def person():
user_id = session.get('user_id')
if request.method == 'POST':
username = request.form['username']
name = request.form['name']
email = request.form['email']
phone = request.form['phone']
workplace = request.form['workplace']
title = request.form['title']
db = get_db()
error = None
# confirm the email format
email_pattern = r'^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$'
if not username:
error = 'Username is required.'
elif not name:
error = 'Name is required.'
elif not re.match(email_pattern, email):
error = 'Email format is not right.'
elif not (len(phone) == 11 or len(phone) == 10):
error = 'Phone number is not right.'
elif not workplace:
error = 'Workplace is required.'
elif not (title != "0"):
error = 'Title is required.'
elif username == g.user["username"]:
error = None
elif db.execute(
'SELECT id FROM user WHERE username = ?', (username,)
).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
else:
error = None
if error is None:
db.execute(
'UPDATE user SET username = ?, name = ?, email = ?, phone = ?, workplace = ?, title = ?'
' WHERE id = ?',
(username, name, email, phone, workplace, title, user_id)
)
db.commit()
g.user = get_db().execute(
'SELECT * FROM user WHERE id = ?', (user_id,)
).fetchone()
return render_template('manage/person.html')
flash(error)
return render_template('manage/person.html')
def upload_file():
user_id = session.get('user_id')
if user_id is None:
return render_template('/auth/login.html')
db = get_db()
test = db.execute('SELECT id FROM abstract WHERE user_id = ?',
(user_id, )).fetchone()
if test is not None:
flash('Can\'t upload twice')
return redirect('/my/submit')
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit an empty part without filename
if file.filename == '':
flash('No selected file')
return redirect(request.url)
if file and allowed_file(file.filename):
timestamp = round(time.time())
filename = '%d+%d+%s' % (timestamp, user_id, file.filename)
db.execute(
'INSERT INTO abstract (user_id, filename, state) VALUES(?, ?, ?)',
(user_id, filename, 0))
db.commit()
db.execute('UPDATE user SET submit = ? WHERE id = ?',
(True, user_id))
db.commit()
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
return redirect('/my/submit')
return render_template('/manage/submit.html')
def pay():
user_id = session.get('user_id')
if request.method == 'POST':
serial = request.form['serial']
title = request.form['title']
db = get_db()
error = None
if not title:
error = '请填写发票抬头'
elif not serial:
error = '请填写纳税人识别号'
else:
error = None
if error is None:
error = "提交成功"
db.execute(
'UPDATE invoice SET invoice_title = ?, serial_num = ?'
' WHERE user_id = ?',
(title, serial, user_id)
)
db.commit()
flash(error)
return render_template('manage/fee.html')
if request.method == 'GET':
return render_template('manage/fee.html')
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def load_logged_in_admin():
admin_id = session.get('admin_id')
if admin_id is None:
g.admin = None
else:
g.admin = get_db().execute(
'SELECT * FROM admin WHERE id = ?', (admin_id,)
).fetchone()
def submit():
user_id = session.get('user_id')
db = get_db()
user = db.execute(
'SELECT paid FROM user WHERE id = ?', (user_id,)
).fetchone()
if user["paid"] == "False":
return redirect(url_for('manage.index'))
abstract = db.execute(
'SELECT id, filename, created, state FROM abstract WHERE user_id = ?', (user_id,)
).fetchone()
return render_template('manage/submit.html', abstract = abstract)
def fee():
db = get_db()
invoices = db.execute(
'SELECT * FROM invoice'
).fetchall()
invoices_data = list()
for invoice in invoices:
user = invoice["user_id"]
name = db.execute(
'SELECT * FROM user WHERE id = ?', (user,)
).fetchone()["name"]
invoices_data.append(dict(user_id=name, created=invoice["created"], invoice_title=invoice["invoice_title"], serial_num=invoice["serial_num"]))
return render_template('root/fee.html', invoices=invoices_data)
def abstract_examine_no(id):
db = get_db()
abstract = db.execute(
'SELECT * FROM abstract WHERE id = ?', (id,)
).fetchone()
if abstract is None:
abort(404)
else:
db.execute(
'UPDATE abstract SET state = ? WHERE id = ?',
(2, id)
)
db.commit()
return redirect(url_for('admin.abstract'))
def abstract():
db = get_db()
abstracts_raw = db.execute(
'SELECT * FROM abstract'
).fetchall()
abstracts = list()
for abstract in abstracts_raw:
user = abstract["user_id"]
name = db.execute(
'SELECT * FROM user WHERE id = ?', (user,)
).fetchone()["name"]
abstracts.append(dict(
user_id=name, filename=abstract['filename'], id=abstract['id'], created=abstract['created'], state=abstract['state']))
return render_template('root/abstract.html', abstracts=abstracts)
def download_file(file_id):
user_id = session.get("user_id")
admin_id = session.get("admin_id")
if user_id is None and admin_id is None:
return redirect("/index")
db = get_db()
abstract = db.execute('SELECT filename FROM abstract WHERE id = ?',
(file_id, )).fetchone()
if abstract is None:
return abort(404)
else:
return send_from_directory(os.path.realpath(
app.config['UPLOAD_FOLDER']),
abstract["filename"],
as_attachment=True)
def reset():
error = None
if request.method == 'GET':
session.clear()
email_address = request.args.get('target')
if not email_address:
return render_template('auth/reset.html')
# confirm the email format
email_pattern = r'^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$'
if not re.match(email_pattern, email_address):
error = 'Email format is not right.'
