errmsg": "%s",
            %s
        }
        """ % (errCode, msg, s1)
    #print ToGBK(s)
    response = HttpResponseCORS(request, s)
    return response
Ejemplo n.º 14
0
def proj_mat_func(request):
    audit_data = ['', '']
    ret, errmsg, d_value = mValidateUser(request, "view", '')
    if ret != 0:
        return HttpResponseCORS(request, errmsg)
    usr_id = d_value[0]
    dept_id = d_value[2]
    proj_id = request.POST.get('proj_id', '')

    sql = """select s.proj_id,op.cname,op.gc_no,s.jh_money,s.cght_money
             ,s.cg_money,s.rk_money,s.cg_money - ifnull(s.rk_money,0),s.paid_money
             from report_proj_statistics_all s
             left join out_proj op on s.proj_id = op.id
             where s.proj_id = %s""" % (proj_id)

    names = 'proj_id proj_name proj_no jh_money cght_money cg_money rk_money wrk_money paid_money'.split(
    )
    rows, iN = db.select(sql)
    data = [dict(zip(names, d)) for d in rows]
    proj_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    sql = """select s.sup_id,su.cname,s.cght_money
             ,s.cg_money,s.rk_money
             from report_proj_sup_stat s
             left join suppliers su on s.sup_id = su.id
             where s.proj_id = %s""" % (proj_id)
    names = 'sup_id sup_name cght_money cg_money rk_money'.split()
    rows, iN = db.select(sql)
    data = [dict(zip(names, d)) for d in rows]
    sup_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    sql = """select p.year,p.month,p.cght_money,p.cg_money,p.rk_money,p.paid_money,m.stock_money
             from report_proj_statistics_month p
             left join report_proj_mat_month m on p.proj_id = m.proj_id and p.year = m.year and p.month = m.month
             where p.proj_id = %s
             order by p.year desc,p.month desc
             limit 12
          """ % (proj_id)
    names = 'year month cght_money cg_money rk_money paid_money stock_money'.split(
    )
    rows, iN = db.select(sql)
    data = [dict(zip(names, d)) for d in rows]
    month_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    sql = """select proj_id,proj_name,proj_no,proj_id=%s from report_proj_statistics_all
        """ % (proj_id)
    rows, iN = db.select(sql)
    names = 'id cname proj_no selected'.split()
    data = [dict(zip(names, d)) for d in rows]
    option_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    s = """
        {
        "errcode": 0,
        "errmsg": "获取主页数据成功",
        "proj_data":%s,
        "sup_data":%s,
        "month_data":%s,
        "option_data":%s
        }        """ % (proj_data, sup_data, month_data, option_data)
    #print ToGBK(s)
    return HttpResponseCORS(request, s)
Ejemplo n.º 15
0
def get_select_data(request):
    field_id = request.GET.get('field_id', '') or request.POST.get(
        'field_id', '')
    btn_id = request.GET.get('btn_id', '') or request.POST.get('btn_id', '')
    if btn_id != '':
        sql = """SELECT sel_type,sel_cols,24 from menu_form_grid_button where id=%s
         """ % (btn_id)
    else:
        sql = """SELECT sel_type,sel_cols,field_type from menu_form_cols where id=%s
         """ % (field_id)
    print sql
    rows, iN = db.select(sql)
    if iN == 0:
        return HttpResponseCORS(request, '')
    sel_type = rows[0][0]
    sel_cols = rows[0][1]
    field_type = rows[0][2]
    if field_type == 24 and btn_id == '':
        sql = "select id from menu_form_grid_button where field_id=%s order by id asc" % (
            field_id)
        rows, iN = db.select(sql)
        btn_id = rows[0][0]
    sql = """SELECT sel_table,ifnull(sel_sort,'') from menu_select_source where  sel_type=%s""" % sel_type
    #print sql
    rows, iN = db.select(sql)
    if iN == 0:
        return HttpResponseCORS(request, '')
    from_table = rows[0][0]
    from_table = from_table.replace('\n', '')
    from_table = from_table.replace('\r', '')
    from_sort = rows[0][1]
    #获取筛选的参数
    sql = """SELECT label,show_label,filter_name,filter_type
                   ,sort,defalut_value,span
                   ,field_type,field_txt,field_title,ifnull(para1,''),ifnull(para2,''),filter_sql
             FROM menu_select_filters
             where sel_type=%s order by sort""" % (sel_type)
    #print sql
    rows, iN = db.select(sql)
    SL = []
    for e in rows:
        L1 = list(e)
        value = request.POST.get(e[2], '')
        if value != '':
            value = e[5]
        para1, para2 = '', ''
        if e[10] != '':
            para1 = request.POST.get(e[10], '')
        if e[11] != '':
            para2 = request.POST.get(e[11], '')
        L1[5] = get_filter_data(e[7], e[8], e[9], value, para1, para2)
        SL.append(L1)
    #print SL
    names = 'cname txt_show ename type sort data span'.split()
    data = [dict(zip(names, d)) for d in SL]
    filter = json.dumps(data, ensure_ascii=False)

