def checklogin(): if request.method == 'POST': data = request.get_json() username = data['username'] password = data['password'] print(data) sql = SQL_Server() query = "SELECT * FROM dbo.ThanhVien WHERE Username = '******'and Password = '******';" cusor = sql.select(query) if len(cusor) == 0: data = {} data['status'] = "Thông tin tài khoản/mật khẩu không chính xác." return jsonify(data) else: # check role 0: nhân viên, 1: khách hàng for row in cusor: status = row[-1] if status == 2: # đăng nhập lần đầu , còn bước chuyển trang web nữa. data = {} data['status'] = 'success' data[ 'redirect'] = 'http://192.168.16.100:5000/update_infor/' + str( row[0]) return jsonify(data) else: # đăng nhập từ lần t2 trở đi role = row[-2] if int(role) == 2: data = {} data['status'] = 'success' data[ 'redirect'] = 'http://192.168.16.100:5000/admin-page/' + str( row[0]) return jsonify(data) elif int(role) == 0: # đã hoàn thành xong nhé. # là nhân viên data = {} data['status'] = 'success' data[ 'redirect'] = 'http://192.168.16.100:5000/staff/' + str( row[0]) return jsonify(data) else: # là khách hàng thì phải xử lý thêm đi chứ. data = {} data['status'] = 'success' data[ 'redirect'] = 'http://192.168.16.100:5000/customer/' + str( row[0]) return jsonify(data) break
def searchKH(id): sql = SQL_Server() search = request.form['search'] query = "select dbo.ThanhVien.HoTen, dbo.KhachHang.Chungthuctaisan, dbo.ThanhVien.CMND, dbo.ThanhVien.Sdt, dbo.KhachHang.Id, dbo.ThanhVien.Activate from dbo.ThanhVien, dbo.KhachHang where dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id and (dbo.ThanhVien.Username = '******' " query += " or dbo.ThanhVien.HoTen = N'{}' or dbo.ThanhVien.CMND = '{}' or dbo.ThanhVien.Sdt = '{}') " query = query.format(search, search, search, search) print(query) tmp = sql.select(query) print(tmp) del sql return render_template("DanhbaKH.html", data=tmp, id=id)
def search(id): sql = SQL_Server() search = request.form['search'] query = "select dbo.ThanhVien.HoTen, dbo.NhanVien.Capbac, dbo.NhanVien.ViTri, dbo.ThanhVien.Sdt, dbo.NhanVien.Id, dbo.ThanhVien.Activate from dbo.ThanhVien, dbo.NhanVien where dbo.NhanVien.ThanVienID = dbo.ThanhVien.Id and (dbo.ThanhVien.Username = '******' " query += " or dbo.ThanhVien.HoTen = N'{}' or dbo.ThanhVien.CMND = '{}' or dbo.ThanhVien.Sdt = '{}') " query = query.format(search, search, search, search) # print(query) tmp = sql.select(query) # print(tmp) del sql return render_template("Danhba.html", data=tmp, id=id)
def thongke(id): sql = SQL_Server() query = "SELECT dbo.ThanhVien.HoTen, dbo.ThanhVien.CMND, HDTG.Giatri, dbo.ThanhVien.Email, dbo.ThanhVien.Sdt " query += "FROM dbo.ThanhVien, dbo.KhachHang, " query += "(SELECT dbo.HopDongTraGop.Giatri, dbo.HopDongTraGop.Activate, dbo.HopDongTraGop.KhacHangID FROM dbo.HopDongTraGop, dbo.ThanhVien, dbo.PhongGiaoDich " query += "WHERE dbo.HopDongTraGop.PGDId = dbo.PhongGiaoDich.Id " query += "AND dbo.PhongGiaoDich.Tinh = dbo.ThanhVien.Tinh " query += "AND dbo.ThanhVien.Id =" + str(id) + " ) AS HDTG" query += " WHERE HDTG.Activate = 1" query += " AND HDTG.KhacHangID = dbo.KhachHang.Id" query += " AND dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id " tmp = sql.select(query) tmp_data = [] i = 1 tien = 0 for row in tmp: tmp_data.append([i, row[0], row[1], row[3], row[4], row[2]]) tien += int(row[2]) i = i + 1 del sql sql = SQL_Server() query += "SELECT dbo.ThanhVien.HoTen, dbo.ThanhVien.CMND, HDTTD.HanmucChiTieu, dbo.ThanhVien.Email, dbo.ThanhVien.Sdt " query += " FROM dbo.ThanhVien, dbo.KhachHang," query += " (SELECT dbo.HopDongMoTheTD.HanmucChiTieu, dbo.HopDongMoTheTD.Activate, dbo.HopDongMoTheTD.KhacHangID FROM dbo.HopDongMoTheTD, dbo.ThanhVien, dbo.PhongGiaoDich " query += " WHERE dbo.HopDongMoTheTD.PGDId = dbo.PhongGiaoDich.Id " query += " AND dbo.PhongGiaoDich.Tinh = dbo.ThanhVien.Tinh " query += " AND dbo.ThanhVien.Id =" + str(id) + " ) AS HDTTD " query += " WHERE HDTTD.Activate = 1 " query += " AND HDTTD.KhacHangID = dbo.KhachHang.Id" query += " AND dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id" tmp = sql.select(query) for row in tmp: tmp_data.append([i, row[0], row[1], row[3], row[4], row[2]]) tien += int(row[2]) i = i + 1 tmp_data.append([" ", " ", " ", " ", "Tổng: ", tien]) return render_template("thongke.html", data=tmp_data)
def taohopdong(id): sql = SQL_Server() query = "SELECT dbo.ThanhVien.HoTen, dbo.ThanhVien.CMND, dbo.HopDongTraGop.Giatri, dbo.ThanhVien.Email, dbo.ThanhVien.Sdt FROM dbo.ThanhVien, dbo.HopDongTraGop, dbo.KhachHang " query += " WHERE dbo.HopDongTraGop.Activate = 1 " query += " AND dbo.HopDongTraGop.KhacHangID = dbo.KhachHang.Id " query += " AND dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id " tmp = sql.select(query) tmp_data = [] i = 1 for row in tmp: tmp_data.append([i, row[0], row[1], row[2], row[4], row[3]]) i = i + 1 del sql return render_template("taohopdong.html", data=tmp_data)
def updateDB(id): sql = SQL_Server() mien = request.form['mien'] loai = request.form['loai'] if loai == "Nhân viên": loai = 0 elif loai == "Khách hàng": loai = 1 else: loai = 2 query = "select dbo.ThanhVien.HoTen, dbo.NhanVien.Capbac, dbo.NhanVien.ViTri, dbo.ThanhVien.Sdt, dbo.NhanVien.Id, dbo.ThanhVien.Activate from dbo.ThanhVien, dbo.NhanVien where dbo.ThanhVien.Tinh = N'{}' and dbo.ThanhVien.Loai= {} and dbo.ThanhVien.Id = dbo.NhanVien.ThanVienID" query = query.format(mien, loai) tmp = sql.select(query) del sql return render_template("Danhba.html", data=tmp, id=id)