def article(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
searchCondition = ''
keyword = cgi.escape(request.GET.get('word', ''))
if C.isset(keyword):
searchCondition += " WHERE article.title LIKE '%%" + keyword + "%%' "
sql = 'SELECT article_id, title, username AS author, name AS category FROM "' + Meta.db_table + '_article" AS article '
sql += 'LEFT JOIN "' + Meta.db_table + '_relation" AS relation ON article.article_id=relation.aid '
sql += 'LEFT JOIN "' + Meta.db_table + '_category" AS category ON relation.cid=category.category_id '
sql += 'LEFT JOIN "' + Meta.db_table + '_user" AS usertab ON article.author=usertab.user_id '
sql += searchCondition + 'ORDER BY article_id DESC'
articleList = list(Article.objects.raw(sql))
paginator = Paginator(articleList, 10)
page = int(request.GET.get('page', 1))
try:
pagebar = paginator.page(page)
except PageNotAnInteger:
pagebar = paginator.page(1)
except EmptyPage:
pagebar = paginator.page(paginator.num_pages)
context = {
'pagebar' : pagebar
}
return render(request, manageThemeDir + 'article.html', context)
def article_write(request):
userInfo = request.session.get('uInfo', False)
url = C.getProtocol(request) + request.get_host()
if C.checkLoginAdmin(userInfo) == False:
return HttpResponseRedirect('/')
if request.method == 'POST':
currTime = C.getCurrTime()
createTime = cgi.escape(request.POST.get('create_date')) + ' ' + cgi.escape(request.POST.get('create_time'))
articleInfo = Article.objects.create(
look_count = 0,
comment_count = 0,
update_time = currTime,
create_time = createTime,
author = int(userInfo['user_id']),
title = cgi.escape(request.POST.get('title')),
content = cgi.escape(request.POST.get('content')),
article_pic = cgi.escape(request.POST.get('article_pic')),
created = datetime.datetime.strftime(datetime.datetime.now(timeZone), '%Y年%m月')
)
categoryIdList = request.REQUEST.getlist('category')
for item in categoryIdList:
Relation.objects.create(aid=articleInfo.article_id, cid=item)
categoryList = C.getCategoryList()
attachmentList = Attachment.objects.all().order_by('-attrch_id')
context = {
'url' : url,
'categoryList' : categoryList,
'attachmentList' : attachmentList
}
return render(request, manageThemeDir + 'article_write.html', context)
def theme_edit(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
if request.GET.get('file'):
fileName = cgi.escape(request.GET.get('file').replace('..', '').replace('/', '').replace('%', ''))
else:
fileName = 'index.html'
if request.GET.get('theme'):
themeDir = 'themes/' + cgi.escape(request.GET.get('theme').replace('.', '')) + '/'
else:
themeDir = C.getThemePath()
fileList = []
for filename in glob.glob(os.path.split(os.path.realpath(__file__))[0] + '/templates/' + themeDir + '*.*ml'):
p,f=os.path.split(filename);
fileList.append(f)
file_object = open(os.path.split(os.path.realpath(__file__))[0] + '/templates/' + themeDir + fileName)
try:
content = file_object.read()
finally:
file_object.close()
context = {
'content' : content,
'fileList' : fileList,
'fileName' : fileName,
'themeDir' : themeDir
}
return render(request, manageThemeDir + 'theme_edit.html', context)
def user(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
if request.GET.get('word'):
userList = User.objects.filter(username__icontains=cgi.escape(request.GET.get('word'))).order_by('-user_id')
else:
userList = User.objects.all()
paginator = Paginator(userList, 10)
page = int(request.GET.get('page', 1))
try:
pagebar = paginator.page(page)
except PageNotAnInteger:
pagebar = paginator.page(1)
except EmptyPage:
pagebar = paginator.page(paginator.num_pages)
context = {
'pagebar' : pagebar
}
return render(request, manageThemeDir + 'user.html', context)
def comment(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
cid = int(request.GET.get('cid', 0))
status = cgi.escape(request.GET.get('status', 'pass'))
updateStatus = cgi.escape(request.GET.get('update_status', ''))
if updateStatus != '' and cid != 0:
res = False
if updateStatus == 'delete':
res = Comment.objects.filter(comment_id=cid).delete()
else:
upComment = Comment.objects.get(comment_id=cid)
upComment.status = updateStatus
res = upComment.save()
msg = u'操作成功'
if res == False:
msg = u'操作失败'
context = {
'msg' : C.message(msg, '/manage_comment/?status=' + str(status))
}
return render(request, manageThemeDir + 'comment.html', context)
if status == 'pass':
commentList = Comment.objects.filter(status='approved').order_by('-comment_id').all()
else:
commentList = Comment.objects.filter(status='waiting').order_by('-comment_id').all()
paginator = Paginator(commentList, 10)
page = int(request.GET.get('page', 1))
try:
pagebar = paginator.page(page)
except PageNotAnInteger:
pagebar = paginator.page(1)
except EmptyPage:
pagebar = paginator.page(paginator.num_pages)
articleList = []
if pagebar:
aidList = []
for item in pagebar:
aidList.append(item.article_id)
articleList = Article.objects.filter(article_id__in=aidList).all()
for item in pagebar:
for it in articleList:
if item.article_id == it.article_id:
item.article = it.title
