def load_logged_in_user():
user_id = session.get('user_id')
admin_id = session.get('admin_id')
if user_id is None:
g.user = get_db().execute('SELECT * FROM admin WHERE id = ?',
(admin_id, )).fetchone()
elif admin_id is None:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
else:
g.user = None
def result():
db = get_db()
data = db.execute('SELECT num FROM vote WHERE election_number=1').fetchall(
) #return a multi-dimension list, as ([],[],[])
numlist = []
for x in data:
numlist.append(x[0]) #retrive the first value in each sub-list
public_key, private_key = paillier.generate_paillier_keypair()
encrypted_numlist = [public_key.encrypt(x) for x in numlist]
sum = 0
for i in encrypted_numlist:
sum += i
decrypted_sum = private_key.decrypt(sum)
re = []
while decrypted_sum != 0:
remain = decrypted_sum % 10
re.append(remain)
decrypted_sum /= 10
for i in range(len(re)):
db.execute(
'INSERT INTO result (election_number, candidate, result)'
'VALUES (?, ?, ?)', (election_number, i, re[i] / len(re)))
print(decrypted_sum)
return render_template('vote/result.html')
def candidate():
db = get_db()
posts = db.execute(
'SELECT candidate_id, candidate_name, discription, election_number'
' FROM candidate_list'
).fetchall()
return render_template('admin/candidate.html', posts=posts)
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
id_number = request.form['id_number']
realname = request.form['realname']
type = request.form.get('type_select')
db = get_db()
error = None
# error config
if not type:
error = 'You must select one identity type.'
elif type == 'user':
if not username:
error = '请输入用户名.'
elif not password:
error = '请输入密码.'
elif not id_number:
error = '请输入证件号码.'
elif not realname:
error = '真实姓名为必填项.'
elif db.execute('SELECT user_id FROM user WHERE user_id=?',
(id_number, )).fetchone() is not None:
error = '用户 {} 已存在.'.format(realname)
elif type == 'admin':
if not username:
error = '请输入用户名.'
elif not password:
error = '请输入密码.'
elif not id_number:
error = '请输入证件号码.'
elif not realname:
error = '真实姓名为必填项.'
elif db.execute('SELECT admin_id FROM admin WHERE admin_id=?',
(id_number, )).fetchone() is not None:
error = '管理员 {} 已存在.'.format(realname)
# Register
if error is None:
if type == 'user':
db.execute(
'INSERT INTO user (username,password,user_id,realname) VALUES (?,?,?,?)',
(username, generate_password_hash(password), id_number,
realname))
db.commit()
return redirect(url_for('auth.login'))
elif type == 'admin':
db.execute(
'INSERT INTO admin (username,password,admin_id,realname) VALUES (?,?,?,?)',
(username, generate_password_hash(password), id_number,
realname))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def vote():
db = get_db()
posts = db.execute(
'SELECT p.author_id, title, created, username'
' FROM election_info p JOIN admin x ON p.author_id = x.id'
' ORDER BY created DESC'
).fetchall()
return render_template('admin/vote.html', posts=posts)
def election_register():
startTime = datetime.now()
db = get_db()
posts = db.execute(
'SELECT p.author_id, title, body, created, username'
' FROM election_info p JOIN admin x ON p.author_id = x.id'
' ORDER BY created DESC'
).fetchall()
print(datetime.now() - startTime)
return render_template('admin/election_register.html', posts=posts)
def get_post(id, check_author=True):
post = get_db().execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?', (id, )).fetchone()
if post is None:
abort(404, "Post id {0} doesn't exist.".format(id))
if check_author and post['author_id'] != g.user['id']:
abort(403)
return post
def votelist():
startTime = datetime.now()
db = get_db()
posts = db.execute(
'SELECT candidate_id, candidate_name, discription, election_number'
' FROM candidate_list').fetchall()
user = db.execute('SELECT * FROM user WHERE id = ?',
(g.user['id'], )).fetchone()
person = db.execute(
'SELECT candidate_id FROM candidate_list WHERE candidate_id = ?',
(user[3], )).fetchone()
