Exemple #1
0
def forum_show(id):
    forum = db.select_one("SELECT T_Forum.*,T_User.name FROM T_Forum,T_User\
        WHERE id=%s AND T_Forum.author=T_User.username",[id])
    replies = db.select_all("SELECT T_Forum_Reply.*,T_User.name FROM T_Forum_Reply,T_User \
        WHERE forum_id=%s AND T_Forum_Reply.author=T_User.username ORDER BY created_at",[id])
    db.execute("UPDATE T_Forum SET read=read+1 WHERE id=%s",(id,))
    return render_template('forum/show.html',forum=forum,replies=replies)
Exemple #2
0
def custom_manage_edit(id):
    if request.method == 'GET':
        columns = db.select_all("SELECT * FROM T_Table_Column WHERE table_id=%s",[id])
        return render_template('custom/edit.html',columns=columns,id=id)
    else:
        i = 1
        table_name = db.select_one("SELECT name FROM T_Table_Index WHERE id=%s",(id,))[0]
        while('name-' + str(i) in request.form):
            name_value = request.form['name-' + str(i)]
            title_value = request.form['title-' + str(i)]
            type_value = request.form['type-' + str(i)]
            if type_value == 'VCHAR':
                column_type = 'VARCHAR(200)'
            elif type_value == 'TEXT':
                column_type = 'TEXT'
            elif type_value == 'UNCHANGE':
                column_type = 'VARCHAR(200)'
            elif type_value == 'LINK':
                column_type = 'VARCHAR(200)'
            else:
                column_type = 'VARCHAR(200)'
            db.execute("ALTER TABLE T_Custom_"+table_name+" ADD COLUMN "+ name_value +" "+column_type+";")
            db.execute("INSERT INTO T_Table_Column (table_id,name,title,type) VALUES(%s,%s,%s,%s);",\
                (id,name_value,title_value,type_value))
            i = i + 1
        return redirect(url_for('custom_manage_edit',id=id))
Exemple #3
0
def expense_new():
    if request.method == 'GET':
        return render_template('expense/new.html')
    else:
        author=session['user']['username']
        db.execute("INSERT INTO T_Expense(title,author,details,cost,finished) VALUES(%s,%s,%s,%s,%s);",\
            (request.form['title'],author,request.form['details'],request.form['cost'],request.form['finished']))
        return redirect(url_for('expense_index'))
Exemple #4
0
def custom_multi_show(table_name,id):
    table=db.select_one("SELECT * FROM T_Table_Index WHERE name=%s",[table_name])
    columns=db.select_all("SELECT * FROM T_Table_Column WHERE table_id=%s",
        [table['id']])
    item=db.select_one("SELECT T_Custom_"+table_name+".*,T_User.name as _author_name FROM T_Custom_"+table_name+\
        ",T_User WHERE T_Custom_"+table_name+"._author_by=T_User.username AND id=%s;",[id])
    db.execute("UPDATE T_Custom_"+table_name+" SET _read_times=_read_times+1 WHERE id=%s;",[id])
    return render_template('custom/multi/show.html',table=table,columns=columns,item=item)
Exemple #5
0
def forum_new():
    if request.method == 'GET':
        return render_template('forum/new.html')
    else:
        author=session['user']['username']
        db.execute("INSERT INTO T_Forum(title,author,content) VALUES(%s,%s,%s);",\
            (request.form['title'],author,request.form['content']))
        return redirect(url_for('forum_index'))
Exemple #6
0
def custom_manage_column_delete(id):
    results = db.select_one("SELECT name,table_id FROM T_Table_Column WHERE id=%s",(id,))
    column_name=results[0]
    table_id=results[1]
    table_name = db.select_one("SELECT name FROM T_Table_Index WHERE id=%s",(table_id,))[0]
    db.execute("ALTER TABLE T_Custom_"+table_name+" DROP COLUMN "+ column_name +";")
    db.execute("DELETE FROM T_Table_Column WHERE id=%s",[id])
    return redirect(url_for('custom_manage'))
Exemple #7
0
def user_new():
    if request.method == 'GET':
        return render_template('user/new.html')
    else:
        password_md5 = hashlib.md5(request.form['password'].encode('utf-8')).hexdigest()
        db.execute("INSERT INTO T_User(username,name,password) VALUES(%s,%s,%s);",\
            (request.form['username'],request.form['name'],password_md5))
        return redirect(url_for('user_index'))
Exemple #8
0
def account_index():
    username=session['user']['username']
    if request.method == 'GET':
        user=db.select_one("SELECT * FROM T_User WHERE username=%s",(username,))
        return render_template('account/index.html',user=user)
    else:
        db.execute("UPDATE T_User SET name=%s,email=%s,email_public=%s WHERE username=%s",\
            (request.form['name'],request.form['email'],request.form['email_public'],username))
        return redirect(url_for('account_index'))
Exemple #9
0
def wiki_new():
    if request.method == "GET":
