def person(): user_id = session.get('user_id') if request.method == 'POST': username = request.form['username'] name = request.form['name'] email = request.form['email'] phone = request.form['phone'] workplace = request.form['workplace'] title = request.form['title'] db = get_db() error = None # confirm the email format email_pattern = r'^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$' if not username: error = 'Username is required.' elif not name: error = 'Name is required.' elif not re.match(email_pattern, email): error = 'Email format is not right.' elif not (len(phone) == 11 or len(phone) == 10): error = 'Phone number is not right.' elif not workplace: error = 'Workplace is required.' elif not (title != "0"): error = 'Title is required.' elif username == g.user["username"]: error = None elif db.execute( 'SELECT id FROM user WHERE username = ?', (username,) ).fetchone() is not None: error = 'User {} is already registered.'.format(username) else: error = None if error is None: db.execute( 'UPDATE user SET username = ?, name = ?, email = ?, phone = ?, workplace = ?, title = ?' ' WHERE id = ?', (username, name, email, phone, workplace, title, user_id) ) db.commit() g.user = get_db().execute( 'SELECT * FROM user WHERE id = ?', (user_id,) ).fetchone() return render_template('manage/person.html') flash(error) return render_template('manage/person.html')
def upload_file(): user_id = session.get('user_id') if user_id is None: return render_template('/auth/login.html') db = get_db() test = db.execute('SELECT id FROM abstract WHERE user_id = ?', (user_id, )).fetchone() if test is not None: flash('Can\'t upload twice') return redirect('/my/submit') if request.method == 'POST': # check if the post request has the file part if 'file' not in request.files: flash('No file part') return redirect(request.url) file = request.files['file'] # if user does not select file, browser also # submit an empty part without filename if file.filename == '': flash('No selected file') return redirect(request.url) if file and allowed_file(file.filename): timestamp = round(time.time()) filename = '%d+%d+%s' % (timestamp, user_id, file.filename) db.execute( 'INSERT INTO abstract (user_id, filename, state) VALUES(?, ?, ?)', (user_id, filename, 0)) db.commit() db.execute('UPDATE user SET submit = ? WHERE id = ?', (True, user_id)) db.commit() file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) return redirect('/my/submit') return render_template('/manage/submit.html')
def pay(): user_id = session.get('user_id') if request.method == 'POST': serial = request.form['serial'] title = request.form['title'] db = get_db() error = None if not title: error = '请填写发票抬头' elif not serial: error = '请填写纳税人识别号' else: error = None if error is None: error = "提交成功" db.execute( 'UPDATE invoice SET invoice_title = ?, serial_num = ?' ' WHERE user_id = ?', (title, serial, user_id) ) db.commit() flash(error) return render_template('manage/fee.html') if request.method == 'GET': return render_template('manage/fee.html')
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone()
def load_logged_in_admin(): admin_id = session.get('admin_id') if admin_id is None: g.admin = None else: g.admin = get_db().execute( 'SELECT * FROM admin WHERE id = ?', (admin_id,) ).fetchone()
def submit(): user_id = session.get('user_id') db = get_db() user = db.execute( 'SELECT paid FROM user WHERE id = ?', (user_id,) ).fetchone() if user["paid"] == "False": return redirect(url_for('manage.index')) abstract = db.execute( 'SELECT id, filename, created, state FROM abstract WHERE user_id = ?', (user_id,) ).fetchone() return render_template('manage/submit.html', abstract = abstract)
def fee(): db = get_db() invoices = db.execute( 'SELECT * FROM invoice' ).fetchall() invoices_data = list() for invoice in invoices: user = invoice["user_id"] name = db.execute( 'SELECT * FROM user WHERE id = ?', (user,) ).fetchone()["name"] invoices_data.append(dict(user_id=name, created=invoice["created"], invoice_title=invoice["invoice_title"], serial_num=invoice["serial_num"])) return render_template('root/fee.html', invoices=invoices_data)
def abstract_examine_no(id): db = get_db() abstract = db.execute( 'SELECT * FROM abstract WHERE id = ?', (id,) ).fetchone() if abstract is None: abort(404) else: db.execute( 'UPDATE abstract SET state = ? WHERE id = ?', (2, id) ) db.commit() return redirect(url_for('admin.abstract'))
def abstract(): db = get_db() abstracts_raw = db.execute( 'SELECT * FROM abstract' ).fetchall() abstracts = list() for abstract in abstracts_raw: user = abstract["user_id"] name = db.execute( 'SELECT * FROM user WHERE id = ?', (user,) ).fetchone()["name"] abstracts.append(dict( user_id=name, filename=abstract['filename'], id=abstract['id'], created=abstract['created'], state=abstract['state'])) return render_template('root/abstract.html', abstracts=abstracts)
def download_file(file_id): user_id = session.get("user_id") admin_id = session.get("admin_id") if user_id is None and admin_id is None: return redirect("/index") db = get_db() abstract = db.execute('SELECT filename FROM abstract WHERE id = ?', (file_id, )).fetchone() if abstract is None: return abort(404) else: return send_from_directory(os.path.realpath( app.config['UPLOAD_FOLDER']), abstract["filename"], as_attachment=True)
