def alter():
if not admin_session_authentication():
abort(400)
# TODO:安全隐患:uid来自form
uid = request.form['uid']
name = request.form['name']
student_number = request.form['student_number']
login = request.form.get('login')
if login == 'on':
login = True
else:
login = False
if not (name and student_number):
return redirect('/search/all')
t = get_db().execute('SELECT now_attendance_id FROM Users WHERE id=(?)', [uid]).fetchone()
if not t:
return redirect('/search/all')
get_db().execute('UPDATE Users SET name=(?), student_number=(?) WHERE id=(?)',
[name, student_number, uid])
get_db().commit()
if (not(t['now_attendance_id'] and login)) and (t['now_attendance_id'] or login):
if login:
# 执行登录操作, machine_id 设为0
do_login_in_db(uid, 0)
else:
# 执行登出操作
do_logout_in_db(t['now_attendance_id'], uid)
return redirect('/search/all')
def trigger():
# print(request.form['p'])
machine_id, data = inspect_request(request)
retransmission('/trigger', request.form['p'])
res = get_db().execute('SELECT * FROM Users WHERE id=(?)', [data.get('id')]).fetchone()
if res:
try:
if res['now_attendance_id']:
do_logout_in_db(res['now_attendance_id'], data.get('id'))
return json.dumps({
'status': 'success',
'action': 'logout',
'name': res['name'],
'student_number': res['student_number']
})
else:
do_login_in_db(data.get('id'), machine_id)
return json.dumps({
'status': 'success',
'action': 'login',
'name': res['name'],
'student_number': res['student_number']
})
except sqlite3.OperationalError:
return json.dumps({
'status': 'failed',
'message': 'operation error'
})
else:
return json.dumps({
'status': 'failed',
'message': 'id not registered'
})
def delete():
machine_id, data = inspect_request(request)
retransmission('/delete', request.form['p'])
res = get_db().execute('SELECT * FROM Users WHERE id=(?)', [data.get('id')]).fetchone()
if res:
try:
if res['now_attendance_id']:
#先下线再删除
do_logout_in_db(res['now_attendance_id'], data.get('id'))
student_number = res['student_number']
get_db().execute('DELETE FROM Users WHERE id=(?)', [data.get('id')])
get_db().commit()
return json.dumps({
'status': 'success',
'student_number': student_number
})
except sqlite3.OperationalError:
return json.dumps({
'status': 'failed',
'message': 'operation error'
})
else:
return json.dumps({
'status': 'failed',
'message': 'id not registered'
})
def logout():
machine_id, data = inspect_request(request)
retransmission('/logout', request.form['p'])
res = get_db().execute('SELECT * FROM Users WHERE id=(?)', [data.get('id')]).fetchone()
if res and res['now_attendance_id']:
try:
do_logout_in_db(res['now_attendance_id'], data.get('id'))
return json.dumps({
'status': 'success',
'name': res['name'],
'student_number': res['student_number']
})
except sqlite3.OperationalError:
# TODO: 回滚
return json.dumps({
'status': 'failed',
'message': 'operation error'
})
else:
return json.dumps({
'status': 'failed',
'message': 'id not login'
})
