def modify_pwd(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
#print request.POST
login_id = request.POST.get('login_id', '')
oldPwd = request.POST.get('oldPwd', '')
newPwd = request.POST.get('newPwd', '')
if login_id == '':
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" % (errCode, msg, login_id)
response = HttpResponseCORS(request, s)
return response
login_id = login_id.replace("'", "")
if oldPwd != '':
oldPwd = oldPwd.lower()
s1 = ''
sql = """SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password
FROM users U LEFT JOIN dept D ON U.dept_id=D.id
WHERE U.login_id='%s' AND U.status=1
""" % (login_id)
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
pwd1 = lT[0][5]
m1 = md5.new()
m1.update(lT[0][5])
pwd = m1.hexdigest()
if oldPwd != pwd:
errCode = 2
msg = u'密码错误'
else:
sql = "update users set password = '******' where usr_id =%s" % (
newPwd, usr_id)
db.executesql(sql)
errCode = 0
msg = u'修改成功'
else:
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" % (errCode, msg, login_id)
return HttpResponseCORS(request, s)
def forgetpwd_origin(request):
name = request.POST.get('usrname','') or request.GET.get('usrname','')
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
errCode = 0
# s = ''
msg = ''
tel = ''
# 判断账户填写是否错误
sql = " select mobil from users where login_id='%s' and usr_name='%s' "%(login_id,name)
rows,iN = db.select(sql)
if iN:
# 获取验证码
tel = rows[0][-1]
msg = 'sucess'
errCode = 0
else:
# 登录名或用户名错误
msg = '请填写正确的用户名和姓名!'
errCode = -1
s ="""
{
"errcode":"%s",
"errmsg": "%s",
"tel": "%s",
}
"""%(errCode,msg,tel)
return HttpResponseCORS(request,s)
def menu_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
#print sql
rows, iN = db.select(sql)
names = 'level menu_id menu_name sort parent_id status url icon'.split()
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s = """
{
"errcode": 0,
"errmsg": "获取数据成功",
"menu_data": %s
}
""" % (s3)
return HttpResponseCORS(request, s)
def menu_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
lang_id = request.POST.get('lang_id') or request.GET.get('lang_id', '')
usr_id = request.POST.get('usr_id', '') or request.GET.get('usr_id', '')
if lang_id == '': lang_id = 1
else: lang_id = int(lang_id)
if m_muti_lang == 1 and lang_id > 1:
if str(usr_id) in ['1', '2']:
sql = """SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
""" % (lang_id)
else:
sql = """SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
""" % (lang_id, usr_id)
else:
if str(usr_id) in ['1', '2']:
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
else:
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
""" % usr_id
#print sql
rows, iN = db.select(sql)
names = 'level menu_id menu_name sort parent_id status url icon'.split()
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s = """
{
"errcode": 0,
"errmsg": "获取数据成功",
"menu_data": %s,
}
""" % (s3)
return HttpResponseCORS(request, s)
def select_func(request):
#menu_id = request.POST.get('menu_id', 0)
#print menu_id
#ret,msg,d_value = mValidateUser(request,"view",menu_id)
#if ret!=0:
# return HttpResponseCORS(request,msg)
func = request.GET.get('func', '')
#print func
if func == 'getSigns':
msg = get_sign_data(request)
else:
msg = get_select_data(request)
return HttpResponseCORS(request, msg)
def LinkToShajd(request):
AccessToken = request.GET.get('AccessToken', '')
wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)
ret, login_id, sTimeStamp = wxcpt.DecryptMsg(AccessToken)
if (ret != 0):
s = """
{
"errcode": -1,
"errmsg": "验证信息有误,请重新登陆!",
} """
return HttpResponseCORS(request, s)
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
proj_id = request.GET.get('id', '')
L = ['', '', '']
team_uuid = 'e015c3bd59ba11e88a8d7cd30abeb520'
sql = "select usr_id,login_id,usr_name,password,ifnull(mobil,'') from users where login_id='%s'" % (
login_id)
rows, iN = db.select(sql)
names = 'usr_id login_id usr_name password phone'.split()
data = dict(zip(names, rows[0]))
sql = "select id,cname,gc_no from out_proj where id='%s'" % (proj_id)
rows, iN = db.select(sql)
names = 'proj_id proj_name proj_code'.split()
data1 = dict(zip(names, rows[0]))
L[0] = team_uuid
L[1] = data
L[2] = data1
names = 'team_uuid user proj'.split()
L = dict(zip(names, L))
info = json.dumps(L, ensure_ascii=True)
#print info
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)
ret, token = wxcpt.EncryptMsg(info, random_no, sTimeStamp)
#wxcpt1=WXBizMsgCrypt('szoworld',m_aesKey)
#ret,info1,sTimeStamp1 = wxcpt1.DecryptMsg(token)
url = "https://www.shajd.cn/login_schedule.html?team_id=%s&token=%s" % (
team_uuid, urllib.quote(token))
return HttpResponseRedirect(url)
def update_login(request):
# 取消账户过期提示(90天)
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
ignore = request.POST.get('is_ignore','') or request.GET.get('is_ignore','')
now = datetime.datetime.now()
if ignore:
DB_Op('usr_info',['update_time'],["'%s'"%now]," where login_id='%s'"%login_id)
errCode = 0
msg = u'操作成功'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" %(errCode,msg,login_id)
response = HttpResponseCORS(request,s)
return response
def logout_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
login_id = request.GET.get('login_id', '')
errCode = 0
msg = u'Log Out'
try:
del request.session['usr_id']
except KeyError:
pass
print request.POST
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" % (errCode, msg, login_id)
return HttpResponseCORS(request, s)
def valid_generater(request):
errCode = 0
imgcode = ''
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
login_ip = request.META['HTTP_X_FORWARDED_FOR']
else:
login_ip = request.META['REMOTE_ADDR']
try:
imgcode,_real_valid = generate_valid()
msg = u'获取成功'
s = """
{
"errcode": %s,
"errmsg": "%s",
"imgcode": "%s",
"login_id":'%s',
}
"""%(errCode,msg,imgcode,login_id)
DB_Op('temp_sheet',['valid_code'],\