voter = db.execute('SELECT * FROM vote WHERE voter_id = ?',
(user[3], )).fetchone()
if request.method == 'POST':
candidate_id = request.form['vote']
error = None
if not candidate_id:
error = '请选择一位候选人。'
elif person is not None:
error = '您是候选人,不具备本场竞选投票资格。'
elif voter is not None:
error = '不可以重复投票。'
flash(error)
if error is None:
candidateid = int(candidate_id)
row = db.execute('SELECT * FROM user WHERE id =?',
(g.user['id'], )).fetchone()
user_id = row[3]
row1 = db.execute(
'SELECT * FROM candidate_list WHERE candidate_id = ?',
(candidateid, )).fetchone()
calcu_id = row1[5]
db.execute(
'INSERT INTO vote (voter_id, election_number, num)'
'VALUES (?, ?, ?)', (user_id, 2, calcu_id))
db.commit()
print(datetime.now() - startTime)
return redirect(url_for('user.votelist'))
return render_template('user/votelist.html', posts=posts)
def enroll_form():
db = get_db()
if request.method == 'POST':
startTime = datetime.now()
name = request.form['name']
candidate_id = request.form['candidate_id']
info_id = request.form['info_id']
body = request.form['body']
error = None
person = db.execute('SELECT * FROM user WHERE user_id = ?',
(candidate_id, )).fetchone()
if not name:
error = '请填入姓名'
elif not candidate_id:
error = '请输入身份证号'
elif not info_id:
error = '请输入选举场次号码'
elif person is None:
error = '证件号码不正确'
if error is not None:
flash(error)
else:
db.execute(
'INSERT INTO candidate_list (election_number, candidate_id, candidate_name, discription)'
' VALUES (?, ?, ?, ?)', (info_id, candidate_id, name, body))
db.commit()
autoid = db.execute(
'SELECT id FROM candidate_list WHERE candidate_id = ?',
(candidate_id, )).fetchone()
i = autoid[0]
calcu = math.pow(10, i - 1)
db.execute('UPDATE candidate_list SET calcu_id=? WHERE id=?',
(calcu, i))
db.commit()
print(datetime.now() - startTime)
return redirect(url_for('user.notif'))
return render_template('user/enroll_form.html')
def create():
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO post (title, body, author_id)'
' VALUES (?, ?, ?)', (title, body, g.user['id']))
db.commit()
return redirect(url_for('blog.index'))
return render_template('blog/create.html')
def update(id):
post = get_post(id)
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute('UPDATE post SET title = ?, body = ?'
' WHERE id = ?', (title, body, id))
db.commit()
return redirect(url_for('blog.index'))
return render_template('blog/update.html', post=post)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
type = request.form.get('type_select')
db = get_db()
error = None
if type == 'user':
user = db.execute('SELECT * FROM user WHERE username=?',
(username, )).fetchone()
if user is None:
error = '您尚未注册.'
elif not check_password_hash(user['password'], password):
error = '密码错误.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('user.user_home'))
elif type == 'admin':
admin = db.execute('SELECT * FROM admin WHERE username=?',
(username, )).fetchone()
if admin is None:
error = '您尚未注册.'
elif not check_password_hash(admin['password'], password):
error = '密码错误.'
if error is None:
session.clear()
session['admin_id'] = admin['id']
return redirect(url_for('admin.admin_home'))
flash(error)
return render_template('auth/login.html')
def create_election():
if request.method == 'POST':
startTime = datetime.now()
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO election_info (title, body, author_id)'
' VALUES (?, ?, ?)',
(title, body, g.user['id'])
)
db.commit()
print(datetime.now() - startTime)
return redirect(url_for('admin.create_election'))
return render_template('admin/create_election.html')
def delete(id):
get_post(id)
db = get_db()
db.execute('DELETE FROM post WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('blog.index'))
def index():
db = get_db()
posts = db.execute('SELECT p.id, title, body, created, author_id, username'
' FROM post p JOIN user u ON p.author_id = u.id'
' ORDER BY created DESC').fetchall()
return render_template('blog/index.html', posts=posts)