def alter(): if not admin_session_authentication(): abort(400) # TODO:安全隐患:uid来自form uid = request.form['uid'] name = request.form['name'] student_number = request.form['student_number'] login = request.form.get('login') if login == 'on': login = True else: login = False if not (name and student_number): return redirect('/search/all') t = get_db().execute('SELECT now_attendance_id FROM Users WHERE id=(?)', [uid]).fetchone() if not t: return redirect('/search/all') get_db().execute('UPDATE Users SET name=(?), student_number=(?) WHERE id=(?)', [name, student_number, uid]) get_db().commit() if (not(t['now_attendance_id'] and login)) and (t['now_attendance_id'] or login): if login: # 执行登录操作, machine_id 设为0 do_login_in_db(uid, 0) else: # 执行登出操作 do_logout_in_db(t['now_attendance_id'], uid) return redirect('/search/all')
def trigger(): # print(request.form['p']) machine_id, data = inspect_request(request) retransmission('/trigger', request.form['p']) res = get_db().execute('SELECT * FROM Users WHERE id=(?)', [data.get('id')]).fetchone() if res: try: if res['now_attendance_id']: do_logout_in_db(res['now_attendance_id'], data.get('id')) return json.dumps({ 'status': 'success', 'action': 'logout', 'name': res['name'], 'student_number': res['student_number'] }) else: do_login_in_db(data.get('id'), machine_id) return json.dumps({ 'status': 'success', 'action': 'login', 'name': res['name'], 'student_number': res['student_number'] }) except sqlite3.OperationalError: return json.dumps({ 'status': 'failed', 'message': 'operation error' }) else: return json.dumps({ 'status': 'failed', 'message': 'id not registered' })