["'%s'"%_real_valid],"where temp_id='%s' and temp_ip='%s' "%(login_id,login_ip))
print("where temp_id='%s' and temp_ip='%s' "%(login_id,login_ip))
except:
errCode = -1
msg = u'获取失败'
imgcode = ''
s = """
{
"errcode": %s,
"errmsg": "%s",
"imgcode": "%s",
}
"""%(errCode,msg,imgcode)
response = HttpResponseCORS(request,s)
return response
def getData_func(request):
audit = request.GET.get('audit', '')
field_id = request.GET.get('field_id') or 0
pk = request.GET.get('pk') or 0
func = request.GET.get('func', '')
lang_id = request.POST.get('lang_id') or request.GET.get('lang_id', '')
if lang_id == '': lang_id = 1
else: lang_id = int(lang_id)
if func == 'refresh':
menu_id = request.GET.get('menu_id', 0)
ret, errmsg, d_value = mValidateUser(request, "view", menu_id)
if ret != 0:
return HttpResponseCORS(request, errmsg)
usr_id = g_data.usr_id
#print usr_id
#if usr_id == 187:usr_id = 144
#print usr_id
if audit == '1':
field_value = request.POST.get('field_value', '')
next_flow = request.POST.get('next_flow', '')
opt = request.POST.get('flow_opt', '')
formData = getAuditData(pk, field_id, field_value, usr_id,
next_flow, opt, menu_id)
names = 'cid label field_type required size readonly value hide max_length hint field_options table_col table_data btn_type btn_color url'.split(
)
data = [dict(zip(names, d)) for d in formData]
formData = json.dumps(data, ensure_ascii=False)
s = """
{
"errcode":0,
"errmsg":"",
"formData":%s,
}
""" % (formData)
#print ToGBK(s)
return HttpResponseCORS(request, s)
else:
#print request.POST
#AccessToken = request.POST.get('AccessToken', '')
#t = time.time()
#print (int(round(t * 1000))) #毫秒级时间戳
#request.session['AccessToken']
if m_prjname == 'oWorld' and field_id in ['187', '3368']:
formData = getFormData187(pk, field_id, menu_id, usr_id,
request)
elif field_id in ['107', '1516', '112']:
formData = getFormData107(pk, field_id, menu_id, usr_id,
request)
elif field_id in ['1518']:
formData = getFormData1518(pk, field_id, menu_id, usr_id,
request)
elif field_id in ['2076']:
formData = getFormData2076(pk, field_id, menu_id, usr_id,
request)
else:
formData = getFormData(pk, field_id, menu_id, usr_id, request,
lang_id)
#添加常用选择项
field_type = request.GET.get('field_type', '')
options_type = request.GET.get('options_type', '')
usr_id = request.GET.get('usr_id', '')
sel_value = request.POST.get('sel_value', '')
if str(field_type) in ['18', '32']:
saveSelectedOptions(field_type, options_type, usr_id,
sel_value)
s = """
{
"errcode":0,
"errmsg":"",
"formData":%s,
}
""" % (formData)
#print ToGBK(s)
return HttpResponseCORS(request, s)
elif func == 'filter':
formData = getFilterData(field_id, request)
s = """
{
"errcode":0,
"errmsg":"",
"filter":%s,
}
""" % (formData)
#print ToGBK(s)
return HttpResponseCORS(request, s)
elif func == 'search':
field_type = request.GET.get('field_type', '')
options_type = request.GET.get('options_type', '')
usr_id = request.GET.get('usr_id', '')
search = request.POST.get('search', '')
page_limit = request.POST.get('page_limit') or 10
field_id = request.GET.get('field_id', '')
if str(field_id) == '2753':
formData = get_options_2753(search, page_limit, usr_id, request)
else:
search = MySQLdb.escape_string(search)
formData = get_options(field_type, options_type, search,
page_limit, usr_id, field_id, request)
#t = time.time()
#print "search %s %s %s"%(field_id,ToGBK(int(round(t * 1000)))) #毫秒级时间戳
s = """
{
"errcode":0,
"errmsg":"",
"data":%s,
}
""" % (formData)
#print ToGBK(s)
return HttpResponseCORS(request, s)
elif func == 'validity':
field_id = request.GET.get('field_id', '')
ret = getValidityResult(field_id, request)
s = """
{
"errcode":0,
"errmsg":"获取有效性结果成功",
"validity":%s,
}
""" % (ret)
return HttpResponseCORS(request, s)
filed_name = request.GET.get('fname', '')
para1, para2, para3, para4 = '', '', '', ''
if filed_name == 'gw_type':
para1 = request.POST.get('parent_id', '') or request.GET.get(
'parent_id', '')
elif filed_name == 'flow':
para1 = request.POST.get('type_id', '') or request.GET.get(
'type_id', '')
para2 = request.POST.get('has_flow', '') or request.GET.get(
'has_flow', '')
elif filed_name == 'first_flow':
para1 = request.POST.get('type_id', '') or request.GET.get(
'type_id', '')
elif filed_name == 'cols':
para1 = request.POST.get('table_name', '') or request.GET.get(
'table_name', '')
elif filed_name == 'sel_cols': #获取弹出框所有字段
para1 = request.POST.get('sel_type', '')
para2 = request.GET.get('single', '')
elif filed_name == 'roles':
para1 = request.POST.get('dept', '') or request.GET.get('dept', '')
elif filed_name == 'next_flow':
para1 = request.GET.get('pk', '')
para2 = request.GET.get('flow_id', '')
para3 = request.POST.get('opt', '')
para4 = request.GET.get('usr_id', '')
L1 = getData(filed_name, '', para1, para2, para3, para4)
s1 = json.dumps(L1, ensure_ascii=False)
s = """
{
"errcode": 0,
"errmsg": "操作成功",
"data":%s,
}
""" % s1
#print ToGBK(s)
return HttpResponseCORS(request, s)
def login_wx_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
usr_id, usr_name, dept_id, dept_name = '', '', '', ''
source = 'wx'
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
code = request.GET.get('code', '')
login_id = getLoginID(code)
if login_id == '':
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" % (errCode, msg, login_id)
return s
login_id = login_id.replace("'", "")
s1 = ''
sql = """SELECT U.usr_id,U.usr_name,U.dept_id,D.cname,IFNULL(U.pic,''),U.password,U.login_id
FROM users U LEFT JOIN dept D ON U.dept_id=D.id
WHERE ifnull(U.wxqy_id,U.login_id)='%s' AND U.status=1
""" % (login_id)
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
login_id = lT[0][6]
#求得用户的权限
dActiveUser[usr_id] = {}
dActiveUser[usr_id]['roles'] = {} #用户角色
dActiveUser[usr_id]['access_dept_data'] = [
] #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...]
dActiveUser[usr_id]['access_person_data'] = [
] #访问人员数据的权限,格式:['人员ID1','人员ID2',...]