return json.dumps({'code': 2, 'content': error})
db = get_db()
user = db.execute('SELECT * FROM user WHERE email = ?',
(email_address, )).fetchone()
if user is None:
error = 'Incorrect email address.'
return json.dumps({'code': 2, 'content': error})
else:
code = ''
for i in range(6):
code += str(random.randint(1, 9))
send_verify_code(email_address, code)
error = 'Verification code has been sent'
session.clear()
session['code'] = code
session['email'] = email_address
return json.dumps({"code": 1, 'content': error})
if request.method == 'POST':
error = None
code = session.get('code')
print(code)
if code is None:
error = "Verification code is invalid. Resend it."
return json.dumps({'code': 2, 'content': error})
email_ = request.form['email']
pass_ = request.form['password']
if pass_ == session['code'] and session['email'] == email_:
return json.dumps({'code': 1, 'content': "success"})
error = 'Verification code is not correct.'
return json.dumps({'code': 2, 'content': error})
def pay_examine_yes(id):
db = get_db()
user = db.execute(
'SELECT * FROM user WHERE id = ?', (id,)
).fetchone()
if user is None:
abort(404)
else:
db.execute(
'UPDATE user SET paid = ? WHERE id = ?',
("True", id)
)
db.commit()
db.execute(
"INSERT INTO invoice (user_id) VALUES( ? ) ", (id, )
)
db.commit()
return redirect(url_for('admin.guest'))
def pay_examine_no(id):
print(type(id))
db = get_db()
user = db.execute(
'SELECT * FROM user WHERE id = ?', (id, )
).fetchone()
if user is None:
abort(404)
else:
db.execute(
'UPDATE user SET paid = ? WHERE id = ?',
("False", id)
)
db.commit()
db.execute(
"DELETE FROM invoice WHERE user_id = ? ", (id, )
)
db.commit()
return redirect(url_for('admin.guest'))
def change():
email = session.get('email')
if email is None:
return redirect(url_for('auth.login'))
if request.method == 'GET':
return render_template("auth/change_pass.html")
if request.method == 'POST':
error = None
repassword = request.form['repassword']
password = request.form['password']
if password == repassword:
db = get_db()
db.execute('UPDATE user SET password = ? WHERE email = ?',
(generate_password_hash(password), email))
db.commit()
return redirect(url_for('auth.login'))
else:
error = "Two passwords are different"
flash(error)
return render_template("auth/change_pass.html")
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('manage.index'))
flash(error)
return render_template('auth/login.html')
def delete_upload_file():
user_id = session.get('user_id')
if user_id is None:
return redirect(url_for('auth.login'))
abstract_id = request.args.get('id')
db = get_db()
abstract = db.execute('SELECT filename FROM abstract WHERE id = ?',
(abstract_id, )).fetchone()
if abstract is not None:
filename = abstract['filename']
try:
os.remove(os.path.join(app.config['UPLOAD_FOLDER'], filename))
except Exception as e:
print(e.__str__)
db.execute('Delete FROM abstract WHERE id = ?', (abstract_id, ))
db.commit()
db.execute('UPDATE user SET submit = ? WHERE id = ?',
(False, user_id))
db.commit()
return redirect(url_for('manage.submit'))
return redirect(url_for('manage.submit'))
def index():
db = get_db()
users = db.execute(
'SELECT * FROM user'
).fetchall()
invoices = db.execute(
'SELECT * FROM invoice'
).fetchall()
abstracts = db.execute(
'SELECT * FROM abstract'
).fetchall()
num_bc, num_st = 0, 0
for user in users:
if user["requirement_baby_care"] == 1:
num_bc += 1
if user["requirement_simultaneous_transmission"] == 1:
num_st += 1
return render_template('root/index.html', num_user=len(users), num_invoice=len(invoices), num_abstract=len(abstracts), num_bc=num_bc, num_st=num_st)
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
name = request.form['name']
email = request.form['email']
phone = request.form['phone']
workplace = request.form['workplace']
title = request.form['title']
repassword = request.form['repassword']
gender = request.form['gender']
requirements = request.form.getlist('requirement')
baby_care = False
translate = False
if len(requirements) == 0:
pass
elif len(requirements) == 1:
if requirements[0] == "1":
baby_care = True
else:
translate = True
else:
baby_care = True
translate = True
db = get_db()
error = None
# confirm the email format
email_pattern = r'^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$'
if not username:
error = 'Username is required.'
elif not (len(password) > 5):
error = 'At least 6 characters.'
elif not (password == repassword):
error = 'Two passwords are inconsistent.'
elif not name:
error = 'Name is required.'
elif not re.match(email_pattern, email):
error = 'Email format is not right.'
elif not workplace:
error = 'Workplace is required.'
elif not (title != "0"):
error = 'Title is required.'
elif not (gender != "0"):
error = 'Gender is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
elif db.execute('SELECT id FROM user WHERE email = ?',
(email, )).fetchone() is not None:
error = 'Email {} is already registered.'.format(email)
if error is None:
db.execute(
'INSERT INTO user (username, password, name, email, phone, workplace, title, gender, requirement_baby_care, requirement_simultaneous_transmission) VALUES(?,?,?,?,?,?,?,?,?,?)',
(username, generate_password_hash(password), name, email,
phone, workplace, title, gender, baby_care, translate))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def guest():
db = get_db()
users = db.execute(
'SELECT * FROM user'
).fetchall()
return render_template('root/guest.html', users=users)