From f16d34e5c32e56c13d1e28f0c3ac4f54edb7e416 Mon Sep 17 00:00:00 2001 From: Kakune55 Date: Wed, 13 Dec 2023 08:36:07 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AF=86=E9=92=A5=E6=9F=A5=E8=AF=A2=E5=8A=9F?= =?UTF-8?q?=E8=83=BD=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- db.py | 12 +++++----- main.py | 9 ++++++++ templates/lookupKey.html | 48 ++++++++++++++++++++++++++++++++++++++++ templates/status.html | 2 +- 4 files changed, 64 insertions(+), 7 deletions(-) create mode 100644 templates/lookupKey.html diff --git a/db.py b/db.py index 8b033ba..3647fd4 100644 --- a/db.py +++ b/db.py @@ -12,7 +12,7 @@ def dbIsOK(): except: return False -def userSurplus(userkey): +def userSurplus(userkey): #查询userkey剩余配额 #打开数据库连接 db = pymysql.connect(host=config.readConf()["db"]["host"], port=config.readConf()["db"]["port"], @@ -45,7 +45,7 @@ def reduce_value(userkey, value): # 减去对应的值 cursor = db.cursor() # 执行 SQL 查询以获取当前值 - cursor.execute(f"SELECT surplus FROM usersurplus WHERE userkey = '{userkey}';") + cursor.execute(f"SELECT surplus FROM usersurplus WHERE userkey = %s;",[userkey]) current_value = cursor.fetchone()[0] # 如果没有找到用户,则返回错误信息 @@ -57,7 +57,7 @@ def reduce_value(userkey, value): # 减去对应的值 new_value = current_value - value # 更新数据库中的值 - cursor.execute(f"UPDATE usersurplus SET surplus={new_value} WHERE userkey='{userkey}'") + cursor.execute(f"UPDATE usersurplus SET surplus= %s WHERE userkey= %s;",[new_value,userkey]) # 提交事务 db.commit() @@ -100,7 +100,7 @@ def delKey(userkey): cursor = db.cursor() # 使用 execute() 方法执行 SQL 查询 - cursor.execute(f"DELETE FROM usersurplus WHERE userkey = '{userkey}';") + cursor.execute(f"DELETE FROM usersurplus WHERE userkey = %s;", [userkey]) # 提交事务 db.commit() @@ -128,9 +128,9 @@ def createKey(quota,number=1,key="null"): for i in range(int(number)): key = str(uuid.uuid1()) output.append(key) - cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES ('{key}',{int(quota)});") + cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES (%s, %s);", [key, quota]) else: - cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES ('{key}',{int(quota)});") + cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES (%s, %s);", [key, quota]) output.append(key) # 提交事务 diff --git a/main.py b/main.py index ada298a..aeb038e 100644 --- a/main.py +++ b/main.py @@ -96,6 +96,15 @@ def createkey(): return flask.render_template("createKey.html",resq=resq) return "未登录 " +@app.route('/admin/lookupkey', methods=['POST','GET']) +def lookupkey(): + if "admin" in flask.session : + if flask.request.method == "GET": + return flask.render_template("lookupKey.html",resq="null") + resq = db.userSurplus(flask.request.form["key"]) + return flask.render_template("lookupKey.html",resq=resq) + return "未登录 " + @app.route('/admin/operate', methods=['POST','GET']) def operate(): if "admin" in flask.session : diff --git a/templates/lookupKey.html b/templates/lookupKey.html new file mode 100644 index 0000000..20504e3 --- /dev/null +++ b/templates/lookupKey.html @@ -0,0 +1,48 @@ + + + + + + 查询密钥 + + + + +
+

查询密钥

+
+ UserKey + + +
+
+ {% if resq != "null" %} +
+
+

执行结果

+ {% if resq == -99999 %} +

未找到UserKey

+ {% else %} +

配额剩余 {{ resq }}

+ {% endif %} +
+ {% endif %} + + + + \ No newline at end of file diff --git a/templates/status.html b/templates/status.html index 616bbc3..278f627 100644 --- a/templates/status.html +++ b/templates/status.html @@ -92,7 +92,7 @@ 列出所有Key - 查询密钥 + 查询密钥 创建密钥