def stafflist_get(): _un, _role = loggeduser(request) if _un is None: return redirect('/login') if _role == 'parent': return '<h1>No authority!</h1><p>Login as admin please.</p>' return render_template('stafflist.html', loggeduser=_un)
def pg_parent_get(): # # get secret_key # get username, role, check role _un, _role = loggeduser(request) if _un is None: resp = redirect('/login') return resp # if role is incorrect, redirect if _role == 'admin' or _role == 'staff': resp = redirect('/admin') return resp # get child info _sk = request.cookies.get("secret_key", type=str) if _sk is None or _sk not in gv.logged: resp = redirect('/login') return resp pid = gv.logged[_sk]['id'] _status = get_child_status_by_pid(pid, _sk) _s = None if 'send' in gv.logged[_sk] and gv.logged[_sk]['send']: del gv.logged[_sk]['send'] _s = gv.logged[_sk]['secret'] # return page return render_template('index_parent.html', status=_status, loggeduser=_un, secret=_s)
def addstaff_get(): _un, _role = loggeduser(request) if _un is None: return redirect('/login') if _role == 'parent' or _role == 'staff': return '<h1>No authority!</h1><p>Parent can not add parent account, login as admin please.</p>' return render_template('addstaff.html', loggeduser=_un)
def alterstaff_get(): _un, _role = loggeduser(request) if _un is None: return redirect('/login') if _role == 'parent' or _role == 'staff': return '<h1>No authority!</h1><p>Login as admin please.</p>' _id = request.args.get('id') return render_template('alterstaff.html', loggeduser=_un, id=_id)
def childinfo_get(): _cid = request.args.get('id') if _cid is None: abort(404) _un, _role = loggeduser(request) return render_template('infopage.html', loggeduser=_un, uid=_cid, role='childinfo')
def error(e): app.logger.debug("error occurred: %s" % e) _un, _role = loggeduser(request) try: return render_template('error.html', code=int(e.code), loggeduser=_un) except Exception as e: app.logger.debug('exception is %s' % e) finally: return render_template('error.html', code=int(e.code), loggeduser=_un)
def addstatus_get(): _un, _role = loggeduser(request) if _un is None: return redirect('/login') if _role == 'parent': return '<h1>No authority!</h1><p>Login as admin or staff please.</p>' _type = request.args.get('type') if _type is None: abort(404) return render_template('addstatus.html', type=_type, loggeduser=_un)
def userinfo_get(): _un, _role = loggeduser(request) if _un is None: return redirect('/login') _sk = request.cookies.get("secret_key", type=str) _uid = gv.logged[_sk]['id'] _role = gv.logged[_sk]['role'].lower() + 'info' return render_template('infopage.html', loggeduser=_un, uid=_uid, role=_role)
def pg_admin_get(): # get username, role, check role _sk = request.cookies.get("secret_key", type=str) _un, _role = loggeduser(request) if _un is None: resp = redirect('/login') return resp if _role != 'admin' and _role != 'staff': resp = redirect('/login') return resp _s = None if 'send' in gv.logged[_sk] and gv.logged[_sk]['send']: del gv.logged[_sk]['send'] _s = gv.logged[_sk]['secret'] return render_template('index_admin.html', loggeduser=_un, role=_role, secret=_s)
def logoutpage(): _un, _role = loggeduser(request) if _un is not None: _sk = request.cookies.get("secret_key", type=str) del gv.logged[_sk] return redirect("/")
def file_get(): _fid = request.args.get('id') if _fid is None: abort(404) _un, _role = loggeduser(request) return render_template('file.html', loggeduser=_un, fid=_fid)
def filelist_get(): _un, _role = loggeduser(request) return render_template('filelist.html', loggeduser=_un)
def alterchild_get(): _cid = request.args.get('id') if _cid is None: abort(404) _un, _role = loggeduser(request) return render_template('alterchild.html', loggeduser=_un, cid=_cid)
def addchild_get(): _un, _role = loggeduser(request) return render_template('addchild.html', loggeduser=_un)
def about(): _un, _role = loggeduser(request) _infopg = _role.lower() + 'info' return render_template('about.html', loggeduser=_un, infopg=_infopg)
def upfile(): _un, _role = loggeduser(request) return render_template('upfile.html', loggeduser=_un)
def resetpw_get(): _un, _role = loggeduser(request) return render_template('resetpw.html', loggeduser=_un)
def login_page(): # get next_url next_url = request.form.get('next_url') if next_url is None: next_url = request.args.get('next_url') nu2 = "/" if next_url is not None: nu2 = parse.unquote(next_url) # login if request.method == 'POST': _sk = request.form.get('secret_key', type=str) _loginres = login() if _loginres['code'] == 0: # login successfully # check role and redirect _role = gv.logged[_sk]['role'] if _role == 'admin' or _role == 'staff': nu2 = 'admin' else: nu2 = 'parent' resp = redirect(nu2 or "/") # set cookies resp.set_cookie('username', gv.logged[_sk]['un'].encode("utf-8", "ignore"), max_age=259200) resp.set_cookie('secret_key', _sk.encode("utf-8", "ignore"), max_age=259200) resp.set_cookie('token', gv.logged[_sk]['token'].encode("utf-8", "ignore"), max_age=259200) gv.logged[_sk]['send'] = True return resp elif _loginres['code'] == 30: if _sk in gv.secrets: del gv.secrets[_sk] # already logged return redirect(nu2 or "/") else: # login failed if _sk in gv.secrets: del gv.secrets[_sk] _sec = get_secret() return render_template("login.html", next_url=next_url, secret=_sec['data'][0], errormsg=_loginres["msg"]) # GET _un, _role = loggeduser(request) if _un is not None: if _role in ['admin', 'staff']: resp = redirect('admin') return resp if _role == 'parent': resp = redirect('parent') return resp return redirect('about') _sec = get_secret() return render_template('login.html', next_url=next_url, secret=_sec['data'][0])