    if btn_id != '':
        sql = """select mp.para_name,ap.muti_sql from menu_form_url_para mp 
                   left join menu_select_all_para ap on ap.para_name=mp.para_name and ap.sel_type=%s
            where mp.btn_id=%s and ap.muti_sql is not null
          """ % (sel_type, btn_id)
    elif field_type == 15:
        sql = """select mp.para_name,ap.filter_sql from menu_form_url_para mp 
                   left join menu_select_all_para ap on ap.para_name=mp.para_name and ap.sel_type=%s
            where mp.field_id=%s and ap.filter_sql is not null
          """ % (sel_type, field_id)
    else:
        sql = """select mp.para_name,ap.muti_sql from menu_form_url_para mp 
                   left join menu_select_all_para ap on ap.para_name=mp.para_name and ap.sel_type=%s
            where mp.field_id=%s and ap.muti_sql is not null
          """ % (sel_type, field_id)
    print sql
    FL, iN = db.select(sql)

    #获取排序字段参数
    if btn_id != '':
        sql = """SELECT ms.label,ms.col_name,ms.field_order,ifnull(fc.col_name,''),ifnull(is_hide,0),ifnull(is_unique,0), ms.field_show,ifnull(can_search,0) from menu_select_all_cols ms
                   left join menu_form_select_cols mc on mc.sel_col_id = ms.id
                   left join menu_form_cols fc on mc.field_id1 = fc.id 
                   where mc.btn_id=%s
                   order by ifnull(mc.sort,999)
         """ % (btn_id)
    else:
        sql = """SELECT ms.label,ms.col_name,ms.field_order,ifnull(fc.col_name,''),ifnull(is_hide,0),ifnull(is_unique,0), ms.field_show,ifnull(can_search,0) from menu_select_all_cols ms
                   left join menu_form_select_cols mc on mc.sel_col_id = ms.id
                   left join menu_form_cols fc on mc.field_id1 = fc.id 
                   where mc.field_id=%s
                   order by ifnull(mc.sort,999)
         """ % (field_id)
    #print ToGBK(sql)
    NL, iN = db.select(sql)
    names = 'cname ename order field_name hide unique'.split()
    data = [dict(zip(names, d)) for d in NL]
    cols = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    aoData = request.POST.get('aoData', '')

    select_size = 10
    startNo = 0
    orderby = ''
    orderbydir = ''
    qqid = ''
    #print aoData
    if aoData != '':
        jsonData = json.loads(aoData)
        for e in jsonData:
            if e['name'] == 'sEcho':
                sEcho = e['value']
            elif e['name'] == 'iDisplayLength':
                select_size = e['value']
            elif e['name'] == 'iDisplayStart':
                startNo = e['value']
            elif e['name'] == 'iSortCol_0':
                iCol = e['value']
                orderby = NL[int(iCol)][2]
            elif e['name'] == 'sSortDir_0':
                orderbydir = e['value']
            elif e['name'] == 'sSearch':
                qqid = e['value']
        sEcho += 1
    else:
        sEcho = 1
    pageNo = (int(startNo) / int(select_size)) + 1
    if pageNo == 0: pageNo = 1