dActiveUser[usr_id]['login_time'] = time.time() #登入时间
dActiveUser[usr_id]['usr_name'] = lT[0][1] #用户名
dActiveUser[usr_id]['login_id'] = login_id
dActiveUser[usr_id]['usr_dept'] = lT[0][2], lT[0][3] #用户部门
dActiveUser[usr_id]['pic'] = lT[0][4]
#用户角色/访问部门内所有人员数据的权限
sql = """SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id
FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id
WHERE WUR.usr_id=%s
""" % usr_id
lT1, iN1 = db.select(sql)
if iN1 > 0:
for e in lT1:
#用户角色
dActiveUser[usr_id]['roles'][e[0]] = e[1:]
request.session['usr_id'] = usr_id
request.session['usr_name'] = dActiveUser[usr_id]['usr_name']
request.session['dept_id'] = lT[0][2]
request.session['dept_name'] = lT[0][3]
request.session['dActiveUser'] = dActiveUser
d_value = ['', '', '', '', '']
d_value[0] = usr_id
d_value[1] = dActiveUser[usr_id]['usr_name']
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
if pic == '':
pic_url = "%s/user_pic/default.jpg" % fs_url
else:
pic_url = "%s/user_pic/small_" % fs_url + pic
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld', m_aesKey)
ret, token = wxcpt.EncryptMsg(login_id, random_no, sTimeStamp)
if usr_id in [1, 2]:
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
else:
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
""" % usr_id
#print sql
rows, iN = db.select(sql)
L1 = [2]
L2 = []
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split(
)
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"dept_id":%s,
"dept_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s,""" % (lT[0][0], (lT[0][1]), lT[0][2],
(lT[0][3]), pic_url, token, s3)
sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
""" % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
#print ToGBK(sql)
db.executesql(sql)
else:
errCode = 1
msg = u'用户名不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
%s
}
""" % (errCode, msg, login_id, s1)
#print ToGBK(s)
response = HttpResponseCORS(request, s)
return response
def home_func(request):
audit_data = ['','']
ret,errmsg,d_value = mValidateUser(request,"view",'')
if ret!=0:
return HttpResponseCORS(request,errmsg)
usr_id = d_value[0]
dept_id = d_value[2]
sql = "select cname,start_s,end_s,style from chkdatetime order by end_s"
lT1,iN1 = db.select(sql)
sql = """SELECT case source when 1 then ga.title
else case ifnull(d.title,'') when '' then concat(op.gc_no,'/',op.cname)
else d.title
end
end,
case source when 1 then ga.type_name
else gfd.cname
end,
ga.cusrname,
date_format(ga.ctime,'%%Y-%%m-%%d %%T'),
d.menu_id,
d.id,
'',
ifnull(ga.url,''),
TIMESTAMPDIFF(SECOND,ga.ctime,now())/60,
datediff(now(),ga.ctime)
FROM gw_audit ga
left join gw_doc d on ga.gw_id= d.id
left join gw_type gfd on ga.type_id= gfd.id
left join out_proj op on op.id= d.proj_id
where ga.usr_id= '%s' order by ga.ctime desc"""%(usr_id)
#print sql
lT,iN = db.select(sql)
L = []
iN2 = iN
if iN2 > 10: iN2 = 10
for i in range(0,iN2):
e = list(lT[i])
i = 0
for a in lT1:
if e[9]>30: e[8] = e[9]*1440
if float(e[8]) < float(a[2]):
if i < iN1:
e[3] = a[0]
e[6] = a[3]
else:
e[3] = '1年前'
break
i+=1
L.append(e)
names = 'title gw_type usr_name ctime menu_id pk style url'.split()
data = [dict(zip(names, d)) for d in L]
audit_data[0] = data
audit_data[1] = iN
names = 'data count'.split()
L1 = dict(zip(names, audit_data))
audit = json.dumps(L1,ensure_ascii=False)
sign_data = ['','']
sql = """SELECT ifnull(ga.title, op.cname),
case source when 1 then ga.type_name
else gfd.cname
end,
ga.cusrname,
date_format(ga.ctime,'%%Y-%%m-%%d %%T'),
d.menu_id,
d.id,
'',
ifnull(ga.url,''),
TIMESTAMPDIFF(SECOND,ga.ctime,now())/60,
datediff(now(),ga.ctime)
FROM gw_sign ga
left join gw_doc d on ga.gw_id= d.id
left join gw_type gfd on ga.type_id= gfd.id
left join out_proj op on op.id= d.proj_id
where ga.usr_id= %s order by ga.ctime desc """%(usr_id)
lT,iN = db.select(sql)
L = []
iN2 = iN
if iN2 > 10: iN2 = 10
for i in range(0,iN2):
e = list(lT[i])
i = 0
for a in lT1:
if e[9]>30: e[8] = e[9]*1440
if float(e[8]) < float(a[2]):
if i < iN1:
e[3] = a[0]
e[6] = a[3]
else:
e[3] = '1年前'
break
i+=1
L.append(e)
names = 'title gw_type usr_name ctime menu_id pk style url'.split()
data = [dict(zip(names, d)) for d in L]
sign_data[0] = data
sign_data[1] = iN
names = 'data count'.split()
L1 = dict(zip(names, sign_data))
sign = json.dumps(L1,ensure_ascii=False)
sql = """SELECT
WB.id
,CASE ifnull(RLOG.bb_id,'0') WHEN '0' THEN '0' ELSE '1' END as r_flag
,WB.title
,date_format(WB.ref_date,'%%Y-%%m-%%d %%T')
,WB.cusrname
,NT.cname
,ifnull(U.pic,'')
,case when ifnull(MD.lytime,'')>ifnull(RLOG.read_time,'') then 1 else 0 end as l_flag
,TIMESTAMPDIFF(SECOND,WB.ref_date,now())/60
,''
,datediff(now(),ifnull(WB.ref_date,now()))
FROM bumph_bubbl WB
LEFT JOIN users U ON WB.cid=U.usr_id
LEFT JOIN (
select DISTINCT bb_id from bumph_bubbl_groups where group_id in (
select id from news_group where is_all=1 or find_in_set(%s,depts) or find_in_set(%s,users))
) G ON G.bb_id=WB.id
LEFT JOIN (select bb_id,usr_id,MAX(read_time) as read_time from bumph_bubbl_read_log where usr_id = %s group by bb_id,usr_id) RLOG ON RLOG.bb_id=WB.id
LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
LEFT JOIN (select bb_id,MAX(ctime) as lytime from bumph_bubbl_comment group by bb_id) MD on MD.bb_id = WB.id
where (G.bb_id is not NULL or find_in_set(%s,recv_users)) and ifnull(audit,3) >= 2 and gw_type = 'A05'
order by WB.ref_date desc limit 10"""%(dept_id,usr_id,usr_id,usr_id)
#print sql
lT,iN = db.select(sql)
L = []
for i in range(0,iN):
e = list(lT[i])
i = 0
for a in lT1:
if e[10]>30: e[8] = e[10]*1440
if float(e[8]) < float(a[2]):
if i < iN1:
e[8] = a[0]
e[9] = a[3]
else:
e[8] = '1年前'
break
i+=1
L.append(e)
names = 'id r_flag title ref_date cusrname news_type pic l_flag timediff style'.split()
data = [dict(zip(names, d)) for d in L]
notice = json.dumps(data,ensure_ascii=False)
sql = """SELECT
WB.id
,CASE ifnull(RLOG.bb_id,'0') WHEN '0' THEN '0' ELSE '1' END as r_flag
,WB.title
,date_format(WB.ref_date,'%%Y-%%m-%%d %%T')
,WB.cusrname
,NT.cname
,ifnull(U.pic,'')
,case when ifnull(MD.lytime,'')>ifnull(RLOG.read_time,'') then 1 else 0 end as l_flag
,TIMESTAMPDIFF(SECOND,WB.ref_date,now())/60
,''
,datediff(now(),ifnull(WB.ref_date,now()))
FROM bumph_bubbl WB
LEFT JOIN users U ON WB.cid=U.usr_id
LEFT JOIN (
select DISTINCT bb_id from bumph_bubbl_groups where group_id in (
select id from news_group where is_all=1 or find_in_set(%s,depts) or find_in_set(%s,users))
) G ON G.bb_id=WB.id
LEFT JOIN (select bb_id,usr_id,MAX(read_time) as read_time from bumph_bubbl_read_log where usr_id = %s group by bb_id,usr_id) RLOG ON RLOG.bb_id=WB.id
LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
LEFT JOIN (select bb_id,MAX(ctime) as lytime from bumph_bubbl_comment group by bb_id) MD on MD.bb_id = WB.id
where (G.bb_id is not NULL or find_in_set(%s,recv_users)) and ifnull(audit,3) >= 2 and gw_type != 'A05'
order by WB.ref_date desc limit 10"""%(dept_id,usr_id,usr_id,usr_id)
#print sql
lT,iN = db.select(sql)
L = []
for i in range(0,iN):
e = list(lT[i])
i = 0
for a in lT1:
if e[10]>30: e[8] = e[10]*1440
if float(e[8]) < float(a[2]):
if i < iN1:
e[8] = a[0]
e[9] = a[3]
else:
e[8] = '1年前'
break
i+=1
pic = e[6]
if pic=='':
e[6] = "%s/user_pic/default.jpg"%(fs_url)
else:
e[6] = "%s/user_pic/small_%s"%(fs_url,pic)
L.append(e)
names = 'id r_flag title ref_date cusrname news_type pic l_flag timediff style'.split()
data = [dict(zip(names, d)) for d in L]
recv_info = json.dumps(data,ensure_ascii=False)
sql ="""SELECT
WB.id
,0
,WB.title
,left(WB.content,300)
,date_format(WB.ctime,'%%Y-%%m-%%d %%T')
,WB.cusrname
,ifnull(WB.ifaud,0)
,NT.cname
,D.cname
,ifnull(WB.must_reply,0)
,ifnull(U.pic,'')
,ifnull(WB.audit,3)
FROM bumph_bubbl WB
LEFT JOIN users U ON WB.cid=U.usr_id
LEFT JOIN dept D ON D.id=U.dept_id
LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
where WB.audusrid=%s and WB.audit in (1) order by WB.ctime desc limit 10
"""%(usr_id)
names = 'seq r_flag title content ref_date usr_name needsh news_type dept must_reply pic audit'.split()
rows,iN = db.select(sql)
L = []
for e in rows:
L2 = list(e)
pic = L2[10]
if pic=='':
L2[10] = "%s/user_pic/default.jpg"%(fs_url)
else:
L2[10] = "%s/user_pic/small_%s"%(fs_url,pic)
L.append(L2)
data = [dict(zip(names, d)) for d in L]
waitAudit = json.dumps(data,ensure_ascii=False)
sql = """SELECT
WB.id
,CASE ifnull(RLOG.bb_id,'0') WHEN '0' THEN '0' ELSE '1' END as r_flag
,WB.title
,date_format(WB.ref_date,'%%Y-%%m-%%d %%T')
,WB.cusrname
,NT.cname
,ifnull(U.pic,'')
,case when ifnull(MD.lytime,'')>ifnull(RLOG.read_time,'') then 1 else 0 end as l_flag
,TIMESTAMPDIFF(SECOND,WB.ref_date,now())/60
,''
,datediff(now(),ifnull(WB.ref_date,now()))
FROM bumph_bubbl WB
LEFT JOIN users U ON WB.cid=U.usr_id
LEFT JOIN (
select DISTINCT bb_id from bumph_bubbl_groups where group_id in (
select id from news_group where is_all=1 or find_in_set(%s,depts) or find_in_set(%s,users))
) G ON G.bb_id=WB.id
LEFT JOIN (select bb_id,usr_id,MAX(read_time) as read_time from bumph_bubbl_read_log where usr_id = %s group by bb_id,usr_id) RLOG ON RLOG.bb_id=WB.id
LEFT JOIN news_type NT ON NT.type_code=WB.gw_type
LEFT JOIN (select bb_id,MAX(ctime) as lytime from bumph_bubbl_comment group by bb_id) MD on MD.bb_id = WB.id
where (G.bb_id is not NULL or find_in_set(%s,recv_users)) and ifnull(audit,3) >= 2 and gw_type = 'A09'
order by WB.ref_date desc limit 10"""%(dept_id,usr_id,usr_id,usr_id)
#print sql
lT,iN = db.select(sql)
L = []
for i in range(0,iN):
e = list(lT[i])
i = 0
for a in lT1:
if e[10]>30: e[8] = e[10]*1440
if float(e[8]) < float(a[2]):
if i < iN1:
e[8] = a[0]
e[9] = a[3]
else:
e[8] = '1年前'
break
i+=1
L.append(e)
names = 'id r_flag title ref_date cusrname news_type pic l_flag timediff style'.split()
data = [dict(zip(names, d)) for d in L]
zhidu = json.dumps(data,ensure_ascii=False)
s = """
{
"errcode": 0,
"errmsg": "获取主页数据成功",
"audit":%s,
"sign":%s,
"notice":%s,
"zhidu":%s,
"recv_info":%s,
"audit_info":%s
} """%(audit,sign,notice,zhidu,recv_info,waitAudit)
#print ToGBK(s)
return HttpResponseCORS(request,s)
def login_wx_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
usr_id, usr_name, dept_id, dept_name = '', '', '', ''
source = 'wx'
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
code = request.GET.get('code', '')
union_id = ''
if code != '':
conn = httplib.HTTPSConnection('api.weixin.qq.com')
sToken = read_access_token_common('access_token_web')
if sToken == '':
url = "/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s" % (
AppId_web, AppSecret_web)
conn.request('GET', '%s' % url)
res = conn.getresponse()
body = res.read()
ddata = json.loads(body)
sToken = ddata['access_token']
conn.close()
write_access_token_common(body, 'access_token_web')
url = "/sns/oauth2/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code" % (
AppId_web, AppSecret_web, code)
conn.request('GET', '%s' % url)
res = conn.getresponse()
body = res.read()
print body
ddata = json.loads(body)
access_token = ddata['access_token']
openid = ddata['openid']
union_id = ddata.get('unionid', '')
if union_id == '':
errCode = 1
msg = u'用户未注册供应商服务平台'
s = """
{
"errcode": %s,
"errmsg": "%s",
}
""" % (errCode, msg)
response = HttpResponseCORS(request, s)
return response
s1 = ''
if union_id == 'or0EJv-sW7K_rmSakUfKH1ONE5hg':
union_id = 'or0EJvw-Y-E7k7zPTdR6vX0OdRlI'
sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'')
FROM users_gy U
LEFT JOIN addr_book ab on ab.id = U.addr_id
LEFT JOIN suppliers su on su.id = ab.sup_id
WHERE U.unionid='%s' AND U.status=1
""" % (union_id)
print sql
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
request.session['usr_id'] = usr_id
request.session['usr_name'] = lT[0][1]
request.session['sup_id'] = lT[0][2]
request.session['sup_name'] = lT[0][3]
d_value = ['', '', '', '', '']
d_value[0] = usr_id
d_value[1] = lT[0][1]
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey)
ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp)
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
#print sql
rows, iN = db.select(sql)
L1 = [2]
L2 = []
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split(
)
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"sup_id":%s,
"sup_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2],
(lT[0][3]), pic, token, s3)
sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
""" % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
#print ToGBK(sql)
db.executesql(sql)
else:
errCode = 1
msg = u'用户未注册供应商服务平台'
s = """
{
"errcode": %s,
"errmsg": "%s",
%s
}
""" % (errCode, msg, s1)
#print ToGBK(s)
response = HttpResponseCORS(request, s)
return response
def proj_mat_func(request):
audit_data = ['', '']
ret, errmsg, d_value = mValidateUser(request, "view", '')
if ret != 0:
return HttpResponseCORS(request, errmsg)
usr_id = d_value[0]
dept_id = d_value[2]
proj_id = request.POST.get('proj_id', '')
sql = """select s.proj_id,op.cname,op.gc_no,s.jh_money,s.cght_money
,s.cg_money,s.rk_money,s.cg_money - ifnull(s.rk_money,0),s.paid_money
from report_proj_statistics_all s
left join out_proj op on s.proj_id = op.id
where s.proj_id = %s""" % (proj_id)
names = 'proj_id proj_name proj_no jh_money cght_money cg_money rk_money wrk_money paid_money'.split(
)