        return render_template("wiki/new.html")
    else:
        author = session["user"]["username"]
        db.execute(
            "INSERT INTO T_wiki(title,author,content) VALUES(%s,%s,%s);",
            (request.form["title"], author, request.form["content"]),
        )
        return redirect(url_for("wiki_index"))
Exemple #10
0
def wiki_edit(id):
    if request.method == "GET":
        wiki = db.select_one("SELECT * FROM T_Wiki WHERE id=%s", [id])
        return render_template("wiki/edit.html", wiki=wiki)
    else:
        author = session["user"]["username"]
        db.execute("UPDATE T_Wiki SET old=True where id=%s", [id])
        db.execute(
            "INSERT INTO T_Wiki (title,author,content) VALUES(%s,%s,%s);",
            (request.form["title"], author, request.form["content"]),
        )
        return redirect(url_for("wiki_index"))
Exemple #11
0
def resource_folder_new(parent):
    author=session['user']['username']
    if parent == 0:
        level = 1
    else:
        level = db.select_one("SELECT level FROM T_Resource_Folder WHERE id=%s;",(parent,))[0] + 1
    db.execute("INSERT INTO T_Resource_Folder(title,author,level,parent) VALUES(%s,%s,%s,%s);",\
        (request.form['title'],author,level,parent))
    if parent == 0:
        return redirect(url_for('resource_index'))
    else:
        return redirect(url_for('resource_folder_show',id=parent))
Exemple #12
0
def resource_folder_delete(id):
    folders=db.select_one("SELECT COUNT(id) FROM T_Resource_Folder WHERE parent=%s;",(id,))[0]
    files=db.select_one("SELECT COUNT(id) FROM T_Resource_File WHERE folder_id=%s;",(id,))[0]
    if folders==0 and files==0:
        parent=db.select_one("SELECT parent FROM T_Resource_Folder WHERE id=%s;",(id,))[0]
        db.execute("DELETE FROM T_Resource_Folder WHERE id=%s;",(id,))
        if parent:
            return redirect(url_for('resource_folder_show',id=parent))
        else:
            return redirect(url_for('resource_index'))
    else:
        abort(404)
Exemple #13
0
def schedule_new():
    if request.method == 'GET':
        return render_template('schedule/new.html')
    else:
        username=session['user']['username']
        weekday =  datetime.datetime.strptime(request.form['begin_date'],'%Y-%m-%d').weekday()
        db.execute("INSERT INTO T_Schedule(username,title,description,begin_date,begin_time,duration,\
            repeat,state,private,position,weekday) VALUES(%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s);",
            (username,request.form['title'],request.form['description'],request.form['begin_date'],
            request.form['begin_time'],request.form['duration'],request.form['repeat'],request.form['state'],
            ('private' in request.form),request.form['position'],weekday))
        return redirect(url_for('schedule_index'))
Exemple #14
0
def custom_multi_new(table_name):
    table=db.select_one("SELECT * FROM T_Table_Index WHERE name=%s",[table_name])
    columns=db.select_all("SELECT * FROM T_Table_Column WHERE table_id=%s",
        [table['id']])
    if request.method == 'GET':
        return render_template('custom/multi/new.html',table=table,columns=columns)
    else:
        vars=[]
        for c in columns:
            vars.append(request.form[c['name']])
        db.execute("INSERT INTO T_Custom_"+table['name']+"(_author_by,"+','.join([x['name'] for x in columns])+") "+
            "VALUES(%s,'"+ "','".join(vars)+"');",[session['user']['username']])
        return redirect(url_for('custom_multi_index',table_name=table['name']))
Exemple #15
0
def account_resume():
    username=session['user']['username']
    if request.method == 'GET':
        user=db.select_one("SELECT * FROM T_User WHERE username=%s",(username,))
        return render_template('account/resume.html',user=user)
    else:
        file = request.files['photo']
        if file:
            filename = uploader.save_image_file(file)
            db.execute("UPDATE T_User SET position=%s,grade=%s,resume=%s,photo=%s WHERE username=%s",\
                (request.form['position'],request.form['grade'],request.form['resume'],filename,username))
        else:
            db.execute("UPDATE T_User SET position=%s,grade=%s,resume=%s WHERE username=%s",\
                (request.form['position'],request.form['grade'],request.form['resume'],username))
        return redirect(url_for('account_index'))
Exemple #16
0
def resource_file_new(folder):
    author=session['user']['username']
    file = request.files['file']
    if file:
        filename = uploader.save_resource_file(file)
    if 'public' in request.form:
        public = True
    else:
        public = False