    sql = "select "
    for e in NL:
        sql += "%s," % (e[6])
    sql = sql[:-1]
    sql += " %s " % from_table
    if qqid != '':
        sTemp = "CONCAT('',"
        for e in NL:
            if e[7] == 1:
                sTemp += "%s," % e[6]
        sTemp = sTemp[:-1] + ")"
        sql += " AND %s LIKE '%%%s%%'" % (sTemp, qqid)
    for e in SL:
        value = request.POST.get(e[2], '')
        if value != '':
            sTemp = e[12].replace("$s", str(value))
            sql += " and (%s)" % (sTemp)
    for e in FL:
        value = request.POST.get(e[0], '')
        if value != '':
            sTemp = e[1].replace("$s", str(value))
            sql += " and (%s)" % (sTemp)
    #ORDER BY
    if orderby != '':
        sql += ' ORDER BY %s %s' % (orderby, orderbydir)
    elif from_sort != '':
        sql += from_sort
    print ToGBK(sql)
    rows, iTotal_length, iTotal_Page, pageNo, select_size = db.select_for_grid(
        sql, pageNo, select_size)
    names = []
    for n in range(0, len(NL)):
        names.append(NL[n][1])
    data = [dict(zip(names, d)) for d in rows]

    s3 = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    s = """
        {
        "errcode": 0,
        "errmsg": "获取数据成功",
        "filter":%s,
        "cols":%s,
        "dataList":%s,
        "totalLength":%s,
        "totalPage":%s,
        "pageNo":%s,
        "pageSize":%s
        }
        """ % (filter, cols, s3, iTotal_length, iTotal_Page, pageNo,
               select_size)
    print ToGBK(s)
    return HttpResponseCORS(request, s)
Ejemplo n.º 16
0
def get_sign_data(request):
    ret, msg, d_value = mValidateUser(request, "view", '')
    if ret != 0:
        return HttpResponseCORS(request, msg)

    sql = """SELECT sel_table from menu_select_source where  sel_type=3"""
    rows, iN = db.select(sql)
    if iN == 0:
        return HttpResponseCORS(request, '')
    from_table = rows[0][0]
    from_table = from_table.replace('\n', '')
    from_table = from_table.replace('\r', '')

    #获取筛选的参数
    sql = """SELECT label,show_label,filter_name,filter_type
                   ,sort,defalut_value,span
                   ,field_type,field_txt,field_title,ifnull(para1,''),ifnull(para2,''),filter_sql
             FROM menu_select_filters
             where sel_type=3 order by sort"""
    #print sql
    rows, iN = db.select(sql)
    SL = []
    for e in rows:
        L1 = list(e)
        value = request.POST.get(e[2], '')
        if value != '':
            value = e[5]
        para1, para2 = '', ''
        if e[10] != '':
            para1 = request.POST.get(e[10], '')
        if e[11] != '':
            para2 = request.POST.get(e[11], '')
        L1[5] = get_filter_data(e[7], e[8], e[9], value, para1, para2)
        SL.append(L1)
    #print SL
    names = 'cname txt_show ename type sort data span'.split()
    data = [dict(zip(names, d)) for d in SL]
    filter = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    #获取排序字段参数
    sql = """SELECT ms.label,ms.col_name,ms.field_order, ms.field_show,ifnull(can_search,0) from menu_select_all_cols ms
                   where sel_type = 3 and id!=13
                   order by ifnull(ms.sort,999)
         """
    #print sql
    NL, iN = db.select(sql)
    names = 'cname ename order'.split()
    data = [dict(zip(names, d)) for d in NL]
    cols = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    aoData = request.POST.get('aoData', '')

    select_size = 10
    startNo = 0
    orderby = ''
    orderbydir = ''
    qqid = ''
    #print aoData
    if aoData != '':
        jsonData = json.loads(aoData)
        for e in jsonData:
            if e['name'] == 'sEcho':
                sEcho = e['value']
            elif e['name'] == 'iDisplayLength':
                select_size = e['value']
            elif e['name'] == 'iDisplayStart':
                startNo = e['value']
            elif e['name'] == 'iSortCol_0':
                iCol = e['value']
                orderby = NL[int(iCol)][2]
            elif e['name'] == 'sSortDir_0':
                orderbydir = e['value']
            elif e['name'] == 'sSearch':
                qqid = e['value']
        sEcho += 1
    else:
        sEcho = 1
    pageNo = (int(startNo) / int(select_size)) + 1
    if pageNo == 0: pageNo = 1

