def get_user_info(user_id, user_password): """根据用户id和密码获取信息""" message = {"message": "success"} if my_db.validate_arg(user_password) and my_db.validate_arg(user_password): session = my_db.sql_session() columns = get_columns() sql = "select " + ",".join( columns) + " from user_info where user_id='{}'".format(user_id) try: proxy_result = session.execute(sql) result = proxy_result.fetchone() if result is None: message['message'] = "此ID不存在" else: result = my_db.str_format(result) result = dict(zip(columns, result)) if user_password.lower() == result['user_password'].lower(): if result['user_status'] == 1: message['data'] = result else: message['message'] = "账户已冻结" else: message["message"] = "密码错误" except Exception as e: print(e) message['message'] = '查询失败' finally: session.close() else: message['message'] = "参数错误" return message
def change_status(the_type, user_id): """启用/禁用/删除账户 ,第一个参数是up/down/delete ,启用或者禁用,第二个是用户id""" message = {"message": "success"} if my_db.validate_arg(user_id) and my_db.validate_arg(the_type): if the_type.strip().lower() == "up": verb = "启用" sql = "update user_info set user_status=1 where user_id='{}'".format( user_id) elif the_type.strip().lower() == "delete": verb = "删除" sql = "delete from user_info where user_id='{}'".format(user_id) else: verb = "禁用" sql = "update user_info set user_status=0 where user_id='{}'".format( user_id) session = my_db.sql_session() try: session.execute(sql) session.commit() except Exception as e: print(e) message['message'] = "{}账户失败".format(verb) finally: session.close() else: message['message'] = "用户ID错误" return message
def check_admin_args(**kwargs): """检查对admin_info进行操作的参数,防止sql注入""" flag = True columns = get_columns() for k, v in kwargs.items(): if k not in columns: """有多余的参数""" flag = False break elif k == "create_date": result = my_db.validate_arg(v, "-:") if not result: flag = result break elif k == "admin_phone": result = my_db.check_phone(v) if not result: flag = result break elif k == "admin_name": result = my_db.validate_arg(v, "_") if not result: flag = result break elif k == "admin_mail": result = my_db.validate_arg(v, "._-@") if not result: flag = result break else: result = my_db.validate_arg(v) if not result: flag = result break return flag
def login(admin_name, admin_password): """管理员登录""" message = {"message": "success"} if my_db.validate_arg(admin_name) and my_db.validate_arg(admin_password): session = my_db.sql_session() columns = get_columns() sql = "select " + ",".join( columns) + " from admin_info where admin_name='{}'".format( admin_name) try: proxy_result = session.execute(sql) result = proxy_result.fetchone() if result is None: message['message'] = "管理员账户不存在" else: result = my_db.str_format(result) result = dict(zip(columns, result)) if admin_password.lower() == result['admin_password'].lower(): if result['admin_status'] == 1: message['data'] = result else: message['message'] = "此管理员账户已禁用" else: message["message"] = "密码错误" except Exception as e: print(e) message['message'] = '查询失败' finally: session.close() else: message['message'] = "参数错误" return message
def edit_admin(**kwargs): """修改管理员资料,参数必须是键值对的形式""" message = {"message": "success"} if not check_admin_args(**kwargs): message["message"] = "参数错误" else: admin_id = kwargs.pop("admin_id", None) if admin_id is None or not my_db.validate_arg(admin_id): message["message"] = "无效的用户ID" else: sql = my_db.structure_sql( "edit", "admin_info", query_terms="where admin_id='{}'".format(admin_id), **kwargs) session = my_db.sql_session() try: session.execute(sql) session.commit() except Exception as e: print(e) message['message'] = '编辑管理员信息失败' finally: session.close() return message
def check_user_args(**kwargs): """检查对user_info进行操作的参数,防止sql注入""" flag = True columns = get_columns() for k, v in kwargs.items(): if k not in columns: """有多余的参数""" flag = False print("有多余的参数") break elif k == 'user_born_date' or k == "user_address": result = my_db.validate_arg(v, "-") if not result: flag = result print("user_born_date 或 user_address 验证失败") break elif k == "create_date": result = my_db.validate_arg(v, "-:") if not result: flag = result print("create_date 验证失败") break elif k == "user_phone": result = my_db.check_phone(v) if not result: flag = result print("user_phone 验证失败") break elif k == "user_nickname": result = my_db.validate_arg(v, "_") if not result: flag = result print("user_nickname 验证失败") break elif k == "user_realname": result = my_db.validate_arg(v, ".") if not result: flag = result print("user_realname 验证失败") break elif k == "user_img_url": result = my_db.validate_arg(v, "._/-") if not result: flag = result print("user_img_url 验证失败") break elif k == "user_mail": result = my_db.validate_arg(v, "._@-") if not result: flag = result print("user_mail 验证失败") break else: result = my_db.validate_arg(v) if not result: flag = result break return flag