def user_list():
if 'id' in session: # 此处不应该以是否有session为标准,而是判断session中的信息正确与否。
user = system.User()
user.id = session['id']
from_user_table_info = user.query_all_by_id()
# print('from_user_table_info :', from_user_table_info)
# if session['id'] == from_user_table_info[0][0] and session['username'] == from_user_table_info[0][1]:
# print('session中的信息与数据库信息相符: ', from_user_table_info[0][0], ' and ', from_user_table_info[0][1])
if request.method == 'GET':
if session['id'] in range(5): # 如果是管理员
user = system.User()
result = user.query_all_user()
return render_template('user_list.html', result=result)
else:
var = request.form # 把Ajax中的数据取出来
# a = request.values # 把Ajax中的数据取出来
print(var) # 输出一下,看是什么类型,ImmutableMultiDict这个类型
result_id = None
for i in var:
# print(i) # 先看能不能迭代,输出i 是一个str
# print(type(i)) # 看类型果然是str
i = eval(i) # 百度str 怎么转成dic ,有两种方法,eval()和exec()函数实现
# print(i)
# print(type(i))
result_id = i
return redirect(url_for('user_list_edit', result_id=result_id))
return redirect(url_for('home'))
def insert_user():
'''admin操作
* session判断username是否是admin
'''
# 检查session
if 'username' in session:
if request.method == 'POST':
user = system.User()
user.id = request.form['id']
user.username = request.form['username']
user.userpass = request.form['userpass']
user.usertype = request.form['usertype']
user.usermail = request.form['usermail']
user.userhomepage = request.form['userhomepage']
user.homepagename = request.form['homepagename']
user.sex = request.form['sex']
user.comefrom = request.form['comefrom']
user.usersign = request.form['usersign']
user.redate = request.form['redate']
user.insert()
return redirect(url_for('user_list'))
# 根据session中的用户名查找其所有信息
user = system.User()
user.username = session['username']
# id = user.query_all_by_username()[0][0]
result = user.query_all_by_username()
if result[0][0] in range(5): # session.username是管理员
return render_template('insert_user_detail.html', result=result)
else:
redirect(url_for('home'))
return redirect(url_for('home'))
def update_user():
# *** js判断输入是否合法(没有做)
# 检查session
if 'username' in session:
if request.method == 'POST':
# 后台更新数据
# print(request.form['id'], request.form['username'], request.form['userpass'], request.form['usertype'],
# request.form['usermail'], request.form['userhomepage'], request.form['homepagename'],
# request.form['sex'], request.form['comefrom'], request.form['usersign'])
user = system.User()
user.id = request.form['id']
user.username = request.form['username']
user.userpass = request.form['userpass']
user.usertype = request.form['usertype']
user.usermail = request.form['usermail']
user.userhomepage = request.form['userhomepage']
user.homepagename = request.form['homepagename']
user.sex = request.form['sex']
user.comefrom = request.form['comefrom']
user.usersign = request.form['usersign']
user.redate = request.form['redate']
user.update()
return 'post ok'
# 根据session中的用户名查找其所有信息
user = system.User()
user.username = session['username']
# id = user.query_all_by_username()[0][0]
result = user.query_all_by_username()
return render_template('user_detail.html', result=result)
return render_template('home.html')
def signin():
if request.method == 'POST':
session.clear()
username = request.form['username']
userpass = request.form['password']
# 1. 判断有没有用户
flag = system.login(username, userpass)
if flag == 0:
return render_template('login.html',
message='username not find',
info='')
elif flag == 1:
return render_template('login.html',
message='userpass error',
info='')
else: # flag == 2
# 根据username查找id
user = system.User()
user.username = username
result = user.query_all_by_username()
# 登录成功则存入会话
session['id'] = result[0][0]
session['username'] = request.form['username']
# return render_template('home.html', message='login success', username=username, info='')
return redirect(url_for('home'))
return render_template('login.html')
def delete_user_delete(user_id):
if request.method == 'POST':
print('post ok', user_id)
if session['id'] == user_id: # for example: 222 用户登录,不能删除222
return '不能删除自己'
else:
user = system.User()
user.id = user_id
status = user.delete()
print('delete status :', status)
return 'delete ok'
return user_id
def update_user(user_id):
# *** js判断输入是否合法(没有做)
# 检查session
if 'username' in session:
if request.method == 'POST':
user = system.User()
user.id = request.form['id']
user.username = request.form['username']
user.userpass = request.form['userpass']
user.usertype = request.form['usertype']
user.usermail = request.form['usermail']
user.userhomepage = request.form['userhomepage']
user.homepagename = request.form['homepagename']
user.sex = request.form['sex']
user.comefrom = request.form['comefrom']
user.usersign = request.form['usersign']
user.redate = request.form['redate']
user.update()
session.pop('username', None)
session['username'] = request.form['username']
# 判断session.username是不是admin,如果不是admin则返回login页面
result = user.query_all_by_username()[0][0]
if result not in range(5):
return redirect(url_for('home'))
# 判断session.username是不是admin,如果是admin则返回用户列表
return redirect(url_for('user_list'))
print('---/update_user/' + user_id + '---get opt :')
user = system.User()
if user_id:
# 根据路由中的user_id查找其所有信息
user.id = user_id
result = user.query_all_by_id()
else:
# 根据session中的用户名查找其所有信息
user.username = session['username']
result = user.query_all_by_username()
print('update_user info :', result)
# id = user.query_all_by_username()[0][0]
return render_template('user_detail.html', result=result)
return redirect(url_for('home'))
def home():
''' 要把模板home.html放到正确的templates目录下,templates和app.py在同级目录下 '''
if 'username' in session:
# 根据session中的用户名查找其所有信息
user = system.User()
user.username = session['username']
user.id = session['id']
# id = user.query_all_by_username()[0][0]
result = user.query_all_by_username()
if result[0][0] in range(5): # session.username是管理员
return render_template('home.html',
username=escape(session['username']),
user_info=' you is admin')
return render_template('home.html',
username=escape(session['username']))
return render_template('home.html')