    sql = "select "
    for e in NL:
        sql += "%s," % (e[3])
    sql = sql[:-1]
    sql += " %s " % from_table
    if qqid != '':
        sTemp = "CONCAT('',"
        for e in NL:
            if e[4] == 1:
                sTemp += "%s," % e[3]
        sTemp = sTemp[:-1] + ")"
        sql += " AND %s LIKE '%%%s%%'" % (sTemp, qqid)
    for e in SL:
        value = request.POST.get(e[2], '')
        if value != '':
            sTemp = e[12].replace("$s", str(value))
            sql += " and (%s)" % (sTemp)
    usr_id = d_value[0]
    #usr_id = request.session.get('usr_id', 1)

    sql += " and ur.usr_id not in (1,2,%s)" % usr_id
    #ORDER BY
    if orderby != '':
        sql += ' ORDER BY %s %s' % (orderby, orderbydir)
    #print request.POST
    #print sql
    rows, iTotal_length, iTotal_Page, pageNo, select_size = db.select_for_grid(
        sql, pageNo, select_size)
    names = []
    for n in range(0, len(NL)):
        names.append(NL[n][1])
    data = [dict(zip(names, d)) for d in rows]

    s3 = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)

    s = """
        {
        "errcode": 0,
        "errmsg": "获取数据成功",
        "filter":%s,
        "cols":%s,
        "dataList":%s,
        "totalLength":%s,
        "totalPage":%s,
        "pageNo":%s,
        "pageSize":%s
        }
        """ % (filter, cols, s3, iTotal_length, iTotal_Page, pageNo,
               select_size)
    #print ToGBK(s)
    return HttpResponseCORS(request, s)
Ejemplo n.º 17
0
def login_func(request):
    import base64, time
    import random
    random_no = '%s' % (random.randint(0, 999999))
    source = request.POST.get('source', 'web')

    if request.META.has_key('HTTP_X_FORWARDED_FOR'):
        ip = request.META['HTTP_X_FORWARDED_FOR']
    else:
        ip = request.META['REMOTE_ADDR']
    union_id = 'or0EJv-sW7K_rmSakUfKH1ONE5hg'
    if union_id == '':
        errCode = 1
        msg = u'用户未注册供应商服务平台'
        s = """
            {
            "errcode": %s,
            "errmsg": "%s",
            }
            """ % (errCode, msg)
        response = HttpResponseCORS(request, s)
        return response
    s1 = ''
    sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'')
                   FROM users_gy U 
                   LEFT JOIN addr_book ab on ab.id = U.addr_id
                   LEFT JOIN suppliers su on su.id = ab.sup_id
                   WHERE U.unionid='%s' AND U.status=1 
                """ % (union_id)
    lT, iN = db.select(sql)
    if iN > 0:
        usr_id = lT[0][0]

        request.session['usr_id'] = usr_id
        request.session['usr_name'] = lT[0][1]
        request.session['sup_id'] = lT[0][2]
        request.session['sup_name'] = lT[0][3]
        d_value = ['', '', '', '', '']
        d_value[0] = usr_id
        d_value[1] = lT[0][1]
        d_value[2] = lT[0][2]
        d_value[3] = lT[0][3]
        d_value[4] = 0
        g_data.set_value(d_value)
        errCode = 0
        msg = 'OK'
        pic = lT[0][4]

        sTimeStamp = str(time.time())
        wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey)
        ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp)

        sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
               WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
               FROM menu_func WMF 
               Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
               WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
               ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
            """

        #print sql
        rows, iN = db.select(sql)
        L1 = [2]
        L2 = []
        #L = formatData(rows,L1,L2)
        names = 'level menu_id menu_name sort parent_id status url icon'.split(
        )
        data = [dict(zip(names, d)) for d in rows]

        s3 = json.dumps(data, ensure_ascii=False)

        s1 = """"userid":%s,
                "username":"******",
                "sup_id":%s,
                "sup_name":"%s",
                "pic_url":"%s",
                "AccessToken":"%s",
                "menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2],
                                     (lT[0][3]), pic, token, s3)
        sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
                     values (%s,'%s','%s','%s',now(),now(),%s) 
                    """ % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
        #print ToGBK(sql)

        db.executesql(sql)
    else:
        errCode = 1
        msg = u'用户不存在'
    s = """
        {
            "errcode": %s,
            "errmsg": "%s",
            %s
        }
        """ % (errCode, msg, s1)
    #print ToGBK(s)
    response = HttpResponseCORS(request, s)
    return response
Ejemplo n.º 18
0
def change_pwd(request):
    errCode = 0
    msg = u''
    now = datetime.datetime.now()
    # flag:1 修改密码 0:重置密码
    flag =  request.POST.get('flag','') or request.GET.get('flag','')
    login_id =  request.POST.get('login_id','') or request.GET.get('login_id','')
    oldpwd = request.POST.get('oldpassword','') or request.GET.get('oldpassword','')
    password =  request.POST.get('password_login','') or request.GET.get('password_login','')

