diff --git a/db.py b/db.py
index 8b033ba..3647fd4 100644
--- a/db.py
+++ b/db.py
@@ -12,7 +12,7 @@ def dbIsOK():
except:
return False
-def userSurplus(userkey):
+def userSurplus(userkey): #查询userkey剩余配额
#打开数据库连接
db = pymysql.connect(host=config.readConf()["db"]["host"],
port=config.readConf()["db"]["port"],
@@ -45,7 +45,7 @@ def reduce_value(userkey, value): # 减去对应的值
cursor = db.cursor()
# 执行 SQL 查询以获取当前值
- cursor.execute(f"SELECT surplus FROM usersurplus WHERE userkey = '{userkey}';")
+ cursor.execute(f"SELECT surplus FROM usersurplus WHERE userkey = %s;",[userkey])
current_value = cursor.fetchone()[0]
# 如果没有找到用户,则返回错误信息
@@ -57,7 +57,7 @@ def reduce_value(userkey, value): # 减去对应的值
new_value = current_value - value
# 更新数据库中的值
- cursor.execute(f"UPDATE usersurplus SET surplus={new_value} WHERE userkey='{userkey}'")
+ cursor.execute(f"UPDATE usersurplus SET surplus= %s WHERE userkey= %s;",[new_value,userkey])
# 提交事务
db.commit()
@@ -100,7 +100,7 @@ def delKey(userkey):
cursor = db.cursor()
# 使用 execute() 方法执行 SQL 查询
- cursor.execute(f"DELETE FROM usersurplus WHERE userkey = '{userkey}';")
+ cursor.execute(f"DELETE FROM usersurplus WHERE userkey = %s;", [userkey])
# 提交事务
db.commit()
@@ -128,9 +128,9 @@ def createKey(quota,number=1,key="null"):
for i in range(int(number)):
key = str(uuid.uuid1())
output.append(key)
- cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES ('{key}',{int(quota)});")
+ cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES (%s, %s);", [key, quota])
else:
- cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES ('{key}',{int(quota)});")
+ cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES (%s, %s);", [key, quota])
output.append(key)
# 提交事务
diff --git a/main.py b/main.py
index ada298a..aeb038e 100644
--- a/main.py
+++ b/main.py
@@ -96,6 +96,15 @@ def createkey():
return flask.render_template("createKey.html",resq=resq)
return "未登录 "
+@app.route('/admin/lookupkey', methods=['POST','GET'])
+def lookupkey():
+ if "admin" in flask.session :
+ if flask.request.method == "GET":
+ return flask.render_template("lookupKey.html",resq="null")
+ resq = db.userSurplus(flask.request.form["key"])
+ return flask.render_template("lookupKey.html",resq=resq)
+ return "未登录 "
+
@app.route('/admin/operate', methods=['POST','GET'])
def operate():
if "admin" in flask.session :
diff --git a/templates/lookupKey.html b/templates/lookupKey.html
new file mode 100644
index 0000000..20504e3
--- /dev/null
+++ b/templates/lookupKey.html
@@ -0,0 +1,48 @@
+
+
+
+
+
+ 查询密钥
+
+
+
+
+
+
查询密钥
+
+
+ {% if resq != "null" %}
+
+
+
执行结果
+ {% if resq == -99999 %}
+ 未找到UserKey
+ {% else %}
+ 配额剩余 {{ resq }}
+ {% endif %}
+
+ {% endif %}
+
+
+
+
\ No newline at end of file
diff --git a/templates/status.html b/templates/status.html
index 616bbc3..278f627 100644
--- a/templates/status.html
+++ b/templates/status.html
@@ -92,7 +92,7 @@
列出所有Key |
- | 查询密钥 |
+ 查询密钥 |
| 创建密钥 |