    if folder == 0:
        db.execute("INSERT INTO T_Resource_File(title,author,filename,public) VALUES(%s,%s,%s,%s);",\
            (request.form['title'],author,filename,public))
    else:
        db.execute("INSERT INTO T_Resource_File(title,author,filename,folder_id,public) VALUES(%s,%s,%s,%s,%s);",\
            (request.form['title'],author,filename,folder,public))
    return redirect(url_for('resource_folder_show',id=folder))
Exemple #17
0
def schedule_edit(id):
    if request.method == 'GET':
        schedule = db.select_one("SELECT * FROM T_schedule WHERE id=%s",[id])
        return render_template('schedule/edit.html',schedule=schedule)
    else:
        username=session['user']['username']
        author=db.select_one("SELECT username FROM T_Schedule WHERE id=%s",[id])[0]
        if not author==username:
            abort(401)
        weekday =  datetime.datetime.strptime(request.form['begin_date'],'%Y-%m-%d').weekday()
        db.execute("UPDATE T_schedule SET title=%s,description=%s,begin_date=%s,begin_time=%s,\
            duration=%s,repeat=%s,state=%s,private=%s,position=%s,weekday=%s WHERE id=%s;",\
            (request.form['title'],request.form['description'],request.form['begin_date'],
            request.form['begin_time'],request.form['duration'],request.form['repeat'],request.form['state'],
            ('private' in request.form),request.form['position'],weekday,id))
        return redirect(url_for('schedule_index'))
Exemple #18
0
def custom_multi_edit(table_name,id):
    table=db.select_one("SELECT * FROM T_Table_Index WHERE name=%s",[table_name])
    columns=db.select_all("SELECT * FROM T_Table_Column WHERE table_id=%s",
        [table['id']])
    if request.method == 'GET':
        item=db.select_one("SELECT T_Custom_"+table_name+".*,T_User.name as _author_name FROM T_Custom_"+table_name+\
            ",T_User WHERE T_Custom_"+table_name+"._author_by=T_User.username AND id=%s;",[id])
        return render_template('custom/multi/edit.html',table=table,columns=columns,item=item)
    else:
        vars=[]
        for c in columns:
            vars.append(c['name'] + "='" + request.form[c['name']] +"'")
        username=session['user']['username']
        db.execute("UPDATE T_Custom_" + table['name'] + " SET "+','.join(vars)+",_author_by=%s,\
            _updated_at=%s WHERE id=%s",[username, time.strftime('%Y-%m-%d %X',time.localtime(time.time())),id])
        return redirect(url_for('custom_multi_index',table_name=table['name']))
Exemple #19
0
def account_signin():
    if request.method == 'GET':
        return render_template('account/signin.html')
    else:
        user = db.select_one("SELECT * FROM T_User WHERE username=%s AND password=%s AND state=TRUE",\
            [request.form['username'],hashlib.md5(request.form['password'].encode('utf-8')).hexdigest()])
        if user:
            session['user'] = dict(user)
            ip = request.remote_addr
            db.execute("UPDATE T_User SET last_sign_in_at=current_sign_in_at, last_sign_in_ip=current_sign_in_ip,\
                current_sign_in_at=NOW(),current_sign_in_ip=%s WHERE username=%s",\
                (ip,request.form['username']))
            return redirect(url_for('home_index'))
        else:
            flash('用户名或密码错误!请重试。')
            return render_template('account/signin.html')
Exemple #20
0
def account_secure():
    username=session['user']['username']
    if request.method == 'GET':
        user=db.select_one("SELECT * FROM T_User WHERE username=%s",(username,))
        return render_template('account/secure.html',user=user)
    else:
        if request.form['new_password'] == request.form['repeat_password']:
            result = db.select_one("SELECT COUNT(*) FROM T_User WHERE username=%s AND password=%s",\
                [username,hashlib.md5(request.form['old_password'].encode('utf-8')).hexdigest()])[0]
            if result > 0:
                db.execute("UPDATE T_User SET password=%s WHERE username=%s",\
                    (hashlib.md5(request.form['new_password'].encode('utf-8')).hexdigest(),username))
                return redirect(url_for('account_index'))
            else:
                return redirect(url_for('account_index'))
        else:
            return redirect(url_for('account_index'))
Exemple #21
0
def user_edit(username):
    if request.method == 'GET':
        user = db.select_one("SELECT * FROM T_User WHERE username=%s;",[username])
        return render_template('user/edit.html',user=user)
    else:
        file = request.files['photo']
        if file:
            filename = uploader.save_image_file(file)
