/
admin.py
469 lines (423 loc) · 13.3 KB
/
admin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
# coding=utf-8
from tornado.escape import url_unescape,utf8
from basic import BaseHandler
import datetime
import random,string,json
from jaccount import encrypt , decrypt , find , parse_data
from settings import SITE_ID,PORT,HOST
def datetime_handler(obj):
if hasattr(obj, 'isoformat'):
return obj.isoformat()
elif isinstance(obj, None):
return None
else:
raise TypeError, 'Object of type %s with value of %s is not JSON serializable' % (type(obj), repr(obj))
"""Admin Main Page
http://domain:port/admin
"""
class adminHandler(BaseHandler):
def get(self):
if not self.current_user:
if self.get_cookie('login')=='1':
self.render("login.html", notification = "密码错误")
else:
self.render("login.html", notification = "请输入用户名和密码")
else:
self.redirect("/admin/index")
def post(self):
username=self.get_argument('username',None)
password=self.get_argument('password',None)
if username and password:
sql= "SELECT UID,CHINAME FROM ADMINISTRATOR WHERE \
USERNAME=\'%s\' AND PASSWORD=\'%s\';" %(username,password)
info = self.db.query(sql)
if info:
info = info[0]
self.set_cookie('login','0')
self.set_secure_cookie('uid',str(info['UID']))
if(info['CHINAME']):
self.set_secure_cookie('chiname', info['CHINAME'])
self.redirect('/admin')
return
self.set_cookie('login','1')
self.redirect('/admin')
"""Admin Jaccount Login Page
http://domain:port/admin/jalogin
"""
class AdminJaLoginHandler(BaseHandler):
def get(self):
if not self.get_arguments('jatkt'):
uaBaseURL="http://jaccount.sjtu.edu.cn/jaccount/"
returl = 'http://'+domain+':'+str(port)+'/admin/jalogin'
iv = string.join(random.sample('1234567890abcdef',8),'')
# print "iv:" , iv
self.set_secure_cookie('iv' , iv , None)
redirectURL = uaBaseURL + "jalogin?sid="+siteID+"&returl="+encrypt(returl,iv)+"&se="+encrypt(iv,iv)
self.redirect(redirectURL)
else:
try:
if len(self.get_argument('jatkt')) == 0:
raise tornado.web.HTTPError(404)
except TypeError:
raise tornado.web.HTTPError(404)
iv = self.get_secure_cookie('iv')
jatkt = self.get_argument('jatkt')
data = decrypt(jatkt,iv)
data = find(data,ur'ja[\s\S]*')
# utf-8编码
data.decode('utf-8')
ProfileData = parse_data(data)
if self.checkUser(ProfileData):
self.set_secure_cookie('uid' , ProfileData['id'] , None)
self.set_secure_cookie('chiname', ProfileData['chinesename'],None)
self.set_cookie('login','0')
if ProfileData['ja3rdpartySessionID'] != iv:
self.write('Hacking Attempt~!')
return
else:
self.set_cookie('login','1')
self.redirect('/admin')
def checkUser(self , profile):
uid = profile['id']
info = self.db.query('SELECT UID,CHINAME,USERNAME FROM ADMINISTRATOR WHERE UID = %s;' % (uid))
if info:
if(not info[0]['CHINAME'] or not info[0]['USERNAME']):
sql = 'UPDATE ADMINISTRATOR SET CHINAME=\'%s\' , USERNAME=\'%s\' WHERE UID = %s;' \
% (profile['chinesename'],profile['uid'],uid)
res = self.db.execute(sql)
return 1
else:
return 0
"""Admin Jaccount Logout Page
http://domain:port/admin/jalogout
"""
class AdminJaLogoutHandler(BaseHandler):
def get(self):
if self.get_secure_cookie('iv'):
uaBaseURL="http://jaccount.sjtu.edu.cn/jaccount/"
returl = 'http://'+domain+':'+str(port)+'/admin'
iv = self.get_secure_cookie('iv')
redirectURL = uaBaseURL + "ulogout?sid="+siteID+"&returl="+encrypt(returl,iv)
self.clear_all_cookies()
self.redirect(redirectURL)
return
self.clear_all_cookies()
self.redirect('/admin')
return
"""Student Information Page
http://domain:port//admin/student
"""
class StudentHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
info=[]
q=""
self.clear_header("Content-Type")
self.set_header("Content-Type", "application/json")
if self.get_argument('op',None) and self.get_argument('q',None):
option=self.get_argument('op',None)
q=self.get_argument('q',None)
info = self.query(option,q)
self.write(json.dumps(info))
else:
self.write("Missing Argument!")
