def uploadArtical():
uid = web_helper.get_form('id', '主键(时间戳)')
tit = str(
base64.b64decode(web_helper.get_form('tit', '标题').replace(" ", "+")),
"utf-8")
txt = web_helper.get_form('txt', '内容').replace(" ", "+")
tip = str(
base64.b64decode(web_helper.get_form('tip', '标签').replace(" ", "+")),
"utf-8")
newArt = web_helper.get_form('new', '是否是新文章')
if ("n" == newArt):
insert = """
insert into "articaltable" ("id", "artical_name", "artical_type", "likesnum", "answernum", "readnum", "artical")
values (%s, %s, %s, 0, 0, 0, %s)
"""
data = (uid, tit, tip, txt)
beTip = db_helper.write(insert, data)
else:
updata = """
UPDATE "articaltable"
SET "artical_name"= %s, "artical_type"= %s, "artical" = %s
WHERE id=%s;
"""
data = (tit, tip, txt, uid)
beTip = db_helper.write(updata, data)
print(beTip, uid, tit, txt, tip)
return web_helper.return_msg(-1 if (beTip == "False") else 0, '上传成功')
def callback(id):
"""
修改记录
"""
name = web_helper.get_form('name', '产品名称')
code = web_helper.get_form('code', '产品编码')
product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
standard = web_helper.get_form('standard', '产品规格')
quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
place_of_origin = web_helper.get_form('place_of_origin', '产地')
front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
content = web_helper.get_form('content', '产品描述', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))
# 编辑记录
sql = """
update product
set name=%s, code=%s, product_class_id=%s, standard=%s, quality_guarantee_period=%s,
place_of_origin=%s, front_cover_img=%s, content=%s, is_enable=%s
where id=%s returning id"""
vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content,
is_enable, id)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback():
"""
新增记录
"""
name = web_helper.get_form('name', '产品名称')
code = web_helper.get_form('code', '产品编码')
product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
standard = web_helper.get_form('standard', '产品规格')
quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
place_of_origin = web_helper.get_form('place_of_origin', '产地')
front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
content = web_helper.get_form('content', '产品描述', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))
# 添加记录(使用returning这个函数能返回指定的字段值,这里要求返回新添加记录的自增id值)
sql = """insert into product (name, code, product_class_id, standard, quality_guarantee_period,
place_of_origin, front_cover_img, content, is_enable)
values (%s, %s, %s, %s, %s, %s, %s, %s, %s) returning id"""
vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback(id):
name = web_helper.get_form('name', '', False)
is_enable = convert_helper.to_int_default(
web_helper.get_form('is_enable', '', False), 0)
sql = '''update product_class set name=%(name)s ,is_enable=%(is_enable)s where id=%(id)s returning id'''
par = {'name': name, 'is_enable': is_enable, 'id': id}
result = db_helper.write(sql, par)
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, '失败')
def record():
name = web_helper.get_form('name', '姓名为空', False)
cardno = web_helper.get_form('cardno', '准考证号为空', False)
ip = web_helper.get_ip()
print(name, cardno, ip)
sql = '''insert into searchrecord (name,cardno,ip) VALUES (%(name)s,%(cardno)s,%(ip)s) returning id'''
par = {'name': name, 'cardno': cardno, 'ip': ip}
result = db_helper.write(sql, par)
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, '失败')
def callback():
name = web_helper.get_form('name', '', False)
is_enable = convert_helper.to_int_default(
web_helper.get_form('is_enable', '', False), 0)
sql = '''insert into product_class (name,is_enable) VALUES (%(name)s,%(is_enable)s) returning id'''
par = {'name': name, 'is_enable': is_enable}
result = db_helper.write(sql, par)