    # 判断旧密码是否正确
    if flag in [1,'1']:
        sql = "select password from `users` where login_id='%s'"%(login_id)
        rows,iN = db.select(sql)
        print(request.POST)
        print('rows:',rows,login_id)
        if iN:
            print('###:',oldpwd,rows[0][-1])
            if oldpwd != rows[0][0]:
                errCode = 1
                msg = u'旧密码输入错误'
                s = """
                    {
                    "errcode": %s,
                    "errmsg": "%s",
                    "login_id": "%s",
                    }
                    """ %(errCode,msg,login_id)
                response = HttpResponseCORS(request,s)
    # else:
    #     errCode = 1
    #     msg = u'旧密码输入错误'
    # 判断新密码是否符合要求
    sql = "select old_password from `usr_history_info` where login_id='%s'"%(login_id)

    rows,iN = db.select(sql)
    if not password or password in [_[0] for _ in rows]:
        errCode = 2
        msg = u'不能使用历史密码或空密码!'
    
    if not errCode:
        # 更新用户记录表
        DB_Op('users',['password'],["'%s'"%password]," where login_id='%s'"%login_id)
        DB_Op('login_record',['pwd_update_time'],["'%s'"%now]," where login_id='%s'"%(login_id))
        
        sql = "select create_time,pwd_update_time from `login_record` where login_id='%s'"%(login_id)
        rows,iN = db.select(sql)
        print request.POST
        print(rows)
        # 插入历史数据
        old_createTime = rows[0][-1] or rows[0][0] or now # 优先密码更新时间
        DB_Op('usr_history_info',['login_id','old_password','old_createTime'],\
                ["'%s'"%login_id,"'%s'"%oldpwd,"'%s'"%old_createTime],'insert')

    s = """
        {
        "errcode": %s,
        "errmsg": "%s",
        "login_id": "%s",
        }
        """ %(errCode,msg,login_id)
    response = HttpResponseCORS(request,s)
    return response
Ejemplo n.º 19
0
def login_func(request):
    import base64 , time
    import random
    random_no='%s'%(random.randint(0,999999))
    print(request.POST)
    usr_id,usr_name,dept_id,dept_name='','','',''
    login_id =  request.POST.get('login_id','') or request.GET.get('login_id','')
    password =  request.POST.get('password','') or request.GET.get('password','')
    source =  request.POST.get('source','web')
    lang_id =  request.POST.get('lang_id') or request.GET.get('lang_id','')
    if lang_id=='':lang_id=1
    else:lang_id = int(lang_id)

    if request.META.has_key('HTTP_X_FORWARDED_FOR'):  
        ip =  request.META['HTTP_X_FORWARDED_FOR']  
    else:  
        ip = request.META['REMOTE_ADDR']  
    
    response = login_test(request)
    if  response:
        return response

    errCode, msg = -1, '该账户已失效!'
    