return
def query(self,option,q):
url_unescape(q,'utf-8')
if(option == 'option1'):
info = self.db.query('SELECT U.UID,U.USERNAME,U.CHINAME,D.DETECTTIME,D.STATUS FROM USER U LEFT OUTER JOIN \
DETECT D ON U.UID = D.OWNER WHERE U.CHINAME=\'%s\'' % (q))
elif(option == 'option2'):
info = self.db.query('SELECT U.UID,U.USERNAME,U.CHINAME,D.DETECTTIME,D.STATUS FROM USER U LEFT OUTER JOIN \
DETECT D ON U.UID = D.OWNER WHERE U.UID=%s' % (q))
elif(option == 'option3'):
info = self.db.query('SELECT U.UID,U.USERNAME,U.CHINAME,D.DETECTTIME,D.STATUS FROM USER U LEFT OUTER JOIN \
DETECT D ON U.UID = D.OWNER WHERE U.USERNAME=\'%s\'' % (q))
for item in info:
item['DETECTTIME'] = datetime_handler(item['DETECTTIME'])
return info
"""Student Information Edit API
http://domain:port/admin/student/edit?uid=...&dt=...&op=...
"""
class StudentEditHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
if (self.get_argument('uid',None) and
self.get_argument('op',None)):
uid=str(self.get_argument('uid',None))
dt=self.get_argument('dt',None)
op=self.get_argument('op',None).replace("T"," ")
if(op == '1'):
sql = 'UPDATE DETECT SET STATUS=0 WHERE\
OWNER=%s AND DETECTTIME=\'%s\';' % (uid,dt)
info = self.db.execute(sql)
self.write("0")
elif(op == '2'):
sql = 'UPDATE USER SET IMAGESAMPLE=NULL, \
LOCID=NULL, AUDIOENGINE=NULL WHERE \
UID = %s;' % uid
info = self.db.execute(sql)
self.write("0")
elif(op == '3' and dt):
sql = "DELETE FROM DETECT WHERE OWNER=%s AND DETECTTIME=\'%s\';" % (uid,dt)
info = self.db.execute(sql)
self.write("0")
else:
self.write("-1")
else:
self.write("-1")
from datetime import datetime
"""Show Detect Status Page
http://domain:port/admin/checkin
"""
class CheckHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
info=[]
start=""
terminal=""
if self.get_argument('start',None) and self.get_argument('terminal',None):
start=self.get_argument('start',None)
terminal=self.get_argument('terminal',None)
info = self.query(start,terminal)
self.write(json.dumps(info))
else:
self.write("Missing Argument!")
return
def query(self,start,terminal):
start = self.date2time(start," 00:00:00")
terminal = self.date2time(terminal ,' 23:59:59')
sql='SELECT U.UID,U.USERNAME,U.CHINAME,D.DETECTTIME,D.STATUS,U.DEPARTMENT \
FROM USER U, DETECT D WHERE U.UID = D.OWNER AND \
D.DETECTTIME <= \'%s\' AND D.DETECTTIME >=\'%s\';' % (terminal,start)
info = self.db.query(sql)
for item in info:
item['DETECTTIME'] = datetime_handler(item['DETECTTIME'])
return info
def date2time(self,date,miniute):
date = date.replace('/','-')
date = datetime.strptime(date, "%m-%d-%Y")
date = date.strftime("%Y-%m-%d")
date = date + miniute
return date
class DefaultRuleHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
info = {}
startime = ""
termtime = ""
sql = "SELECT STARTTIME,TERMITIME FROM LOCATION WHERE LOCATIONNAME = 'SJTU';"
default = self.db.query(sql)
if default:
startime = default[0]["STARTTIME"]
termtime = default[0]["TERMITIME"]
info["STARTTIME"] = datetime_handler(startime)
info["TERMITIME"] = datetime_handler(termtime)
self.write(json.dumps(info))
return
"""Set Checkin Time Rule Page
http://domain:port/admin/rule?start= &terminal=
"""
class RuleHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
info=[]
if self.get_argument('start',None) and self.get_argument('terminal',None):
start=self.get_argument('start',None)
terminal=self.get_argument('terminal',None)
info = self.query(start,terminal)
self.write(json.dumps(info))
return
def query(self,start,terminal):
start = self.date2time(start," 00:00:00")
terminal = self.date2time(terminal ,' 23:59:59')
sql = "UPDATE LOCATION SET STARTTIME = \"%s\",TERMITIME= \"%s\" \
WHERE LOCATIONNAME = 'SJTU';" % (start,terminal)
info=self.db.execute(sql)
return info
def date2time(self,date,miniute):
date = date.replace('/','-')
date = datetime.strptime(date, "%m-%d-%Y")
date = date.strftime("%Y-%m-%d")
date = date + miniute
return date
"""Set Administrator List Page
http://domain:port/admin/manage
"""
class ManageHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
info=[]
StuID=""
if self.get_argument('number',None):
StuID=self.get_argument('number',None)
res = self.add_admin(StuID)
chiname = self.get_secure_cookie("chiname")
info = self.query()
self.write(json.dumps(info))
return
def query(self):
sql='SELECT * FROM ADMINISTRATOR;'
info = self.db.query(sql)
return info
def add_admin(self,StuID):
sql='SELECT UID FROM ADMINISTRATOR WHERE UID=%s;' %StuID
res = self.db.query(sql)
if not res:
sql='INSERT INTO ADMINISTRATOR(UID) VALUES(%s);' % StuID
info = self.db.execute(sql)
return 0
return -1
"""Add Administrator List Page
http://domain:port/admin/addadmin
"""
class AddAdminHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
StuID=""
res = -1
if self.get_argument('number',None):
StuID=self.get_argument('number',None)
res = self.add_admin(StuID)
self.write({'error':res})
return
def add_admin(self,StuID):
sql='SELECT UID FROM ADMINISTRATOR WHERE UID=%s;' %StuID
res = self.db.query(sql)
if not res:
sql='INSERT INTO ADMINISTRATOR(UID) VALUES(%s);' % StuID
info = self.db.execute(sql)
return 0
return -1
"""Delete Administrator API
http://domain:port/admin/manage/delete?uid=...