context = {
'status' : status,
'pagebar' : pagebar
}
return render(request, manageThemeDir + 'comment.html', context)
def theme_swich(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
opt = Options.objects.get(name='theme')
opt.value = cgi.escape(request.POST.get('change'))
opt.save()
return HttpResponseRedirect('/manage_themes/')
def category(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {
'categoryList' : C.getCategoryList('<i class="uk-icon-minus"></i>')
}
return render(request, manageThemeDir + 'category.html', context)
def user_delete(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
idList = request.REQUEST.getlist('idlist')
if len(idList) > 0:
User.objects.filter(user_id__in=idList).delete()
return HttpResponse('delete success')
return HttpResponse('delete faild')
def theme_changfile(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
if request.method == 'POST':
themeDir = cgi.escape(request.POST.get('themeDir').replace('.', ''))
f = open(os.path.split(os.path.realpath(__file__))[0] + '/templates/' + themeDir + cgi.escape(request.POST.get('file')), 'w')
f.write(request.POST.get('content'))
f.close()
return HttpResponse('ok')
def themes(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {
'currTheme' : C.getTheme(),
'configList' : C.getThemesConfig()
}
return render(request, manageThemeDir + 'themes.html', context)
def article_edit(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
url = request.get_host()
userInfo = request.session.get('uInfo', False)
aid = cgi.escape(request.GET.get('aid', 0))
if request.method == 'POST':
updateArticle = Article.objects.get(article_id=aid)
createTime = cgi.escape(request.POST.get('create_date')) + ' ' + cgi.escape(request.POST.get('create_time'))
updateArticle.create_time = createTime
updateArticle.update_time = C.getCurrTime()
updateArticle.author = int(userInfo['user_id'])
updateArticle.article_pic = request.POST.get('article_pic', '')
updateArticle.title = cgi.escape(request.POST.get('title', ''))
updateArticle.content = cgi.escape(request.POST.get('content', ''))
updateArticle.save()
Relation.objects.filter(aid=aid).delete()
categoryIdList = cgi.escape(request.REQUEST.getlist('category'))
for item in categoryIdList:
Relation.objects.create(aid=aid, cid=item)
return HttpResponse('修改文章成功')
detail = []
if C.isset(aid):
detail = Article.objects.get(article_id=aid)
detail.create_date = str(detail.create_time)[0:10]
detail.create_time = str(detail.create_time)[10:16]
detail.author = User.objects.get(user_id=detail.author).username
detail.content = detail.content.replace('\t', '').replace('\n', '').replace(' ', '')
categoryList = C.getCategoryList()
activeCategory = Relation.objects.filter(aid=aid).all()
attachmentList = Attachment.objects.all().order_by('-attrch_id')
context = {
'detail' : detail,
'categoryList' : categoryList,
'activeCategory' : activeCategory,
'attachmentList' : attachmentList
}
return render(request, manageThemeDir + 'article_edit.html', context)
def file_delete(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
responseData = {}
responseData['status'] = 'faild'
if request.method == 'POST':
filename = os.path.dirname(__file__) + '/static/upload/' + request.POST.get('savepath').replace('.', '') + cgi.escape(request.POST.get('filename'))
if os.path.isfile(filename):
os.remove(filename)
Attachment.objects.filter(savename=cgi.escape(request.POST.get('filename'))).delete()
responseData['status'] = 'success'
return HttpResponse(json.dumps(responseData), content_type='application/json')
def manage(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
articleCount = Article.objects.count()
commentCount = Comment.objects.count()
articleList = Article.objects.all().order_by('-article_id')[:5]
commentList = Comment.objects.all().order_by('-comment_id')[:5]
context = {
'commentList' : commentList,
'articleList' : articleList,
'commentCount' : commentCount,
'articleCount' : articleCount
}
return render(request, manageThemeDir + 'manage.html', context)
def category_edit(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
cid = int(request.GET.get('cid'))
detail = Category.objects.get(category_id=cid)
if detail.pid > 0:
detail.pname = Category.objects.get(category_id=detail.pid).name
else:
detail.pname = '顶级分类'
context = {
'detail' : detail
}
return render(request, manageThemeDir + 'category_edit.html', context)
def manage_profile(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
msg = ''
if request.method == 'POST':
userInfo = User.objects.get(username='******')
password = make_password(cgi.escape(request.POST.get('upwd', '')), None, 'pbkdf2_sha256')
userInfo.password = password
status = userInfo.save()
if status:
msg = message(u'修改成功', '/manage_profile')
else:
msg = message(u'修改失败', '/manage_profile')
return render(request, manageThemeDir + 'profile.html', {msg:msg})
def user_edit(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
uid = int(request.GET.get('uid', 0))
if request.method == 'POST':
updateUser = User.objects.get(user_id=request.POST.get('uid', 0))