# ----#
    # if login_id=='':
    #     errCode = 1
    #     msg = u'用户名不存在'
    #     s = """
    #         {
    #         "errcode": %s,
    #         "errmsg": "%s",
    #         "login_id": "%s",
    #         }
    #         """ %(errCode,msg,login_id)  
    #     response = HttpResponseCORS(request,s)
    #     return response
    # login_id=login_id.replace("'","")
    # if password!='':
    #     password=password.lower()
# ---#
    s1 =''
    sql="""SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password
                   FROM users U LEFT JOIN dept D ON U.dept_id=D.id
                   WHERE U.login_id='%s' AND U.status=1
                """ % (login_id)
    lT,iN = db.select(sql)
    if iN>0:
        # pwd1 = lT[0][5]
        # m1 = md5.new()   
        # m1.update(lT[0][5])   
        # pwd = m1.hexdigest()   
        # print(password,pwd,'###')
        # if password != pwd:
        #     errCode = 2
        #     msg = u'密码错误'
        # else:
        #     if m_prjname == 'kjerp':
        #         ret = ProcessPassword(pwd1)
        #     else:
        #         ret = True
        #     if ret == False:
        #         errCode = 3
        #         msg = u'密码过于简单,请修改密码后重新登陆'
        #         s = """
        #             {
        #             "errcode": %s,
        #             "errmsg": "%s",
        #             "login_id": "%s",
        #             }
        #             """ %(errCode,msg,login_id)  
        #         response = HttpResponseCORS(request,s)
        #         return response
        usr_id=lT[0][0]
        #求得用户的权限
        dActiveUser[usr_id]={}
        dActiveUser[usr_id]['roles']={}                       #用户角色
        dActiveUser[usr_id]['access_dept_data']=[]            #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...]
        dActiveUser[usr_id]['access_person_data']=[]          #访问人员数据的权限,格式:['人员ID1','人员ID2',...]
        dActiveUser[usr_id]['login_time']=time.time()         #登入时间
        dActiveUser[usr_id]['usr_name']=lT[0][1]              #用户名
        dActiveUser[usr_id]['login_id']=login_id
        dActiveUser[usr_id]['usr_dept']=lT[0][2],lT[0][3]           #用户部门
        dActiveUser[usr_id]['pic']=lT[0][4]
                
        #用户角色/访问部门内所有人员数据的权限
        sql="""SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id
                        FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id
                        WHERE WUR.usr_id=%s
            """ % usr_id
        print(sql)
        lT1,iN1 = db.select(sql)
        if iN1>0:
            for e in lT1:
                #用户角色
                dActiveUser[usr_id]['roles'][e[0]]=e[1:]   

        request.session['usr_id'] = usr_id
        request.session['usr_name'] = dActiveUser[usr_id]['usr_name']
        request.session['dept_id'] = lT[0][2]
        request.session['dept_name'] = lT[0][3]
        request.session['dActiveUser'] = dActiveUser
        d_value = ['','','','','']
        d_value[0] = usr_id
        d_value[1] = dActiveUser[usr_id]['usr_name']
        d_value[2] = lT[0][2]
        d_value[3] = lT[0][3]
        d_value[4] = 0
        g_data.set_value(d_value)
        errCode = 0
        msg = 'OK'
        pic = lT[0][4]
        if pic=='':
            pic_url = "%s/user_pic/default.jpg"%fs_url
        else:
            pic_url = "%s/user_pic/small_"%fs_url+pic

        sTimeStamp = str(time.time())
        wxcpt=WXBizMsgCrypt('szoworld',m_aesKey)
        ret,token = wxcpt.EncryptMsg(login_id,random_no,sTimeStamp)            
        
        if m_muti_lang==1 and lang_id>1:
            if usr_id in [1,2]:
                sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
                        WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                        FROM menu_func WMF 
                        Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
                        left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
                        WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
                        ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                    """%(lang_id)
            else:
                sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
                        WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                        FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
                        left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
                        WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
                        ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                    """%(lang_id,usr_id)
        else:
            if usr_id in [1,2]:
                sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
                        WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                        FROM menu_func WMF 
                        Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
                        WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
                        ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                    """
            else:
                sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
                        WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
                        FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
                        WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
                        ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
                    """%usr_id
    #print sql   # ---#
        print(sql)
        rows,iN = db.select(sql)
        L1=[2]
        L2=[]
        #L = formatData(rows,L1,L2)
        names = 'level menu_id menu_name sort parent_id status url icon'.split()
        data = [dict(zip(names, d)) for d in rows]

        s3 = json.dumps(data,ensure_ascii=False)

        s1 = """"userid":%s,
                "username":"******",
                "dept_id":%s,
                "dept_name":"%s",
                "pic_url":"%s",
                "AccessToken":"%s",
                "menu_data":%s,"""%(lT[0][0],(lT[0][1]),lT[0][2],(lT[0][3]),pic_url,token,s3)
        sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
                    values (%s,'%s','%s','%s',now(),now(),%s) 
                """%(lT[0][0],source,token,ip,int(TIME_OUT)*60)
        #print ToGBK(sql)
        
        db.executesql(sql)
            # --#
    # else:
    #     errCode = 1
    #     msg = u'用户名不存在'