def reset(): error = None if request.method == 'GET': session.clear() email_address = request.args.get('target') if not email_address: return render_template('auth/reset.html') # confirm the email format email_pattern = r'^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$' if not re.match(email_pattern, email_address): error = 'Email format is not right.' return json.dumps({'code': 2, 'content': error}) db = get_db() user = db.execute('SELECT * FROM user WHERE email = ?', (email_address, )).fetchone() if user is None: error = 'Incorrect email address.' return json.dumps({'code': 2, 'content': error}) else: code = '' for i in range(6): code += str(random.randint(1, 9)) send_verify_code(email_address, code) error = 'Verification code has been sent' session.clear() session['code'] = code session['email'] = email_address return json.dumps({"code": 1, 'content': error}) if request.method == 'POST': error = None code = session.get('code') print(code) if code is None: error = "Verification code is invalid. Resend it." return json.dumps({'code': 2, 'content': error}) email_ = request.form['email'] pass_ = request.form['password'] if pass_ == session['code'] and session['email'] == email_: return json.dumps({'code': 1, 'content': "success"}) error = 'Verification code is not correct.' return json.dumps({'code': 2, 'content': error})
def pay_examine_yes(id): db = get_db() user = db.execute( 'SELECT * FROM user WHERE id = ?', (id,) ).fetchone() if user is None: abort(404) else: db.execute( 'UPDATE user SET paid = ? WHERE id = ?', ("True", id) ) db.commit() db.execute( "INSERT INTO invoice (user_id) VALUES( ? ) ", (id, ) ) db.commit() return redirect(url_for('admin.guest'))
def pay_examine_no(id): print(type(id)) db = get_db() user = db.execute( 'SELECT * FROM user WHERE id = ?', (id, ) ).fetchone() if user is None: abort(404) else: db.execute( 'UPDATE user SET paid = ? WHERE id = ?', ("False", id) ) db.commit() db.execute( "DELETE FROM invoice WHERE user_id = ? ", (id, ) ) db.commit() return redirect(url_for('admin.guest'))
def change(): email = session.get('email') if email is None: return redirect(url_for('auth.login')) if request.method == 'GET': return render_template("auth/change_pass.html") if request.method == 'POST': error = None repassword = request.form['repassword'] password = request.form['password'] if password == repassword: db = get_db() db.execute('UPDATE user SET password = ? WHERE email = ?', (generate_password_hash(password), email)) db.commit() return redirect(url_for('auth.login')) else: error = "Two passwords are different" flash(error) return render_template("auth/change_pass.html")
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM user WHERE username = ?', (username, )).fetchone() if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' if error is None: session.clear() session['user_id'] = user['id'] return redirect(url_for('manage.index')) flash(error) return render_template('auth/login.html')
def delete_upload_file(): user_id = session.get('user_id') if user_id is None: return redirect(url_for('auth.login')) abstract_id = request.args.get('id') db = get_db() abstract = db.execute('SELECT filename FROM abstract WHERE id = ?', (abstract_id, )).fetchone() if abstract is not None: filename = abstract['filename'] try: os.remove(os.path.join(app.config['UPLOAD_FOLDER'], filename)) except Exception as e: print(e.__str__) db.execute('Delete FROM abstract WHERE id = ?', (abstract_id, )) db.commit() db.execute('UPDATE user SET submit = ? WHERE id = ?', (False, user_id)) db.commit() return redirect(url_for('manage.submit')) return redirect(url_for('manage.submit'))
def index(): db = get_db() users = db.execute( 'SELECT * FROM user' ).fetchall() invoices = db.execute( 'SELECT * FROM invoice' ).fetchall() abstracts = db.execute( 'SELECT * FROM abstract' ).fetchall() num_bc, num_st = 0, 0 for user in users: if user["requirement_baby_care"] == 1: num_bc += 1 if user["requirement_simultaneous_transmission"] == 1: num_st += 1 return render_template('root/index.html', num_user=len(users), num_invoice=len(invoices), num_abstract=len(abstracts), num_bc=num_bc, num_st=num_st)
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] name = request.form['name'] email = request.form['email'] phone = request.form['phone'] workplace = request.form['workplace'] title = request.form['title'] repassword = request.form['repassword'] gender = request.form['gender'] requirements = request.form.getlist('requirement') baby_care = False translate = False if len(requirements) == 0: pass elif len(requirements) == 1: if requirements[0] == "1": baby_care = True else: translate = True else: baby_care = True translate = True db = get_db() error = None # confirm the email format email_pattern = r'^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+$' if not username: error = 'Username is required.' elif not (len(password) > 5): error = 'At least 6 characters.' elif not (password == repassword): error = 'Two passwords are inconsistent.' elif not name: error = 'Name is required.' elif not re.match(email_pattern, email): error = 'Email format is not right.' elif not workplace: error = 'Workplace is required.' elif not (title != "0"): error = 'Title is required.' elif not (gender != "0"): error = 'Gender is required.' elif db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = 'User {} is already registered.'.format(username) elif db.execute('SELECT id FROM user WHERE email = ?', (email, )).fetchone() is not None: error = 'Email {} is already registered.'.format(email) if error is None: db.execute( 'INSERT INTO user (username, password, name, email, phone, workplace, title, gender, requirement_baby_care, requirement_simultaneous_transmission) VALUES(?,?,?,?,?,?,?,?,?,?)', (username, generate_password_hash(password), name, email, phone, workplace, title, gender, baby_care, translate)) db.commit() return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def guest(): db = get_db() users = db.execute( 'SELECT * FROM user' ).fetchall() return render_template('root/guest.html', users=users)