if request.POST.get('password') != '':
updateUser.password = make_password(cgi.escape(request.POST.get('password')), None, 'pbkdf2_sha256')
updateUser.email = cgi.escape(request.POST.get('email'))
updateUser.group = cgi.escape(request.POST.get('group'))
updateUser.status = cgi.escape(request.POST.get('status'))
updateUser.save()
return HttpResponse('修改用户资料成功')
context['detail'] = User.objects.get(user_id=uid)
return render(request, manageThemeDir + 'user_edit.html', context)
def user_add(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
if request.method == 'POST':
email = request.POST.get('email', '')
group = cgi.escape(request.POST.get('group', ''))
status = cgi.escape(request.POST.get('status', ''))
username = cgi.escape(request.POST.get('username', ''))
password = make_password(cgi.escape(request.POST.get('password', '')), None, 'pbkdf2_sha256')
User.objects.create(
email = email,
group = group,
status = status,
username = username,
password = password
)
return HttpResponse('Create User success')
return render(request, manageThemeDir + 'user_add.html')
def attachment(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
sql = 'SELECT username, attrch_id, original_name, create_time, size '
sql += 'FROM "' + Meta.db_table + '_attachment" AS attach LEFT JOIN "' + Meta.db_table +'_user" AS userx '
sql += 'ON userx.user_id=attach.user_id '
word = ''
if request.GET.get('word'):
word = str(cgi.escape(request.GET.get('word')))
sql += "WHERE attach.original_name LIKE '%%" + str(cgi.escape(request.GET.get('word'))) + "%%' "
sql += 'ORDER BY attrch_id DESC'
attachmentList = Attachment.objects.raw(sql)
attachmentList = list(attachmentList)
paginator = Paginator(attachmentList, 10)
page = int(request.GET.get('page', 1))
try:
pagebar = paginator.page(page)
except PageNotAnInteger:
pagebar = paginator.page(1)
except EmptyPage:
pagebar = paginator.page(paginator.num_pages)
for item in pagebar:
item.size = C.getSizeInNiceString(int(item.size))
item.create_time = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(item.create_time))
context = {
'word' : word,
'pagebar' : pagebar
}
return render(request, manageThemeDir + 'attachment.html', context)
def category_add(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
context = {}
if request.method == 'POST':
chosenPid = int(request.POST.get('pid', 0))
pidInfo = Category.objects.get(category_id=chosenPid)
currPath = str(pidInfo.path) + '-' + str(pidInfo.category_id)
Category.objects.create(
path = currPath,
pid = chosenPid,
name = cgi.escape(request.POST.get('name', '')),
)
return HttpResponse('success')
context = {
'categoryList' : C.getCategoryList()
}
return render(request, manageThemeDir + 'category_add.html', context)
def manage_option(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponseRedirect('/signin/')
else:
if request.method == 'POST':
for key,val in request.POST.iteritems():
if key != 'csrfmiddlewaretoken':
#sql += 'INSERT INTO "' + Meta.db_table + '_options" VALUES(\'' + key + '\', \'' + val + '\') ON DUPLICATE KEY UPDATE value=\'' + val + '\';'
options = Options.objects.get(name=cgi.escape(key))
options.value = cgi.escape(val)
options.save()
return HttpResponse('success')
detail = Options.objects.exclude(name__contains='theme')
newDetail = {}
for val in detail:
newDetail[val.name] = val.value
context = {
'detail' : newDetail
}
return render(request, manageThemeDir + 'option.html', context)
def file_upload(request):
if C.checkLoginAdmin(request.session.get('uInfo', False)) == False:
return HttpResponse('No signin')
else:
responseData = {}
url = C.getProtocol(request) + request.get_host()
reqfile = request.FILES['upfile']
suffix = os.path.splitext(reqfile.name)
suffix = str(suffix[1].replace('.', '')).lower()
img = Image.open(reqfile)
img.thumbnail((800, 800), Image.ANTIALIAS)
fileName = str(time.time()).replace('.', '') + str(random.randint(100, 9999))
m2 = hashlib.md5()
m2.update(fileName)
fileName = str(m2.hexdigest() + '.' + suffix)
fileName = fileName[10:]
savepath = '/static/upload/' + time.strftime('%Y/%m/',time.localtime(time.time()))
filePath = os.path.dirname(__file__) + savepath
if os.path.exists(filePath) == False:
os.makedirs(filePath)
filePath = filePath + fileName.lower()
img.convert('RGB').save(filePath)
fileSize = os.path.getsize(filePath)
responseData['suffix'] = suffix
responseData['status'] = 'success'
responseData['savename'] = fileName,
responseData['fileName'] = reqfile.name,
responseData['url'] = url + savepath + fileName
responseData['fileSize'] = C.getSizeInNiceString(fileSize)
responseData['savepath'] = time.strftime('%Y/%m/',time.localtime(time.time())),
userId = request.session.get('user_id', 0)
Attachment.objects.create(
suffix = suffix,
type = 'image',
savename = fileName,
update_time = time.time(),
create_time = time.time(),
user_id = int(userId),
original_name = reqfile.name,
size = int(fileSize),
savepath = time.strftime('%Y/%m/', time.localtime(time.time()))
)
return HttpResponse(json.dumps(responseData), content_type='application/json')