rows, iN = db.select(sql)
data = [dict(zip(names, d)) for d in rows]
proj_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
sql = """select s.sup_id,su.cname,s.cght_money
,s.cg_money,s.rk_money
from report_proj_sup_stat s
left join suppliers su on s.sup_id = su.id
where s.proj_id = %s""" % (proj_id)
names = 'sup_id sup_name cght_money cg_money rk_money'.split()
rows, iN = db.select(sql)
data = [dict(zip(names, d)) for d in rows]
sup_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
sql = """select p.year,p.month,p.cght_money,p.cg_money,p.rk_money,p.paid_money,m.stock_money
from report_proj_statistics_month p
left join report_proj_mat_month m on p.proj_id = m.proj_id and p.year = m.year and p.month = m.month
where p.proj_id = %s
order by p.year desc,p.month desc
limit 12
""" % (proj_id)
names = 'year month cght_money cg_money rk_money paid_money stock_money'.split(
)
rows, iN = db.select(sql)
data = [dict(zip(names, d)) for d in rows]
month_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
sql = """select proj_id,proj_name,proj_no,proj_id=%s from report_proj_statistics_all
""" % (proj_id)
rows, iN = db.select(sql)
names = 'id cname proj_no selected'.split()
data = [dict(zip(names, d)) for d in rows]
option_data = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
s = """
{
"errcode": 0,
"errmsg": "获取主页数据成功",
"proj_data":%s,
"sup_data":%s,
"month_data":%s,
"option_data":%s
} """ % (proj_data, sup_data, month_data, option_data)
#print ToGBK(s)
return HttpResponseCORS(request, s)
def get_select_data(request):
field_id = request.GET.get('field_id', '') or request.POST.get(
'field_id', '')
btn_id = request.GET.get('btn_id', '') or request.POST.get('btn_id', '')
if btn_id != '':
sql = """SELECT sel_type,sel_cols,24 from menu_form_grid_button where id=%s
""" % (btn_id)
else:
sql = """SELECT sel_type,sel_cols,field_type from menu_form_cols where id=%s
""" % (field_id)
print sql
rows, iN = db.select(sql)
if iN == 0:
return HttpResponseCORS(request, '')
sel_type = rows[0][0]
sel_cols = rows[0][1]
field_type = rows[0][2]
if field_type == 24 and btn_id == '':
sql = "select id from menu_form_grid_button where field_id=%s order by id asc" % (
field_id)
rows, iN = db.select(sql)
btn_id = rows[0][0]
sql = """SELECT sel_table,ifnull(sel_sort,'') from menu_select_source where sel_type=%s""" % sel_type
#print sql
rows, iN = db.select(sql)
if iN == 0:
return HttpResponseCORS(request, '')
from_table = rows[0][0]
from_table = from_table.replace('\n', '')
from_table = from_table.replace('\r', '')
from_sort = rows[0][1]
#获取筛选的参数
sql = """SELECT label,show_label,filter_name,filter_type
,sort,defalut_value,span
,field_type,field_txt,field_title,ifnull(para1,''),ifnull(para2,''),filter_sql
FROM menu_select_filters
where sel_type=%s order by sort""" % (sel_type)
#print sql
rows, iN = db.select(sql)
SL = []
for e in rows:
L1 = list(e)
value = request.POST.get(e[2], '')
if value != '':
value = e[5]
para1, para2 = '', ''
if e[10] != '':
para1 = request.POST.get(e[10], '')
if e[11] != '':
para2 = request.POST.get(e[11], '')
L1[5] = get_filter_data(e[7], e[8], e[9], value, para1, para2)
SL.append(L1)
#print SL
names = 'cname txt_show ename type sort data span'.split()
data = [dict(zip(names, d)) for d in SL]
filter = json.dumps(data, ensure_ascii=False)
if btn_id != '':
sql = """select mp.para_name,ap.muti_sql from menu_form_url_para mp
left join menu_select_all_para ap on ap.para_name=mp.para_name and ap.sel_type=%s
where mp.btn_id=%s and ap.muti_sql is not null
""" % (sel_type, btn_id)
elif field_type == 15:
sql = """select mp.para_name,ap.filter_sql from menu_form_url_para mp
left join menu_select_all_para ap on ap.para_name=mp.para_name and ap.sel_type=%s
where mp.field_id=%s and ap.filter_sql is not null
""" % (sel_type, field_id)
else:
sql = """select mp.para_name,ap.muti_sql from menu_form_url_para mp
left join menu_select_all_para ap on ap.para_name=mp.para_name and ap.sel_type=%s
where mp.field_id=%s and ap.muti_sql is not null
""" % (sel_type, field_id)
print sql
FL, iN = db.select(sql)
#获取排序字段参数
if btn_id != '':
sql = """SELECT ms.label,ms.col_name,ms.field_order,ifnull(fc.col_name,''),ifnull(is_hide,0),ifnull(is_unique,0), ms.field_show,ifnull(can_search,0) from menu_select_all_cols ms
left join menu_form_select_cols mc on mc.sel_col_id = ms.id
left join menu_form_cols fc on mc.field_id1 = fc.id
where mc.btn_id=%s
order by ifnull(mc.sort,999)
""" % (btn_id)
else:
sql = """SELECT ms.label,ms.col_name,ms.field_order,ifnull(fc.col_name,''),ifnull(is_hide,0),ifnull(is_unique,0), ms.field_show,ifnull(can_search,0) from menu_select_all_cols ms
left join menu_form_select_cols mc on mc.sel_col_id = ms.id
left join menu_form_cols fc on mc.field_id1 = fc.id
where mc.field_id=%s
order by ifnull(mc.sort,999)
""" % (field_id)
#print ToGBK(sql)
NL, iN = db.select(sql)
names = 'cname ename order field_name hide unique'.split()
data = [dict(zip(names, d)) for d in NL]
cols = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
aoData = request.POST.get('aoData', '')
select_size = 10
startNo = 0
orderby = ''
orderbydir = ''
qqid = ''
#print aoData
if aoData != '':
jsonData = json.loads(aoData)
for e in jsonData:
if e['name'] == 'sEcho':
sEcho = e['value']
elif e['name'] == 'iDisplayLength':
select_size = e['value']
elif e['name'] == 'iDisplayStart':
startNo = e['value']
elif e['name'] == 'iSortCol_0':
iCol = e['value']
orderby = NL[int(iCol)][2]
elif e['name'] == 'sSortDir_0':
orderbydir = e['value']
elif e['name'] == 'sSearch':
qqid = e['value']
sEcho += 1
else:
sEcho = 1
pageNo = (int(startNo) / int(select_size)) + 1
if pageNo == 0: pageNo = 1
sql = "select "
for e in NL:
sql += "%s," % (e[6])
sql = sql[:-1]
sql += " %s " % from_table
if qqid != '':
sTemp = "CONCAT('',"
for e in NL:
if e[7] == 1:
sTemp += "%s," % e[6]
sTemp = sTemp[:-1] + ")"
sql += " AND %s LIKE '%%%s%%'" % (sTemp, qqid)
for e in SL:
value = request.POST.get(e[2], '')
if value != '':
sTemp = e[12].replace("$s", str(value))
sql += " and (%s)" % (sTemp)
for e in FL:
value = request.POST.get(e[0], '')
if value != '':
sTemp = e[1].replace("$s", str(value))
sql += " and (%s)" % (sTemp)
#ORDER BY
if orderby != '':
sql += ' ORDER BY %s %s' % (orderby, orderbydir)
elif from_sort != '':
sql += from_sort
print ToGBK(sql)
rows, iTotal_length, iTotal_Page, pageNo, select_size = db.select_for_grid(
sql, pageNo, select_size)
names = []
for n in range(0, len(NL)):
names.append(NL[n][1])
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
s = """
{
"errcode": 0,
"errmsg": "获取数据成功",
"filter":%s,
"cols":%s,