    # print('##:',s1)
    s = """
        {
            "errcode": %s,
            "errmsg": "%s",
            "login_id": "%s",
            %s
        }
        """ %(errCode,msg,login_id,s1)  
    #print ToGBK(s)
    response = HttpResponseCORS(request,s)
    return response
Ejemplo n.º 20
0
def forgetpwd(request,Opname):
    errCode = 0
    s = """ """
    msg = ''
    tel = ''

    if request.META.has_key('HTTP_X_FORWARDED_FOR'):
        login_ip =  request.META['HTTP_X_FORWARDED_FOR']
    else:
        login_ip = request.META['REMOTE_ADDR']
    name =  request.POST.get('usrname','') or request.GET.get('usrname','')
    login_id =  request.POST.get('login_id','') or request.GET.get('login_id','')
    mobil =  request.POST.get('mobil','') or request.GET.get('mobil','')
    mobil_valid = request.POST.get('mobil_valid','') or request.GET.get('mobil_valid','')

    # 发送短信
    if Opname in ['getmobilvalid']:
        tel='%s'%(random.randint(0,999999))
        res = test_getValid(mobil,tel)

        if res['Code'].lower() in ['ok']:
            # 删除相应的数据存在验证码在临时表中
            _sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
            db.executesql(_sql)
            DB_Op('temp_sheet',['temp_id','temp_ip','valid_code'],\
                    ["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(tel)],'insert')
            errCode = 0
            msg = 'sucess'
        else:
            errCode = -1
            msg = '验证码发送失败'
        s +="""{
                "errcode":%s,
                "errmsg": "%s",
                "tel": "%s",
                }
            """%(errCode,msg,mobil)
        return HttpResponseCORS(request,s)
    # if Opname in ['fillcount']:
    #     s +="""{
    #             "errcode":"%s",
    #             "errmsg": "%s",
    #             "tel": "%s",}
    #         """%(errCode,msg,tel)
    #     return HttpResponseCORS(request,s)
    if Opname in ['checkVerify']:
        # 获取验证码
        sql = " select valid_code from `temp_sheet` where temp_id='%s' "%(login_id)
        rows,iN = db.select(sql)
        if iN:
            # 验证码正确
            if str(rows[0][-1]) == str(mobil_valid):
                errCode = 0   
                msg = 'sucess'
                _sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
                db.executesql(_sql)
            else:
                errCode = -1   
                msg = '验证码错误'
        else:
            errCode = -1   
            msg = '该手机未收到验证码!'
        # 验证码正确
        s +="""{
                "errcode":'%s',
                "errmsg": "%s",
                "valid": "%s",}
            """%(errCode,msg,mobil_valid)
        return HttpResponseCORS(request,s)
Ejemplo n.º 21
0
def login_test(request):

    currentTime = datetime.datetime.now()   # 当前时间
    errCode = -1
    msg, s='', ''   # 返回的基础信息
    error_count = 0
    login_id =  request.POST.get('login_id','') or request.GET.get('login_id','')
    password =  request.POST.get('password','') or request.GET.get('password','')
    valid_code = request.POST.get('valid','') or request.GET.get('valid','')

    print('VALID`VALID`:',valid_code)

    image_code, valid_code_real = '','' # 图片数据 验证码 -1 or ''

    # print(valid_code_real)
    if request.META.has_key('HTTP_X_FORWARDED_FOR'):
        login_ip =  request.META['HTTP_X_FORWARDED_FOR']
    else:
        login_ip = request.META['REMOTE_ADDR']
    # 获取验证码
    _sql = """
        select valid_code from `temp_sheet` where temp_id='%s' and temp_ip='%s'
        """%(login_id,login_ip)
    rows,iN = db.select(_sql)
    if iN:
        valid_code_real = rows[0][-1] # 验证码
        print('valid:',valid_code_real)


