Example #1
0
def new_course(tid, idc, year, st, en):
    """教师新增加课程"""

    sql = "insert into Course (idCourse,tid,year,start_week,end_week) " \
          "values ('%s','%s','%s','%s','%s');" \
          % (clean(idc), clean(tid), year, st, en)
    db.execute(sql)
Example #2
0
def authNewUser(id):
    """管理员通过信用户申请"""

    sql = "select * from tempuser where id='%s';" % (clean(id))

    user = db.get(sql)

    name = user['name']
    pwd = user['pwd']
    type = user['type']
    email = user['email']

    if type == 't':
        sql = "insert into Teacher (idTeacher,name,pwd,email) values ('%s','%s','%s','%s');" \
                % (clean(id), name, pwd, email)
        db.execute(sql)
        sql = "delete from tempuser where id='%s';" % (clean(id))
        db.execute(sql)
        return 'success'
    elif type == 's':
        sql = "insert into Student (idStudent,name,pwd,email) values ('%s','%s','%s','%s');" \
                % (clean(id), name, pwd, email)
        db.execute(sql)
        sql = "delete from tempuser where id='%s';" % (clean(id))
        db.execute(sql)
        return 'success'
    else:
        return 'fail'
Example #3
0
def submit_homework_vedio(idHomework, sid, content, tag):
    """学生提交作业 视频"""

    sql = "insert into Homework (idHomework,cid,sid,content,tag,type) values " \
          "('%s',(select cid from Student where idStudent='%s'),'%s','%s','%s','video')" \
          % (clean(idHomework), clean(sid), clean(sid), cleanLink(content), clean(tag))
    return db.execute(sql)
Example #4
0
def insertIntoTempUser(id, type, name, pwd, email):
    """将新申请的用户加入数据库"""
    sql = "insert into tempuser (id,type,name,pwd,email) values ('%s','%s','%s','%s','%s');" % (
        clean(id), clean(type), clean(name), clean(pwd), email)

    # email到底怎么防止注入呢orz 并不会啊,需要改进
    db.execute(sql)
Example #5
0
def authNewUser(id):
    """管理员通过信用户申请"""

    sql = "select * from tempuser where id='%s';" % (clean(id))

    user = db.get(sql)

    name = user['name']
    pwd = user['pwd']
    type = user['type']
    email = user['email']

    if type == 't':
        sql = "insert into Teacher (idTeacher,name,pwd,email) values ('%s','%s','%s','%s');" \
                % (clean(id), name, pwd, email)
        db.execute(sql)
        sql = "delete from tempuser where id='%s';" % (clean(id))
        db.execute(sql)
        return 'success'
    elif type == 's':
        sql = "insert into Student (idStudent,name,pwd,email) values ('%s','%s','%s','%s');" \
                % (clean(id), name, pwd, email)
        db.execute(sql)
        sql = "delete from tempuser where id='%s';" % (clean(id))
        db.execute(sql)
        return 'success'
    else:
        return 'fail'
Example #6
0
def insertIntoTempUser(id, type, name, pwd, email):
    """将新申请的用户加入数据库"""
    sql = "insert into tempuser (id,type,name,pwd,email) values ('%s','%s','%s','%s','%s');" % (
        clean(id), clean(type), clean(name), clean(pwd), email)

        # email到底怎么防止注入呢orz 并不会啊,需要改进
    db.execute(sql)
Example #7
0
def submit_homework_vedio(idHomework, sid, content, tag):
    """学生提交作业 视频"""

    sql = "insert into Homework (idHomework,cid,sid,content,tag,type) values " \
          "('%s',(select cid from Student where idStudent='%s'),'%s','%s','%s','video')" \
          % (clean(idHomework), clean(sid), clean(sid), cleanLink(content), clean(tag))
    return db.execute(sql)
Example #8
0
def submit_homework(idHomework, sid, content, tag):
    """学生提交作业 三视图"""

    sql = "insert into Homework " \
          "(idHomework,cid,sid,content,tag) " \
          "values " \
          "('%s'," \
          "(select cid from Student where idStudent='%s')," \
          "'%s'," \
          "'%s'," \
          "'%s')" % (clean(idHomework), clean(sid), clean(sid), cleanLink(content), clean(tag))
    return db.execute(sql)
Example #9
0
def submit_homework(idHomework, sid, content, tag):
    """学生提交作业 三视图"""

    sql = "insert into Homework " \
          "(idHomework,cid,sid,content,tag) " \
          "values " \
          "('%s'," \
          "(select cid from Student where idStudent='%s')," \
          "'%s'," \
          "'%s'," \
          "'%s')" % (clean(idHomework), clean(sid), clean(sid), cleanLink(content), clean(tag))
    return db.execute(sql)
Example #10
0
def publish_res(tid, idInfo, detail, title):
    """教师发布课程 资源"""

    if not getTeacher(tid):
        return 't nt exist'