"dataList":%s,
"totalLength":%s,
"totalPage":%s,
"pageNo":%s,
"pageSize":%s
}
""" % (filter, cols, s3, iTotal_length, iTotal_Page, pageNo,
select_size)
print ToGBK(s)
return HttpResponseCORS(request, s)
def get_sign_data(request):
ret, msg, d_value = mValidateUser(request, "view", '')
if ret != 0:
return HttpResponseCORS(request, msg)
sql = """SELECT sel_table from menu_select_source where sel_type=3"""
rows, iN = db.select(sql)
if iN == 0:
return HttpResponseCORS(request, '')
from_table = rows[0][0]
from_table = from_table.replace('\n', '')
from_table = from_table.replace('\r', '')
#获取筛选的参数
sql = """SELECT label,show_label,filter_name,filter_type
,sort,defalut_value,span
,field_type,field_txt,field_title,ifnull(para1,''),ifnull(para2,''),filter_sql
FROM menu_select_filters
where sel_type=3 order by sort"""
#print sql
rows, iN = db.select(sql)
SL = []
for e in rows:
L1 = list(e)
value = request.POST.get(e[2], '')
if value != '':
value = e[5]
para1, para2 = '', ''
if e[10] != '':
para1 = request.POST.get(e[10], '')
if e[11] != '':
para2 = request.POST.get(e[11], '')
L1[5] = get_filter_data(e[7], e[8], e[9], value, para1, para2)
SL.append(L1)
#print SL
names = 'cname txt_show ename type sort data span'.split()
data = [dict(zip(names, d)) for d in SL]
filter = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
#获取排序字段参数
sql = """SELECT ms.label,ms.col_name,ms.field_order, ms.field_show,ifnull(can_search,0) from menu_select_all_cols ms
where sel_type = 3 and id!=13
order by ifnull(ms.sort,999)
"""
#print sql
NL, iN = db.select(sql)
names = 'cname ename order'.split()
data = [dict(zip(names, d)) for d in NL]
cols = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
aoData = request.POST.get('aoData', '')
select_size = 10
startNo = 0
orderby = ''
orderbydir = ''
qqid = ''
#print aoData
if aoData != '':
jsonData = json.loads(aoData)
for e in jsonData:
if e['name'] == 'sEcho':
sEcho = e['value']
elif e['name'] == 'iDisplayLength':
select_size = e['value']
elif e['name'] == 'iDisplayStart':
startNo = e['value']
elif e['name'] == 'iSortCol_0':
iCol = e['value']
orderby = NL[int(iCol)][2]
elif e['name'] == 'sSortDir_0':
orderbydir = e['value']
elif e['name'] == 'sSearch':
qqid = e['value']
sEcho += 1
else:
sEcho = 1
pageNo = (int(startNo) / int(select_size)) + 1
if pageNo == 0: pageNo = 1
sql = "select "
for e in NL:
sql += "%s," % (e[3])
sql = sql[:-1]
sql += " %s " % from_table
if qqid != '':
sTemp = "CONCAT('',"
for e in NL:
if e[4] == 1:
sTemp += "%s," % e[3]
sTemp = sTemp[:-1] + ")"
sql += " AND %s LIKE '%%%s%%'" % (sTemp, qqid)
for e in SL:
value = request.POST.get(e[2], '')
if value != '':
sTemp = e[12].replace("$s", str(value))
sql += " and (%s)" % (sTemp)
usr_id = d_value[0]
#usr_id = request.session.get('usr_id', 1)
sql += " and ur.usr_id not in (1,2,%s)" % usr_id
#ORDER BY
if orderby != '':
sql += ' ORDER BY %s %s' % (orderby, orderbydir)
#print request.POST
#print sql
rows, iTotal_length, iTotal_Page, pageNo, select_size = db.select_for_grid(
sql, pageNo, select_size)
names = []
for n in range(0, len(NL)):
names.append(NL[n][1])
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False, cls=ComplexEncoder)
s = """
{
"errcode": 0,
"errmsg": "获取数据成功",
"filter":%s,
"cols":%s,
"dataList":%s,
"totalLength":%s,
"totalPage":%s,
"pageNo":%s,
"pageSize":%s
}
""" % (filter, cols, s3, iTotal_length, iTotal_Page, pageNo,
select_size)
#print ToGBK(s)
return HttpResponseCORS(request, s)
def login_func(request):
import base64, time
import random
random_no = '%s' % (random.randint(0, 999999))
source = request.POST.get('source', 'web')
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
union_id = 'or0EJv-sW7K_rmSakUfKH1ONE5hg'
if union_id == '':
errCode = 1
msg = u'用户未注册供应商服务平台'
s = """
{
"errcode": %s,
"errmsg": "%s",
}
""" % (errCode, msg)
response = HttpResponseCORS(request, s)
return response
s1 = ''
sql = """SELECT U.usr_id,U.usr_name,ifnull(ab.sup_id,0),ifnull(su.cname,''),IFNULL(U.headimgurl,'')
FROM users_gy U
LEFT JOIN addr_book ab on ab.id = U.addr_id
LEFT JOIN suppliers su on su.id = ab.sup_id
WHERE U.unionid='%s' AND U.status=1
""" % (union_id)
lT, iN = db.select(sql)
if iN > 0:
usr_id = lT[0][0]
request.session['usr_id'] = usr_id
request.session['usr_name'] = lT[0][1]
request.session['sup_id'] = lT[0][2]
request.session['sup_name'] = lT[0][3]
d_value = ['', '', '', '', '']
d_value[0] = usr_id
d_value[1] = lT[0][1]
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
sTimeStamp = str(time.time())
wxcpt = WXBizMsgCrypt('szoworld_gy', m_aesKey)
ret, token = wxcpt.EncryptMsg(str(usr_id), random_no, sTimeStamp)
sql = """SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status-1,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=2 and WMF.menu_id>0 and WMF1.status=2
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
#print sql
rows, iN = db.select(sql)
L1 = [2]
L2 = []
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split(
)
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data, ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"sup_id":%s,
"sup_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s""" % (lT[0][0], (lT[0][1]), lT[0][2],
(lT[0][3]), pic, token, s3)
sql = """insert into users_login_gy (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
""" % (lT[0][0], source, token, ip, int(TIME_OUT) * 60)
#print ToGBK(sql)
db.executesql(sql)
else:
errCode = 1
msg = u'用户不存在'
s = """
{
"errcode": %s,
"errmsg": "%s",
%s
}
""" % (errCode, msg, s1)
#print ToGBK(s)
response = HttpResponseCORS(request, s)
return response
def change_pwd(request):
errCode = 0
msg = u''
now = datetime.datetime.now()
# flag:1 修改密码 0:重置密码
flag = request.POST.get('flag','') or request.GET.get('flag','')
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
oldpwd = request.POST.get('oldpassword','') or request.GET.get('oldpassword','')
password = request.POST.get('password_login','') or request.GET.get('password_login','')
# 判断旧密码是否正确
if flag in [1,'1']:
sql = "select password from `users` where login_id='%s'"%(login_id)
rows,iN = db.select(sql)
print(request.POST)
print('rows:',rows,login_id)
if iN:
print('###:',oldpwd,rows[0][-1])
if oldpwd != rows[0][0]:
errCode = 1
msg = u'旧密码输入错误'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" %(errCode,msg,login_id)
response = HttpResponseCORS(request,s)
# else:
# errCode = 1
# msg = u'旧密码输入错误'
# 判断新密码是否符合要求
sql = "select old_password from `usr_history_info` where login_id='%s'"%(login_id)
rows,iN = db.select(sql)
if not password or password in [_[0] for _ in rows]:
errCode = 2
msg = u'不能使用历史密码或空密码!'