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, '失败')
def get_visit():
scanEmail_helper.fun_timer()
ip_inner = web_helper.get_ip()
ip_outer = web_helper.get_query("IP", "ip_outer")
province = web_helper.get_query('province', '省')
city = web_helper.get_query('city', '市')
district = web_helper.get_query('district', '区县')
sql = """SELECT code FROM "cityInfomation" WHERE name = '%s' and "parentCode" = (select code from "cityInfomation" where name = '%s')""" % (
district,
city,
)
manager_result = db_helper.read(sql)
# 判断用户记录是否存在
code = manager_result[0].get('code', '').rstrip()
sql_2 = """SELECT COUNT(1) FROM "visitRecode" WHERE code='%s'""" % (code)
recode_result = db_helper.read(sql_2)
count = recode_result[0].get('count', '')
if count > 0:
sql = """
UPDATE "visitRecode"
SET valueindex=valueindex+1
WHERE code='%s';
""" % (code)
data = ()
db_helper.write(sql, data)
else:
t = int(time.time())
insert = """
insert into "visitRecode" ("dateTime", "visitIP", "code", "ip_inner", valueIndex)
values (%s, %s, %s, %s, 1)
"""
data = (t, ip_outer, code, ip_inner)
db_helper.write(insert, data)
return web_helper.return_msg(0, 'success')
def test(self):
# 新增记录,不带return参数
sql = """
INSERT INTO product_class(
name, is_enable)
VALUES (%s, %s)
"""
data = ('糖果', 1)
result = db_helper.write(sql, data)
print(result)
# 新增记录,使用return参数返回新增id
sql = """
INSERT INTO product_class(
name, is_enable)
VALUES (%s, %s)
RETURNING id;
"""
data = ('饼干', 1)
result = db_helper.write(sql, data)
print(result)
# 修改不存在的记录
sql = """
UPDATE product_class
SET name=%s, is_enable=%s
WHERE id=10000
RETURNING id;
"""
data = ('糖果', 1)
result = db_helper.write(sql, data)
print(result)
# 查询记录
sql = """
SELECT * FROM product_class
"""
result = db_helper.read(sql)
print(result)
def callback():
"""
修改记录
"""
front_cover_img = web_helper.get_form('front_cover_img', '图片')
content = web_helper.get_form('content', '内容', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
# 更新记录
sql = """update infomation set front_cover_img=%s, content=%s where id=1"""
vars = (
front_cover_img,
content,
)
# 写入数据库
db_helper.write(sql, vars)
# 直接输出json
return web_helper.return_msg(0, '成功')
def callback(id):
"""
删除指定记录
"""
# 编辑记录
sql = """delete from product where id=%s returning id"""
vars = (id,)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "删除失败")
def callback(id):
"""
修改记录
"""
name = web_helper.get_form('name', '分类名称')
is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))
# 编辑记录
sql = """update product_class set name=%s, is_enable=%s where id=%s returning id"""
vars = (name, is_enable, id)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback():
"""
新增记录
"""
name = web_helper.get_form('name', '分类名称')
is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))
# 添加记录(使用returning这个函数能返回指定的字段值,这里要求返回新添加记录的自增id值)
sql = """insert into product_class (name, is_enable) values (%s, %s) returning id"""
vars = (name, is_enable)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback():
id = web_helper.get_query('id', '', False)
id = convert_helper.to_int_default(id, 0)
# 判断分类有没有被引用
sql = 'select count(1) as records from product where product_class_id=%s' % str(
id)
result = db_helper.read(sql)
if result and result[0].get('records', -1) > 0:
return web_helper.return_msg(-1, '该分类已被引用,请清除对该分类的绑定后再来删除')
else:
sql = 'delete from product_class where id=%s returning id' % (id)
val = (id)
result = db_helper.write(sql, val)
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, '失败')
def deleteArtical():
uid = web_helper.get_form('uid', '主键(时间戳)')
deleteArtical = """
delete from "articaltable" where id = %s
"""
data = (uid, )
beTip = db_helper.write(deleteArtical, data)
if beTip == "False":