    # 需要加入判断内容长度的部分,防止内容转换后过长
    detail = text2Html(detail)
    title = clean(title)

    sql = '''insert into Info (tid,idInfo,detail,t‎itle,type) values  ('%s','%s','%s','%s','%s');''' \
          % (clean(tid), clean(idInfo), detail, title, 'res');

    db.execute(sql)
Example #11
0
def get_info_by_infoid_all(Iid):
    """使用信息id号查找消息 02"""

    sql='''
        select I.idInfo,I.t‎itle,I.date,I.type,T.name,I.tid,I.detail
        from Teacher as T,Info as I
        where T.idTeacher=I.tid and I.idInfo = %s
        ''' % clean(Iid)
    return db.get(sql)
Example #12
0
def publish_notif(tid, idInfo, detail, title):
    """教师发布课程 通知 """

    if not getTeacher(tid):
        return "t nt exist"

    # 需要加入判断内容长度的部分,防止内容转换后过长
    # detail = text2Html(detail)
    title = clean(title)

    sql = "insert into Info (tid,idInfo,detail,t‎itle) values  ('%s','%s','%s','%s');" % (
        clean(tid),
        clean(idInfo),
        detail,
        title,
    )

    db.execute(sql)
Example #13
0
def get_all_comments(stu):
    """获取教师的所有评语"""

    sql = "select comment,date,tag,type,idHomework " \
          "from Homework " \
          "where comment!='' and sid='%s' " \
          "order by date desc;" \
          % (clean(stu))

    return db.query(sql)
Example #14
0
def get_teacher_homework(uid):
    """获取教师所有作业"""

    # return db.Course.find({'tid': 'uid'})
    sql = """
            select Homework.cid,name,type,date,comment,idHomework,tag from Homework,Student
            where Homework.cid in (select idCourse from Course where tid='%s') and Student.idStudent = Homework.sid
            order by date desc;
            """ \
          % (clean(uid))
    return db.query(sql)
Example #15
0
def get_teacher_homework(uid):
    """获取教师所有作业"""

    # return db.Course.find({'tid': 'uid'})
    sql = """
            select Homework.cid,name,type,date,comment,idHomework,tag from Homework,Student
            where Homework.cid in (select idCourse from Course where tid='%s') and Student.idStudent = Homework.sid
            order by date desc;
            """ \
          % (clean(uid))
    return db.query(sql)
Example #16
0
def update_comment(hid, comment):
    """添加/修改作业的评语"""

    sql = 'update Homework set comment="%s" where idHomework="%s";' % (text2Html(comment), clean(hid))
    return db.execute(sql)
Example #17
0
def get_course(cid):
    """获取某个课序号的所有信息"""

    sql = "select * from Course where idCourse='%s';" % (clean(cid))
    return db.get(sql)
Example #18
0
def get_info(idInfo):
    """按照infoId获取info内容"""

    sql = "select * from Info where idInfo = '%s';" % (clean(idInfo))
    return db.get(sql)
Example #19
0
def stuLogin(uid, pwd):
    """学生登陆"""
    # return db.Student.find_one({}, {'user': clean(uid), 'password': clean(pwd)})
    sql = 'select * from Student where idStudent="%s" and pwd="%s"' % (
        clean(uid), clean(pwd))
    return db.get(sql)
Example #20
0
def get_student_course(uid):
    """获取学生参加的课程"""
    sql = 'select * from Course where idCourse in (select cid from Student where idStudent="%s");' % (clean(uid))
    return db.get(sql)
Example #21
0
def getStudent(uid):
    """获取某位学生信息"""
    sql = 'select * from Student where idStudent = "%s"' % (clean(uid))
    return db.get(sql)
Example #22
0
def get_teacher_notif(uid):
    """获取教师发布的所有信息"""

    sql = 'select * from Info where tid = "%s";' % (clean(uid))
    return db.query(sql)
Example #23
0
def get_my_homework(uid):
    """获取学生提交的所有作业"""

    sql = 'select * from Homework where sid="%s";' % (clean(uid))
    return db.query(sql)
Example #24
0
def get_info_by_infoid(Iid):
    """使用信息id号查找消息"""

    sql = "select * from Info where idInfo='%s';" % (clean(Iid))
    return db.get(sql)
Example #25
0
def teaLogin(uid, pwd):
    """教师登陆"""
    # return db.Teacher.find_one({}, {'user': clean(uid), 'password': clean(pwd)})
    sql = 'select * from Teacher where idTeacher="%s" and pwd="%s"' % (clean(uid), clean(pwd))
    return db.get(sql)
Example #26
0
def delete_notif(iid, tid):
    """教师删除发布的消息"""