"""
class DeleteAdminHandler(BaseHandler):
def get(self):
if not self.current_user:
self.write("2")
else:
uid = self.get_argument('uid')
sql='DELETE FROM ADMINISTRATOR WHERE UID=%s;' % uid
res = self.db.execute(sql)
if not res:
self.write('0')
else:
self.write('1')
"""Reset Administrator Password Page
http://domain:port/admin/manage/setting
"""
class SettingHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
uid = self.get_secure_cookie('uid')
psw=""
alert=""
if self.get_argument('psw1',None):
psw=self.get_argument('psw1',None)
res = self.set_password(psw,uid)
if res:
alert="密码修改失败!"
else:
alert="密码修改成功!"
self.write(alert)
return
def set_password(self,psw,uid):
sql = "UPDATE ADMINISTRATOR SET PASSWORD=\'%s\' WHERE UID=%s;"\
% (psw,uid)
res = self.db.execute(sql)
return res
""" Handle JSON datetime """
class ComplexEncoder(json.JSONEncoder):
def default(self, obj):
if isinstance(obj, datetime):
return obj.strftime('%Y-%m-%d %H:%M:%S')
elif isinstance(obj, date):
return obj.strftime('%Y-%m-%d')
else:
return json.JSONEncoder.default(self, obj)
"""Map Statistics Search API
http://domain:port/admin/map_stat/search?start=...&terminal=...
"""
class MapQueryHandler(BaseHandler):
def get(self):
if not self.current_user:
self.write({"error":-1})
else:
info=[]
start=""
terminal=""
if self.get_argument('start',None) and self.get_argument('terminal',None):
start=self.get_argument('start',None)
terminal=self.get_argument('terminal',None)
info = self.query(start,terminal)
info = json.dumps(info,cls=ComplexEncoder)
# print info
self.write(info)
def query(self,start,terminal):
start = self.date2time(start," 00:00:00")
terminal = self.date2time(terminal ,' 23:59:59')
sql='SELECT U.CHINAME,D.LONGITUDE,D.LATITUDE,D.DETECTTIME \
FROM USER U, DETECT D WHERE U.UID = D.OWNER AND \
D.DETECTTIME <= \'%s\' AND D.DETECTTIME >=\'%s\' AND D.STATUS=0;' % (terminal,start)
info = self.db.query(sql)
return info
def date2time(self,date,miniute):
date = date.replace('/','-')
date = datetime.strptime(date, "%m-%d-%Y")
date = date.strftime("%Y-%m-%d")
date = date + miniute
return date
"""Chart Statistics Search API
http://domain:port/admin/time_stat/([0-9]+)
"""
class TimeQueryHandler(BaseHandler):
def get(self,op):
if not self.current_user:
self.redirect("/admin")
else:
if (op=="1"):
sql="SELECT DATE_FORMAT(D.DETECTTIME,\'%%H\') TIMES,\
COUNT(*) NUMS FROM DETECT D,LOCATION L WHERE \
D.DETECTTIME>=L.STARTTIME AND D.DETECTTIME<=L.TERMITIME\
AND L.LOCID=1 AND D.STATUS=0 GROUP BY TIMES;"
info = self.db.query(sql)
self.write(json.dumps(info))
elif (op=="2"):
sql="SELECT DATE_FORMAT(D.DETECTTIME,\'%%m\') TIMES,\
COUNT(*) NUMS FROM DETECT D,LOCATION L WHERE \
D.DETECTTIME>=L.STARTTIME AND D.DETECTTIME<=L.TERMITIME\
AND L.LOCID=1 AND D.STATUS=0 GROUP BY TIMES;"
info = self.db.query(sql)
self.write(json.dumps(info))
else:
self.write('-1')
"""
Admin Index
http://domain:port/admin/index
"""
class AdminIndexHandler(BaseHandler):
def get(self):
if not self.current_user:
self.redirect("/admin")
else:
print self.get_template_path()
chiname = self.get_secure_cookie("chiname")
self.render("index.html", chiname=chiname)
return