return web_helper.return_msg(
-1,
'删除失败',
)
else:
selectArticalList = """
select "id", "artical_name", "artical_type", "likesnum", "answernum", "readnum" from "articaltable"
"""
recode_result = db_helper.read(selectArticalList)
return web_helper.return_msg(0, '删除成功', recode_result)
def callback():
"""
修改记录
"""
content = web_helper.get_form('content', '内容', is_check_special_char=False)
# 防sql注入攻击处理
content = string_helper.filter_str(content, "'")
# 防xss攻击处理
content = string_helper.clear_xss(content)
# 更新记录
sql = """update infomation set content=%s where id=2 returning id"""
vars = (content, )
# 写入数据库
result = db_helper.write(sql, vars)
if result and result[0].get('id'):
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "提交失败")
def callback(id):
"""
删除指定记录
"""
# 判断该分类是否已经被引用,是的话不能直接删除
sql = """select count(*) as total from product where product_class_id=%s""" % (id,)
# 读取记录
result = db_helper.read(sql)
if result and result[0].get('total', -1) > 0:
return web_helper.return_msg(-1, "该分类已被引用,请清除对该分类的绑定后再来删除")
# 编辑记录
sql = """delete from product_class where id=%s returning id"""
vars = (id,)
# 写入数据库
result = db_helper.write(sql, vars)
# 判断是否提交成功
if result:
return web_helper.return_msg(0, '成功')
else:
return web_helper.return_msg(-1, "删除失败")
def post_login():
"""用户登陆验证"""
##############################################################
# 获取并验证客户端提交的参数
##############################################################
username = web_helper.get_form('username', '帐号')
password = web_helper.get_form('password', '密码')
verify = web_helper.get_form('verify', '验证码')
ip = web_helper.get_ip()
##############################################################
# 从session中读取验证码信息
##############################################################
s = web_helper.get_session()
verify_code = s.get('verify_code')
print(verify, s)
# 删除session中的验证码(验证码每提交一次就失效)
if 'verify_code' in s:
del s['verify_code']
s.save()
# 判断用户提交的验证码和存储在session中的验证码是否相同
if verify.upper() != verify_code:
return web_helper.return_msg(-1, '验证码错误')
##############################################################
### 获取登录用户记录,并进行登录验证 ###
##############################################################
sql = """select * from manager where login_name='%s'""" % (username, )
# 从数据库中读取用户信息
manager_result = db_helper.read(sql)
# 判断用户记录是否存在
if not manager_result:
return web_helper.return_msg(-1, '账户不存在')
##############################################################
### 验证用户登录密码与状态 ###
##############################################################
# 对客户端提交上来的验证进行md5加密将转为大写(为了密码的保密性,这里进行双重md5加密,加密时从第一次加密后的密串中提取一段字符串出来进行再次加密,提取的串大家可以自由设定)
# pwd = encrypt_helper.md5(encrypt_helper.md5(password)[1:30]).upper()
# 对客户端提交上来的验证进行md5加密将转为大写(只加密一次)
pwd = encrypt_helper.md5(password).upper()
# 检查登录密码输入是否正确
if pwd != manager_result[0].get('login_password', ''):
return web_helper.return_msg(-1, '密码错误')
# 检查该账号虽否禁用了
if manager_result[0].get('is_enable', 0) == 0:
return web_helper.return_msg(-1, '账号已被禁用')
##############################################################
### 把用户信息保存到session中 ###
##############################################################
manager_id = manager_result[0].get('id', 0)
s['id'] = manager_id
s['login_name'] = username
s.save()
##############################################################
### 更新用户信息到数据库 ###
##############################################################
# 更新当前管理员最后登录时间、Ip与登录次数(字段说明,请看数据字典)
sql = """update manager set last_login_time=%s, last_login_ip=%s, login_count=login_count+1 where id=%s"""
# 组合更新值
vars = (
'now()',
ip,
manager_id,
)
# 写入数据库
db_helper.write(sql, vars)
data = [{'a': 1, 'b': 2, 'c': 3, 'd': 4, 'e': 5}]
return web_helper.return_msg(0, '登录成功', data)
