def checklogin():
if request.method == 'POST':
data = request.get_json()
username = data['username']
password = data['password']
print(data)
sql = SQL_Server()
query = "SELECT * FROM dbo.ThanhVien WHERE Username = '******'and Password = '******';"
cusor = sql.select(query)
if len(cusor) == 0:
data = {}
data['status'] = "Thông tin tài khoản/mật khẩu không chính xác."
return jsonify(data)
else:
# check role 0: nhân viên, 1: khách hàng
for row in cusor:
status = row[-1]
if status == 2: # đăng nhập lần đầu , còn bước chuyển trang web nữa.
data = {}
data['status'] = 'success'
data[
'redirect'] = 'http://192.168.16.100:5000/update_infor/' + str(
row[0])
return jsonify(data)
else:
# đăng nhập từ lần t2 trở đi
role = row[-2]
if int(role) == 2:
data = {}
data['status'] = 'success'
data[
'redirect'] = 'http://192.168.16.100:5000/admin-page/' + str(
row[0])
return jsonify(data)
elif int(role) == 0: # đã hoàn thành xong nhé.
# là nhân viên
data = {}
data['status'] = 'success'
data[
'redirect'] = 'http://192.168.16.100:5000/staff/' + str(
row[0])
return jsonify(data)
else:
# là khách hàng thì phải xử lý thêm đi chứ.
data = {}
data['status'] = 'success'
data[
'redirect'] = 'http://192.168.16.100:5000/customer/' + str(
row[0])
return jsonify(data)
break
def searchKH(id):
sql = SQL_Server()
search = request.form['search']
query = "select dbo.ThanhVien.HoTen, dbo.KhachHang.Chungthuctaisan, dbo.ThanhVien.CMND, dbo.ThanhVien.Sdt, dbo.KhachHang.Id, dbo.ThanhVien.Activate from dbo.ThanhVien, dbo.KhachHang where dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id and (dbo.ThanhVien.Username = '******' "
query += " or dbo.ThanhVien.HoTen = N'{}' or dbo.ThanhVien.CMND = '{}' or dbo.ThanhVien.Sdt = '{}') "
query = query.format(search, search, search, search)
print(query)
tmp = sql.select(query)
print(tmp)
del sql
return render_template("DanhbaKH.html", data=tmp, id=id)
def search(id):
sql = SQL_Server()
search = request.form['search']
query = "select dbo.ThanhVien.HoTen, dbo.NhanVien.Capbac, dbo.NhanVien.ViTri, dbo.ThanhVien.Sdt, dbo.NhanVien.Id, dbo.ThanhVien.Activate from dbo.ThanhVien, dbo.NhanVien where dbo.NhanVien.ThanVienID = dbo.ThanhVien.Id and (dbo.ThanhVien.Username = '******' "
query += " or dbo.ThanhVien.HoTen = N'{}' or dbo.ThanhVien.CMND = '{}' or dbo.ThanhVien.Sdt = '{}') "
query = query.format(search, search, search, search)
# print(query)
tmp = sql.select(query)
# print(tmp)
del sql
return render_template("Danhba.html", data=tmp, id=id)
def thongke(id):
sql = SQL_Server()
query = "SELECT dbo.ThanhVien.HoTen, dbo.ThanhVien.CMND, HDTG.Giatri, dbo.ThanhVien.Email, dbo.ThanhVien.Sdt "
query += "FROM dbo.ThanhVien, dbo.KhachHang, "
query += "(SELECT dbo.HopDongTraGop.Giatri, dbo.HopDongTraGop.Activate, dbo.HopDongTraGop.KhacHangID FROM dbo.HopDongTraGop, dbo.ThanhVien, dbo.PhongGiaoDich "
query += "WHERE dbo.HopDongTraGop.PGDId = dbo.PhongGiaoDich.Id "
query += "AND dbo.PhongGiaoDich.Tinh = dbo.ThanhVien.Tinh "
query += "AND dbo.ThanhVien.Id =" + str(id) + " ) AS HDTG"
query += " WHERE HDTG.Activate = 1"
query += " AND HDTG.KhacHangID = dbo.KhachHang.Id"
query += " AND dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id "
tmp = sql.select(query)
tmp_data = []
i = 1
tien = 0
for row in tmp:
tmp_data.append([i, row[0], row[1], row[3], row[4], row[2]])
tien += int(row[2])
i = i + 1
del sql
sql = SQL_Server()
query += "SELECT dbo.ThanhVien.HoTen, dbo.ThanhVien.CMND, HDTTD.HanmucChiTieu, dbo.ThanhVien.Email, dbo.ThanhVien.Sdt "
query += " FROM dbo.ThanhVien, dbo.KhachHang,"
query += " (SELECT dbo.HopDongMoTheTD.HanmucChiTieu, dbo.HopDongMoTheTD.Activate, dbo.HopDongMoTheTD.KhacHangID FROM dbo.HopDongMoTheTD, dbo.ThanhVien, dbo.PhongGiaoDich "
query += " WHERE dbo.HopDongMoTheTD.PGDId = dbo.PhongGiaoDich.Id "
query += " AND dbo.PhongGiaoDich.Tinh = dbo.ThanhVien.Tinh "
query += " AND dbo.ThanhVien.Id =" + str(id) + " ) AS HDTTD "
query += " WHERE HDTTD.Activate = 1 "
query += " AND HDTTD.KhacHangID = dbo.KhachHang.Id"
query += " AND dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id"
tmp = sql.select(query)
for row in tmp:
tmp_data.append([i, row[0], row[1], row[3], row[4], row[2]])
tien += int(row[2])
i = i + 1
tmp_data.append([" ", " ", " ", " ", "Tổng: ", tien])
return render_template("thongke.html", data=tmp_data)
def taohopdong(id):
sql = SQL_Server()
query = "SELECT dbo.ThanhVien.HoTen, dbo.ThanhVien.CMND, dbo.HopDongTraGop.Giatri, dbo.ThanhVien.Email, dbo.ThanhVien.Sdt FROM dbo.ThanhVien, dbo.HopDongTraGop, dbo.KhachHang "
query += " WHERE dbo.HopDongTraGop.Activate = 1 "
query += " AND dbo.HopDongTraGop.KhacHangID = dbo.KhachHang.Id "
query += " AND dbo.KhachHang.ThanVienID = dbo.ThanhVien.Id "
tmp = sql.select(query)
tmp_data = []
i = 1
for row in tmp:
tmp_data.append([i, row[0], row[1], row[2], row[4], row[3]])
i = i + 1
del sql
return render_template("taohopdong.html", data=tmp_data)
def updateDB(id):
sql = SQL_Server()
mien = request.form['mien']
loai = request.form['loai']
if loai == "Nhân viên":
loai = 0
elif loai == "Khách hàng":
loai = 1
else:
loai = 2
query = "select dbo.ThanhVien.HoTen, dbo.NhanVien.Capbac, dbo.NhanVien.ViTri, dbo.ThanhVien.Sdt, dbo.NhanVien.Id, dbo.ThanhVien.Activate from dbo.ThanhVien, dbo.NhanVien where dbo.ThanhVien.Tinh = N'{}' and dbo.ThanhVien.Loai= {} and dbo.ThanhVien.Id = dbo.NhanVien.ThanVienID"
query = query.format(mien, loai)
tmp = sql.select(query)
del sql
return render_template("Danhba.html", data=tmp, id=id)
