def user_list(): if 'id' in session: # 此处不应该以是否有session为标准,而是判断session中的信息正确与否。 user = system.User() user.id = session['id'] from_user_table_info = user.query_all_by_id() # print('from_user_table_info :', from_user_table_info) # if session['id'] == from_user_table_info[0][0] and session['username'] == from_user_table_info[0][1]: # print('session中的信息与数据库信息相符: ', from_user_table_info[0][0], ' and ', from_user_table_info[0][1]) if request.method == 'GET': if session['id'] in range(5): # 如果是管理员 user = system.User() result = user.query_all_user() return render_template('user_list.html', result=result) else: var = request.form # 把Ajax中的数据取出来 # a = request.values # 把Ajax中的数据取出来 print(var) # 输出一下,看是什么类型,ImmutableMultiDict这个类型 result_id = None for i in var: # print(i) # 先看能不能迭代,输出i 是一个str # print(type(i)) # 看类型果然是str i = eval(i) # 百度str 怎么转成dic ,有两种方法,eval()和exec()函数实现 # print(i) # print(type(i)) result_id = i return redirect(url_for('user_list_edit', result_id=result_id)) return redirect(url_for('home'))
def insert_user(): '''admin操作 * session判断username是否是admin ''' # 检查session if 'username' in session: if request.method == 'POST': user = system.User() user.id = request.form['id'] user.username = request.form['username'] user.userpass = request.form['userpass'] user.usertype = request.form['usertype'] user.usermail = request.form['usermail'] user.userhomepage = request.form['userhomepage'] user.homepagename = request.form['homepagename'] user.sex = request.form['sex'] user.comefrom = request.form['comefrom'] user.usersign = request.form['usersign'] user.redate = request.form['redate'] user.insert() return redirect(url_for('user_list')) # 根据session中的用户名查找其所有信息 user = system.User() user.username = session['username'] # id = user.query_all_by_username()[0][0] result = user.query_all_by_username() if result[0][0] in range(5): # session.username是管理员 return render_template('insert_user_detail.html', result=result) else: redirect(url_for('home')) return redirect(url_for('home'))
def update_user(): # *** js判断输入是否合法(没有做) # 检查session if 'username' in session: if request.method == 'POST': # 后台更新数据 # print(request.form['id'], request.form['username'], request.form['userpass'], request.form['usertype'], # request.form['usermail'], request.form['userhomepage'], request.form['homepagename'], # request.form['sex'], request.form['comefrom'], request.form['usersign']) user = system.User() user.id = request.form['id'] user.username = request.form['username'] user.userpass = request.form['userpass'] user.usertype = request.form['usertype'] user.usermail = request.form['usermail'] user.userhomepage = request.form['userhomepage'] user.homepagename = request.form['homepagename'] user.sex = request.form['sex'] user.comefrom = request.form['comefrom'] user.usersign = request.form['usersign'] user.redate = request.form['redate'] user.update() return 'post ok' # 根据session中的用户名查找其所有信息 user = system.User() user.username = session['username'] # id = user.query_all_by_username()[0][0] result = user.query_all_by_username() return render_template('user_detail.html', result=result) return render_template('home.html')
def signin(): if request.method == 'POST': session.clear() username = request.form['username'] userpass = request.form['password'] # 1. 判断有没有用户 flag = system.login(username, userpass) if flag == 0: return render_template('login.html', message='username not find', info='') elif flag == 1: return render_template('login.html', message='userpass error', info='') else: # flag == 2 # 根据username查找id user = system.User() user.username = username result = user.query_all_by_username() # 登录成功则存入会话 session['id'] = result[0][0] session['username'] = request.form['username'] # return render_template('home.html', message='login success', username=username, info='') return redirect(url_for('home')) return render_template('login.html')
def delete_user_delete(user_id): if request.method == 'POST': print('post ok', user_id) if session['id'] == user_id: # for example: 222 用户登录,不能删除222 return '不能删除自己' else: user = system.User() user.id = user_id status = user.delete() print('delete status :', status) return 'delete ok' return user_id
def update_user(user_id): # *** js判断输入是否合法(没有做) # 检查session if 'username' in session: if request.method == 'POST': user = system.User() user.id = request.form['id'] user.username = request.form['username'] user.userpass = request.form['userpass'] user.usertype = request.form['usertype'] user.usermail = request.form['usermail'] user.userhomepage = request.form['userhomepage'] user.homepagename = request.form['homepagename'] user.sex = request.form['sex'] user.comefrom = request.form['comefrom'] user.usersign = request.form['usersign'] user.redate = request.form['redate'] user.update() session.pop('username', None) session['username'] = request.form['username'] # 判断session.username是不是admin,如果不是admin则返回login页面 result = user.query_all_by_username()[0][0] if result not in range(5): return redirect(url_for('home')) # 判断session.username是不是admin,如果是admin则返回用户列表 return redirect(url_for('user_list')) print('---/update_user/' + user_id + '---get opt :') user = system.User() if user_id: # 根据路由中的user_id查找其所有信息 user.id = user_id result = user.query_all_by_id() else: # 根据session中的用户名查找其所有信息 user.username = session['username'] result = user.query_all_by_username() print('update_user info :', result) # id = user.query_all_by_username()[0][0] return render_template('user_detail.html', result=result) return redirect(url_for('home'))
def home(): ''' 要把模板home.html放到正确的templates目录下,templates和app.py在同级目录下 ''' if 'username' in session: # 根据session中的用户名查找其所有信息 user = system.User() user.username = session['username'] user.id = session['id'] # id = user.query_all_by_username()[0][0] result = user.query_all_by_username() if result[0][0] in range(5): # session.username是管理员 return render_template('home.html', username=escape(session['username']), user_info=' you is admin') return render_template('home.html', username=escape(session['username'])) return render_template('home.html')