bton/matekasse
2
1
Fork 2
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: bton:3127e2de1f21dec0bf08013193380274adbf345f
Branches Tags
bton:master
..
compare: bton:f4181ade0716fd86eaee56ff0019101598a4b7f4
Branches Tags
bton:master

No commits in common. "3127e2de1f21dec0bf08013193380274adbf345f" and "f4181ade0716fd86eaee56ff0019101598a4b7f4" have entirely different histories.
3127e2de1f ... f4181ade07

2 changed files with 18 additions and 18 deletions
Show stats Expand all files Collapse all files

9
Website/__init__.py
View file

@ -2,6 +2,7 @@ import queue, time, uuid, json, logging, datetime, os
from flask import Flask, render_template, render_template_string, request, make_response, session, send_file, g from flask import Flask, render_template, render_template_string, request, make_response, session, send_file, g
from flask_socketio import SocketIO, join_room, leave_room from flask_socketio import SocketIO, join_room, leave_room
from flask_session import Session from flask_session import Session
from markupsafe import escape
from Website.db import get_db from Website.db import get_db
import Website.db as db import Website.db as db
from datetime import datetime from datetime import datetime
@ -63,7 +64,7 @@ def create_app(test_config=None):
c = db.cursor() c = db.cursor()
c.execute("SELECT * FROM users") c.execute("SELECT * FROM users")
users = c.fetchall() users = c.fetchall()
return render_template("list.html", user_name=users preis=(preis/100) return render_template("list.html", users=escape(users), preis=escape(preis/100))
@app.route("/transactionlist") @app.route("/transactionlist")
def transactionlist(): def transactionlist():
@ -123,7 +124,7 @@ def create_app(test_config=None):
if user != None : if user != None :
c.execute(f"SELECT * FROM tags WHERE userid={user[0]}") c.execute(f"SELECT * FROM tags WHERE userid={user[0]}")
tags = c.fetchall() tags = c.fetchall()
return render_template("user.html", user=user, tags=tags) return render_template("user.html", user=escape(user), tags=escape(tags))
else: else:
return render_template("error.html", error_code="043") return render_template("error.html", error_code="043")
@ -143,7 +144,7 @@ def create_app(test_config=None):
user_name = user[1] user_name = user[1]
db.remove_user(user_id) db.remove_user(user_id)
socketio.emit("update", "update") socketio.emit("update", "update")
return render_template("removeuser.html", user_name=user_name) return render_template("removeuser.html", user_name=escape(user_name))
else: else:
return render_template("error.html", error_code="043") return render_template("error.html", error_code="043")
@ -234,7 +235,7 @@ def create_app(test_config=None):
session_id = uuid.uuid4() session_id = uuid.uuid4()
session[id] = session_id session[id] = session_id
user_queue.put([user_id, "remove", session_id]) user_queue.put([user_id, "remove", session_id])
return render_template("removetag.html", user=user_id) return render_template("removetag.html", user=escape(user_id))
else: else:
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()

27
Website/db.py
View file

@ -1,5 +1,4 @@
from re import M from re import M
from markupsafe import escape
import sqlite3 import sqlite3
from datetime import datetime from datetime import datetime
import click import click
@ -14,44 +13,44 @@ def log(statement, user_id, before, after, change):
def add_user(after): def add_user(after):
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()
c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [escape(after)]) c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [after])
user_id = c.lastrowid user_id = c.lastrowid
log("add_user", user_id=escape(user_id), after=escape(after)) log("add_user", user_id=user_id, after=after)
db.commit() db.commit()
def remove_user(user_id): def remove_user(user_id):
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()
c.execute("SELECT * FROM users WHERE id = ?", [escape(user_id)]) c.execute("SELECT * FROM users WHERE id = ?", [user_id])
user_name = c.fetchone()[1] user_name = c.fetchone()[1]
c.execute("SELECT * FROM tags WHERE userid = ?", [escape(user_id)]) c.execute("SELECT * FROM tags WHERE userid = ?", [user_id])
for tag in c.fetchall(): for tag in c.fetchall():
remove_tag(tag[0]) remove_tag(tag[0])
c.execute("DELETE FROM users WHERE id = ?", [escape(user_id)]) c.execute("DELETE FROM users WHERE id = ?", [user_id])
log("remove_user", user_id=escape(user_id), before=escape(user_name)) log("remove_user", user_id=user_id, before=user_name)
db.commit() db.commit()
def add_tag(user_id, tag_id): def add_tag(user_id, tag_id):
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()
c.execute("INSERT OR IGNORE INTO tags (tagid, userid) VALUES ?, ?)", [escape(tag_id), escape(user_id)]) c.execute("INSERT OR IGNORE INTO tags (tagid, userid) VALUES ?, ?)", [tag_id, user_id])
db.commit() db.commit()
log("addtag", after=escape(tag_id), user_id=escape(user_id)) log("addtag", after=tag_id, user_id=user_id)
def remove_tag(tag_id): def remove_tag(tag_id):
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()
c.execute("SELECT * FROM tags WHERE tagid = ?", [escape(tag_id)]) c.execute("SELECT * FROM tags WHERE tagid = ?", [tag_id])
user_id = c.fetchone()[1] user_id = c.fetchone()[1]
c.execute("DELETE FROM tags WHERE tagid = ?", [escape(tag_id)]) c.execute("DELETE FROM tags WHERE tagid = ?", [tag_id])
log("removetag", before=escape(tag_id), user_id=escape(user_id)) log("removetag", before=tag_id, user_id=user_id)
db.commit() db.commit()
def change_balance(user_id, change): def change_balance(user_id, change):
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()
c.execute("UPDATE users SET balance = balance + ? WHERE id=?", [escape(change), escape(user_id)]) c.execute("UPDATE users SET balance = balance + ? WHERE id=?", [change, user_id])
log("balance", user_id=escape(user_id), change=escape(change)) log("balance", user_id=user_id, change=change)
db.commit() db.commit()
def get_db(): def get_db():