if not errCode:
# 更新用户记录表
DB_Op('users',['password'],["'%s'"%password]," where login_id='%s'"%login_id)
DB_Op('login_record',['pwd_update_time'],["'%s'"%now]," where login_id='%s'"%(login_id))
sql = "select create_time,pwd_update_time from `login_record` where login_id='%s'"%(login_id)
rows,iN = db.select(sql)
print request.POST
print(rows)
# 插入历史数据
old_createTime = rows[0][-1] or rows[0][0] or now # 优先密码更新时间
DB_Op('usr_history_info',['login_id','old_password','old_createTime'],\
["'%s'"%login_id,"'%s'"%oldpwd,"'%s'"%old_createTime],'insert')
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" %(errCode,msg,login_id)
response = HttpResponseCORS(request,s)
return response
def login_func(request):
import base64 , time
import random
random_no='%s'%(random.randint(0,999999))
print(request.POST)
usr_id,usr_name,dept_id,dept_name='','','',''
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
password = request.POST.get('password','') or request.GET.get('password','')
source = request.POST.get('source','web')
lang_id = request.POST.get('lang_id') or request.GET.get('lang_id','')
if lang_id=='':lang_id=1
else:lang_id = int(lang_id)
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
response = login_test(request)
if response:
return response
errCode, msg = -1, '该账户已失效!'
# ----#
# if login_id=='':
# errCode = 1
# msg = u'用户名不存在'
# s = """
# {
# "errcode": %s,
# "errmsg": "%s",
# "login_id": "%s",
# }
# """ %(errCode,msg,login_id)
# response = HttpResponseCORS(request,s)
# return response
# login_id=login_id.replace("'","")
# if password!='':
# password=password.lower()
# ---#
s1 =''
sql="""SELECT U.usr_id,U.usr_name,ifnull(U.dept_id,0),ifnull(D.cname,''),IFNULL(U.pic,''),U.password
FROM users U LEFT JOIN dept D ON U.dept_id=D.id
WHERE U.login_id='%s' AND U.status=1
""" % (login_id)
lT,iN = db.select(sql)
if iN>0:
# pwd1 = lT[0][5]
# m1 = md5.new()
# m1.update(lT[0][5])
# pwd = m1.hexdigest()
# print(password,pwd,'###')
# if password != pwd:
# errCode = 2
# msg = u'密码错误'
# else:
# if m_prjname == 'kjerp':
# ret = ProcessPassword(pwd1)
# else:
# ret = True
# if ret == False:
# errCode = 3
# msg = u'密码过于简单,请修改密码后重新登陆'
# s = """
# {
# "errcode": %s,
# "errmsg": "%s",
# "login_id": "%s",
# }
# """ %(errCode,msg,login_id)
# response = HttpResponseCORS(request,s)
# return response
usr_id=lT[0][0]
#求得用户的权限
dActiveUser[usr_id]={}
dActiveUser[usr_id]['roles']={} #用户角色
dActiveUser[usr_id]['access_dept_data']=[] #访问部门内所有人员数据的权限,格式:['部门ID1','部门ID2',...]
dActiveUser[usr_id]['access_person_data']=[] #访问人员数据的权限,格式:['人员ID1','人员ID2',...]
dActiveUser[usr_id]['login_time']=time.time() #登入时间
dActiveUser[usr_id]['usr_name']=lT[0][1] #用户名
dActiveUser[usr_id]['login_id']=login_id
dActiveUser[usr_id]['usr_dept']=lT[0][2],lT[0][3] #用户部门
dActiveUser[usr_id]['pic']=lT[0][4]
#用户角色/访问部门内所有人员数据的权限
sql="""SELECT WUR.role_id,WR.role_name,WR.sort,WR.dept_id
FROM usr_role WUR LEFT JOIN roles WR ON WUR.role_id=WR.role_id
WHERE WUR.usr_id=%s
""" % usr_id
print(sql)
lT1,iN1 = db.select(sql)
if iN1>0:
for e in lT1:
#用户角色
dActiveUser[usr_id]['roles'][e[0]]=e[1:]
request.session['usr_id'] = usr_id
request.session['usr_name'] = dActiveUser[usr_id]['usr_name']
request.session['dept_id'] = lT[0][2]
request.session['dept_name'] = lT[0][3]
request.session['dActiveUser'] = dActiveUser
d_value = ['','','','','']
d_value[0] = usr_id
d_value[1] = dActiveUser[usr_id]['usr_name']
d_value[2] = lT[0][2]
d_value[3] = lT[0][3]
d_value[4] = 0
g_data.set_value(d_value)
errCode = 0
msg = 'OK'
pic = lT[0][4]
if pic=='':
pic_url = "%s/user_pic/default.jpg"%fs_url
else:
pic_url = "%s/user_pic/small_"%fs_url+pic
sTimeStamp = str(time.time())
wxcpt=WXBizMsgCrypt('szoworld',m_aesKey)
ret,token = wxcpt.EncryptMsg(login_id,random_no,sTimeStamp)
if m_muti_lang==1 and lang_id>1:
if usr_id in [1,2]:
sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""%(lang_id)
else:
sql="""SELECT distinct WMF.menu,WMF.menu_id,case l.`name` when '' then WMF.menu_name else l.`name` end,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
left join muti_lang_menu l on l.menu_id = WMF.menu_id and l.lang_id = %s
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""%(lang_id,usr_id)
else:
if usr_id in [1,2]:
sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM menu_func WMF
Left JOIN menu_func WMF1 on WMF.parent_id = WMF1.menu_id
WHERE WMF.status=1 and WMF.menu_id>0 and WMF1.status=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""
else:
sql="""SELECT distinct WMF.menu,WMF.menu_id,WMF.menu_name,
WMF.sort,WMF.parent_id,WMF.status,WMF.url,WMF.icon
FROM usr_role WUR JOIN (role_menu WRM JOIN menu_func WMF ON WRM.menu_id=WMF.menu_id) ON WUR.role_id=WRM.role_id
WHERE WUR.usr_id='%s' AND WMF.status=1 and WMF.menu_id>0 and WRM.can_view=1
ORDER BY WMF.parent_id,WMF.menu,WMF.sort,WMF.menu_id
"""%usr_id
#print sql # ---#
print(sql)
rows,iN = db.select(sql)
L1=[2]
L2=[]
#L = formatData(rows,L1,L2)
names = 'level menu_id menu_name sort parent_id status url icon'.split()
data = [dict(zip(names, d)) for d in rows]
s3 = json.dumps(data,ensure_ascii=False)
s1 = """"userid":%s,
"username":"******",
"dept_id":%s,
"dept_name":"%s",
"pic_url":"%s",
"AccessToken":"%s",
"menu_data":%s,"""%(lT[0][0],(lT[0][1]),lT[0][2],(lT[0][3]),pic_url,token,s3)
sql = """insert into users_login (usr_id,source,token,login_ip,login_time,refresh_time,expire_time)
values (%s,'%s','%s','%s',now(),now(),%s)
"""%(lT[0][0],source,token,ip,int(TIME_OUT)*60)
#print ToGBK(sql)
db.executesql(sql)
# --#
# else:
# errCode = 1
# msg = u'用户名不存在'
# print('##:',s1)
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
%s
}
""" %(errCode,msg,login_id,s1)
#print ToGBK(s)
response = HttpResponseCORS(request,s)
return response
def forgetpwd(request,Opname):
errCode = 0
s = """ """
msg = ''
tel = ''
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
login_ip = request.META['HTTP_X_FORWARDED_FOR']
else:
login_ip = request.META['REMOTE_ADDR']
name = request.POST.get('usrname','') or request.GET.get('usrname','')
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
mobil = request.POST.get('mobil','') or request.GET.get('mobil','')
mobil_valid = request.POST.get('mobil_valid','') or request.GET.get('mobil_valid','')
# 发送短信
if Opname in ['getmobilvalid']:
tel='%s'%(random.randint(0,999999))
res = test_getValid(mobil,tel)
if res['Code'].lower() in ['ok']:
# 删除相应的数据存在验证码在临时表中
_sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
db.executesql(_sql)
DB_Op('temp_sheet',['temp_id','temp_ip','valid_code'],\
["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(tel)],'insert')
errCode = 0
msg = 'sucess'
else:
errCode = -1
msg = '验证码发送失败'
s +="""{
"errcode":%s,
"errmsg": "%s",
"tel": "%s",
}
"""%(errCode,msg,mobil)
return HttpResponseCORS(request,s)
# if Opname in ['fillcount']:
# s +="""{
# "errcode":"%s",
# "errmsg": "%s",
# "tel": "%s",}
# """%(errCode,msg,tel)
# return HttpResponseCORS(request,s)
if Opname in ['checkVerify']:
# 获取验证码
sql = " select valid_code from `temp_sheet` where temp_id='%s' "%(login_id)
rows,iN = db.select(sql)
if iN:
# 验证码正确
if str(rows[0][-1]) == str(mobil_valid):
errCode = 0
msg = 'sucess'
_sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
db.executesql(_sql)
else:
errCode = -1
msg = '验证码错误'
else:
errCode = -1
msg = '该手机未收到验证码!'