    # login_id = 'abc'
    sql = """
            select password,usr_name from `users` where login_id='%s'
            """%(login_id)
    rows,iN= db.select(sql)
    if iN:
        real_pwd = [_[0] for _ in rows][0]
    else:
        real_pwd = ''
    print(sql)
    if not iN:
        errCode = -1
        msg = u'用户名不存在!'
        s = """
            {
            "errcode": %s,
            "errmsg": "%s",
            "login_id": "%s",
            }
            """ %(errCode,msg,login_id)
        response = HttpResponseCORS(request,s)
        return response
    else:   
        usr_name = rows[0][1]
        # 密码正确 记录登录信息到相应表
        # m1 = md5.new() 
        # m1.update(real_pwd.lower())
        # pwd_l = m1.hexdigest()
        # pwd_h = md5.new(real_pwd.upper()).hexdigest()
        pwd_real = md5.new(real_pwd).hexdigest()

        print('#-#valid:',valid_code_real,valid_code)
        if (password==real_pwd or password in [pwd_real]) and any([valid_code_real in ['','-1'],valid_code_real.lower() == valid_code.lower()]):
            # 检验是否过期
            if is_valid(login_id)>=90:
                errCode = -2 # 用户过期
                msg = u'用户已过期!'
                s ="""
                    {
                        "errcode":%s,
                        "errmsg:":"%s",
                        "login_id":"%s",
                        "usr_name":"%s",
                    }
                    """%(errCode,msg,login_id,usr_name) 
                return HttpResponseCORS(request,s)
            if is_lock(login_id)>=60:
                errCode = -3 # 用户锁定
                msg = u'用户已锁定!'
                s ="""
                    {
                        "errcode":%s,
                        "errmsg:":'%s',
                        "login_id":"%s",
                        "usr_name":"%s",
                    }
                    """%(errCode,msg,login_id,usr_name) 
                return HttpResponseCORS(request,s)
            # else:
            #     pass # 更新登录时间
            #     DB_Op('usr_info',['login_time'],[''])
            # print('match:',bool(re.compile('[a-z0-9A-Z]{8,16}').match(password)))

            if len(password)<8 or not bool(re.compile(r'^(?:(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])).*$').match(password)):
                errCode = 4 # 弱密码
                msg = u'密码不符合要求请修改密码!'

                _sql = """
                    select login_id from `login_record` where login_id='%s' 
                    """%(login_id)
                print(_sql)
                print db.executesql(_sql)
            # 记录登录信息
                if not db.executesql(_sql):
                    DB_Op('login_record',['login_id','login_ip','login_time'],\
                        ["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert')
                s ="""
                    {
                        "errcode":%s,
                        "errmsg:":'%s',
                        "login_id":"%s",
                        "usr_name":"%s",

                    }
                    """%(errCode,msg,login_id,usr_name)
                return HttpResponseCORS(request,s)

            errCode = 0
            msg = u'操作正确'
            _sql = """
                    select login_id from `login_record` where login_id='%s' 
                    """%(login_id)
            print db.executesql(_sql)
            # 记录登录信息
            if not db.executesql(_sql):
                DB_Op('login_record',['login_id','login_ip','login_time'],\
                    ["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert')
            else:
                DB_Op('login_record',['login_ip','login_time'],\
                    ["'%s'"%login_ip,"'%s'"%(currentTime)]," where login_id='%s'"%(login_id))
        
            # 删除临时表中的记录
            _sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
            db.executesql(_sql)
            return None
        
        # 密码错误记录到临时表
        else:
            _sql = """
                    select temp_id,temp_ip,login_num from `temp_sheet` where temp_id='%s' and temp_ip='%s'
                    """%(login_id,login_ip)
            rows,iN = db.select(_sql)
            s +=''
            # 不存在记录 插入数据
            if not iN:
                DB_Op('temp_sheet',['temp_id','temp_ip','login_num','valid_code'],\
                    ["'%s'"%login_id,"'%s'"%login_ip,1,"''"],'insert')
                error_count = 1
            else:
                # 更新数据
                if int(rows[0][2])>=2:
                    image_code, valid_code_real = generate_valid()

                DB_Op('temp_sheet',['login_num','valid_code'],\
                    [int(rows[0][2])+1,"'%s'"%valid_code_real],"where temp_id='%s'"%(login_id))
                error_count =int(rows[0][2])+1
            errCode = -1    
            msg = u'账户或密码错误!'
            print(password,real_pwd,password == real_pwd)
            if password == real_pwd:
                msg = u'验证码错误!'
            s = """
                {
                "errcode": %s,
                "errmsg": "%s",
                "login_id": "%s",
                "image_code":"%s",
                "error_count":%s,
                "usr_name":"%s",
                }
                """ %(errCode,msg,login_id,image_code,error_count,usr_name)

            response = HttpResponseCORS(request,s)
            return response