    sql = 'delete from Info where tid="%s" and idInfo="%s"' % (clean(tid), clean(iid))
    db.execute(sql)
Example #27
0
def getATempUser(uid):
    """获取某一位临时用户"""
    sql = 'select * from tempuser where id="%s"' % (clean(uid))
    return db.get(sql)
Example #28
0
def getStudent(uid):
    """获取某位学生信息"""
    sql = 'select * from Student where idStudent = "%s"' % (clean(uid))
    return db.get(sql)
Example #29
0
def getTeacher(uid):
    """获取某位教师信息"""
    sql = "select * from Teacher where idTeacher='%s'" % (clean(uid))
    return db.get(sql)
Example #30
0
def teaLogin(uid, pwd):
    """教师登陆"""
    # return db.Teacher.find_one({}, {'user': clean(uid), 'password': clean(pwd)})
    sql = 'select * from Teacher where idTeacher="%s" and pwd="%s"' % (
        clean(uid), clean(pwd))
    return db.get(sql)
Example #31
0
def get_teacher_notif(uid):
    """获取教师发布的所有信息"""

    sql = 'select * from Info where tid = "%s";' % (clean(uid))
    return db.query(sql)
Example #32
0
def get_homework(hid):
    """根据作业id,获取某次作业"""

    sql = "select * from Homework where idHomework='%s';" % (clean(hid))
    return db.get(sql)
Example #33
0
def stuLogin(uid, pwd):
    """学生登陆"""
    # return db.Student.find_one({}, {'user': clean(uid), 'password': clean(pwd)})
    sql = 'select * from Student where idStudent="%s" and pwd="%s"' % (clean(uid), clean(pwd))
    return db.get(sql)
Example #34
0
def delete_homework(hid,sid):
    """删除已上传的作业"""

    sql= "delete from Homework where sid='%s' and idHomework='%s'" % (clean(sid),clean(hid))
    db.execute(sql)
Example #35
0
def get_my_homework(uid):
    """获取学生提交的所有作业"""

    sql = 'select * from Homework where sid="%s";' % (clean(uid))
    return db.query(sql)
Example #36
0
def getTeacher(uid):
    """获取某位教师信息"""
    sql = "select * from Teacher where idTeacher='%s'" % (clean(uid))
    return db.get(sql)
Example #37
0
def get_info_by_infoid(Iid):
    """使用信息id号查找消息"""

    sql = "select * from Info where idInfo='%s';" % (clean(Iid))
    return db.get(sql)
Example #38
0
def getATempUser(uid):
    """获取某一位临时用户"""
    sql = 'select * from tempuser where id="%s"' % (clean(uid))
    return db.get(sql)
Example #39
0
def get_my_student(uid):
    """获取老师的所有学生"""
    sql = 'select * from Student where cid in (select idCourse from Course where tid="%s");' % (
        clean(uid))
    return db.query(sql)
Example #40
0
def delete_notif(iid,tid):
    """教师删除发布的消息"""

    sql='delete from Info where tid="%s" and idInfo="%s"' % (clean(tid),clean(iid))
    db.execute(sql)
Example #41
0
def get_homework(hid):
    """根据作业id,获取某次作业"""

    sql = "select * from Homework where idHomework='%s';" % (clean(hid))
    return db.get(sql)
Example #42
0
def get_teacher_course_delete(uid):
    """获取教师可以删除的(不在开课状态的)课程"""

    # return db.Course.find({'tid': clean(uid), 'period': 0})
    sql = 'select * from Course where tid="%s" and state=0 ' % (clean(uid))
    return db.query(sql)
Example #43
0
def update_comment(hid, comment):
    """添加/修改作业的评语"""

    sql = 'update Homework set comment="%s" where idHomework="%s";' % (
        text2Html(comment), clean(hid))
    return db.execute(sql)
Example #44
0
def get_student_homework(uid):
    """获取该学生所有的作业"""

    sql = "select * from Homework where sid='%s';" % (clean(uid))
    return db.query(sql)
Example #45
0
def delete_homework(hid, sid):
    """删除已上传的作业"""

    sql = "delete from Homework where sid='%s' and idHomework='%s'" % (
        clean(sid), clean(hid))
    db.execute(sql)
Example #46
0
def set_course(uid, cid):
    """学生录入课序号"""

    sql = "update Student set cid='%s' where idStudent='%s';" % (clean(cid), clean(uid))
    db.execute(sql)
Example #47
0
def get_info(idInfo):
    """按照infoId获取info内容"""

    sql = "select * from Info where idInfo = '%s';" % (clean(idInfo))
    return db.get(sql)
Example #48
0
def get_teacher_course(uid):
    """获取该教师所有的课程"""

    # return db.Course.find({'tid': clean(uid)})
    sql = 'select * from Course where tid= "%s";' % (clean(uid))
    return db.query(sql)
Example #49
0
def get_my_student(uid):
    """获取老师的所有学生"""
    sql = 'select * from Student where cid in (select idCourse from Course where tid="%s");' % (clean(uid))
    return db.query(sql)