# 验证码正确
s +="""{
"errcode":'%s',
"errmsg": "%s",
"valid": "%s",}
"""%(errCode,msg,mobil_valid)
return HttpResponseCORS(request,s)
def login_test(request):
currentTime = datetime.datetime.now() # 当前时间
errCode = -1
msg, s='', '' # 返回的基础信息
error_count = 0
login_id = request.POST.get('login_id','') or request.GET.get('login_id','')
password = request.POST.get('password','') or request.GET.get('password','')
valid_code = request.POST.get('valid','') or request.GET.get('valid','')
print('VALID`VALID`:',valid_code)
image_code, valid_code_real = '','' # 图片数据 验证码 -1 or ''
# print(valid_code_real)
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
login_ip = request.META['HTTP_X_FORWARDED_FOR']
else:
login_ip = request.META['REMOTE_ADDR']
# 获取验证码
_sql = """
select valid_code from `temp_sheet` where temp_id='%s' and temp_ip='%s'
"""%(login_id,login_ip)
rows,iN = db.select(_sql)
if iN:
valid_code_real = rows[0][-1] # 验证码
print('valid:',valid_code_real)
# login_id = 'abc'
sql = """
select password,usr_name from `users` where login_id='%s'
"""%(login_id)
rows,iN= db.select(sql)
if iN:
real_pwd = [_[0] for _ in rows][0]
else:
real_pwd = ''
print(sql)
if not iN:
errCode = -1
msg = u'用户名不存在!'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
}
""" %(errCode,msg,login_id)
response = HttpResponseCORS(request,s)
return response
else:
usr_name = rows[0][1]
# 密码正确 记录登录信息到相应表
# m1 = md5.new()
# m1.update(real_pwd.lower())
# pwd_l = m1.hexdigest()
# pwd_h = md5.new(real_pwd.upper()).hexdigest()
pwd_real = md5.new(real_pwd).hexdigest()
print('#-#valid:',valid_code_real,valid_code)
if (password==real_pwd or password in [pwd_real]) and any([valid_code_real in ['','-1'],valid_code_real.lower() == valid_code.lower()]):
# 检验是否过期
if is_valid(login_id)>=90:
errCode = -2 # 用户过期
msg = u'用户已过期!'
s ="""
{
"errcode":%s,
"errmsg:":"%s",
"login_id":"%s",
"usr_name":"%s",
}
"""%(errCode,msg,login_id,usr_name)
return HttpResponseCORS(request,s)
if is_lock(login_id)>=60:
errCode = -3 # 用户锁定
msg = u'用户已锁定!'
s ="""
{
"errcode":%s,
"errmsg:":'%s',
"login_id":"%s",
"usr_name":"%s",
}
"""%(errCode,msg,login_id,usr_name)
return HttpResponseCORS(request,s)
# else:
# pass # 更新登录时间
# DB_Op('usr_info',['login_time'],[''])
# print('match:',bool(re.compile('[a-z0-9A-Z]{8,16}').match(password)))
if len(password)<8 or not bool(re.compile(r'^(?:(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])).*$').match(password)):
errCode = 4 # 弱密码
msg = u'密码不符合要求请修改密码!'
_sql = """
select login_id from `login_record` where login_id='%s'
"""%(login_id)
print(_sql)
print db.executesql(_sql)
# 记录登录信息
if not db.executesql(_sql):
DB_Op('login_record',['login_id','login_ip','login_time'],\
["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert')
s ="""
{
"errcode":%s,
"errmsg:":'%s',
"login_id":"%s",
"usr_name":"%s",
}
"""%(errCode,msg,login_id,usr_name)
return HttpResponseCORS(request,s)
errCode = 0
msg = u'操作正确'
_sql = """
select login_id from `login_record` where login_id='%s'
"""%(login_id)
print db.executesql(_sql)
# 记录登录信息
if not db.executesql(_sql):
DB_Op('login_record',['login_id','login_ip','login_time'],\
["'%s'"%login_id,"'%s'"%login_ip,"'%s'"%(currentTime)],'insert')
else:
DB_Op('login_record',['login_ip','login_time'],\
["'%s'"%login_ip,"'%s'"%(currentTime)]," where login_id='%s'"%(login_id))
# 删除临时表中的记录
_sql = "delete from `temp_sheet` where temp_id='%s' and temp_ip='%s'"%(login_id,login_ip)
db.executesql(_sql)
return None
# 密码错误记录到临时表
else:
_sql = """
select temp_id,temp_ip,login_num from `temp_sheet` where temp_id='%s' and temp_ip='%s'
"""%(login_id,login_ip)
rows,iN = db.select(_sql)
s +=''
# 不存在记录 插入数据
if not iN:
DB_Op('temp_sheet',['temp_id','temp_ip','login_num','valid_code'],\
["'%s'"%login_id,"'%s'"%login_ip,1,"''"],'insert')
error_count = 1
else:
# 更新数据
if int(rows[0][2])>=2:
image_code, valid_code_real = generate_valid()
DB_Op('temp_sheet',['login_num','valid_code'],\
[int(rows[0][2])+1,"'%s'"%valid_code_real],"where temp_id='%s'"%(login_id))
error_count =int(rows[0][2])+1
errCode = -1
msg = u'账户或密码错误!'
print(password,real_pwd,password == real_pwd)
if password == real_pwd:
msg = u'验证码错误!'
s = """
{
"errcode": %s,
"errmsg": "%s",
"login_id": "%s",
"image_code":"%s",
"error_count":%s,
"usr_name":"%s",
}
""" %(errCode,msg,login_id,image_code,error_count,usr_name)
response = HttpResponseCORS(request,s)
return response