            db.execute("UPDATE T_User SET auth_expense_approve=%s,state=%s,rank=%s,name=%s,email=%s,email_public=%s,\
                position=%s,grade=%s,resume=%s,photo=%s WHERE username=%s",\
                (('auth_expense_approve' in request.form),('state' in request.form),request.form['rank'],\
                request.form['name'],request.form['email'],request.form['email_public'],\
                request.form['position'],request.form['grade'],request.form['resume'],filename,username))
        else:
            db.execute("UPDATE T_User SET auth_expense_approve=%s,state=%s,rank=%s,name=%s,email=%s,email_public=%s,\
            position=%s,grade=%s,resume=%s WHERE username=%s",\
                (('auth_expense_approve' in request.form),('state' in request.form),request.form['rank'],\
                request.form['name'],request.form['email'],request.form['email_public'],\
                request.form['position'],request.form['grade'],request.form['resume'],username))
        return redirect(url_for('user_index'))
Exemple #22
0
def custom_single_edit(table_name):
    table=db.select_one("SELECT * FROM T_Table_Index WHERE name=%s",[table_name])
    columns=db.select_all("SELECT * FROM T_Table_Column WHERE table_id=%s",[table['id']])
    if request.method == 'GET':
        item=db.select_one("SELECT id,"+','.join([x['name'] for x in columns])+" FROM T_Custom_"+table_name+\
            " ORDER BY id DESC LIMIT 1;")
        editors=len([x for x in columns if x['type']=='TEXT'])
        return render_template('custom/single/edit.html',table=table,columns=columns,item=item,editors=editors)
    else:
        vars=[]
        count=db.select_one("SELECT COUNT(id) FROM T_Custom_"+table['name'])[0]
        if count>0:
            for c in columns:
                vars.append(c['name'] + "='" + request.form[c['name']] +"'")
            db.execute("UPDATE T_Custom_" + table['name'] + " SET "+','.join(vars)+" WHERE id=\
                (select id from T_Custom_" + table['name'] +" ORDER BY id DESC LIMIT 1)")
        else:
            for c in columns:
                vars.append(request.form[c['name']])
            db.execute("INSERT INTO T_Custom_" + table['name'] + "("+','.join([x['name'] for x in columns])+") "+
                "VALUES('"+"','".join(vars)+"');")
        return redirect(url_for('custom_single_index',table_name=table['name']))
Exemple #23
0
def custom_manage_new():
    if request.method == 'GET':
        return render_template('custom/new.html')
    else:
        multi= 'multi' in request.form
        db.execute("INSERT INTO T_Table_Index(name,title,multi) VALUES(%s,%s,%s);",\
            (request.form['name'],request.form['title'],multi))
        table_name="T_Custom_"+ request.form['name']
        if multi:
            db.execute("DROP TABLE IF EXISTS "+table_name+";CREATE TABLE "+table_name+"(id SERIAL PRIMARY KEY,\
                _read_times INTEGER DEFAULT 0,\
                _author_by VARCHAR(20),\
                _updated_at TIMESTAMP DEFAULT NOW() );")
        else:
            db.execute("DROP TABLE IF EXISTS "+table_name+";CREATE TABLE "+table_name+"(id SERIAL PRIMARY KEY);")
        return redirect(url_for('custom_manage'))
Exemple #24
0
def resource_file_delete(id):
    file = db.select_one("SELECT * FROM T_Resource_File WHERE id=%s;",[id])
    os.remove(os.path.join('rtiss/'+app.config['RESOURCE_FOLDER'],file['filename']))
    db.execute("DELETE FROM T_Resource_File WHERE id=%s",[id])
    return redirect(url_for('resource_index'))
Exemple #25
0
def schedule_delete(id):
    db.execute("DELETE FROM T_schedule WHERE id=%s",[id])
    return redirect(url_for('schedule_index'))
Exemple #26
0
def wiki_delete(id):
    db.execute("DELETE FROM T_wiki WHERE id=%s", [id])
    return redirect(url_for("wiki_index"))
Exemple #27
0
def custom_multi_delete(table_name,id):
    db.execute("DELETE FROM T_Custom_"+table_name+" WHERE id=%s;",[id])
    return redirect(url_for("custom_multi_index",table_name=table_name))
Exemple #28
0
def expense_delete(id):
    db.execute("DELETE FROM T_expense WHERE id=%s",[id])
    return redirect(url_for('expense_index'))
Exemple #29
0
def expense_approve(id):
    username=session['user']['username']
    db.execute("UPDATE T_expense SET approved=TRUE, approved_by=%s WHERE id=%s;",[username,id])
    return redirect(url_for('expense_index'))
Exemple #30
0
def custom_manage_delete(id):
    table_name = db.select_one("SELECT name FROM T_Table_Index WHERE id=%s",(id,))[0]
    db.execute("DROP TABLE IF EXISTS T_Custom_"+table_name+" ;")
    db.execute("DELETE FROM T_Table_Column WHERE table_id=%s",[id])
    db.execute("DELETE FROM T_Table_Index WHERE id=%s",[id])
    return redirect(url_for('custom_manage'))