def post(self): """Create a administrator. """ # create fields = DotDict(corporation="", name="", login="", password="", mobile="", phone="", email="", valid="", source_id="") list_inject = ['name', 'password', 'mobile', 'phone'] for key in list_inject: v = self.get_argument(key, '') # if not check_sql_injection(v): # self.get() # return for key in fields.iterkeys(): fields[key] = self.get_argument(key, '') fields.source_id = fields.source_id if fields.source_id else 5 administrator_id = self.db.execute("INSERT INTO T_ADMINISTRATOR (login, password, " " name, mobile, phone, email, " " corporation, source_id, valid, type)" " VALUES (%s, password(%s), %s, %s, " " %s, %s, %s, %s, %s, %s)", fields.login, fields.password, fields.name, fields.mobile, fields.phone, fields.email, fields.corporation, fields.source_id, fields.valid, 2) # insert privilege privileges = map(int, self.get_arguments('privileges')) if privileges: self.db.executemany("INSERT INTO T_PRIVILEGE" " VALUES (%s, %s)", [(administrator_id, id) for id in privileges]) cities = map(int, str_to_list(self.get_argument('cities', ''))) key = self.get_area_memcache_key(administrator_id) if len(cities) == 1 and cities[0] == 0: self.db.execute("INSERT INTO T_AREA_PRIVILEGE" " VALUES(NULL, %s, %s, %s)", administrator_id, AREA.CATEGORY.PROVINCE, AREA.PROVINCE.LIAONING) cities = self.db.query("SELECT city_id, city_name FROM T_HLR_CITY" " WHERE province_id = %s", AREA.PROVINCE.LIAONING) self.redis.setvalue(key, cities) else: # put privilege_areas into memcached areas = self.get_area(cities) self.redis.setvalue(key, areas) cities = self.db.query("SELECT region_code FROM T_HLR_CITY" " WHERE city_id IN %s", tuple(cities + DUMMY_IDS)) cids = [c.region_code for c in cities] for cid in cids: self.db.execute("INSERT INTO T_AREA_PRIVILEGE" " VALUES (NULL, %s, %s, %s)", administrator_id, AREA.CATEGORY.CITY, cid) self.redirect("/administrator/list/%s" % administrator_id)