# -*- coding: utf-8 -*-from django.template import RequestContextfrom django

1. # -*- coding: utf-8 -*-
2. from django.template import RequestContext
3. from django.shortcuts import render_to_response
4. from django.http import HttpResponse
5. from django.http import HttpResponseRedirect
6. from django.views.decorators.csrf import csrf_exempt
7. from models import Score
8. from django.contrib.auth.models import User
9. from models import Task
10. import MySQLdb
11.  
12. DB_USER = 'user'
13. DB_PASS = 'ckj;ysq'
14. DB_BASE = 'Decanat'
15. @csrf_exempt
16. def SQL(request):
17. cont = {}
18. tt={}
19.  
20. if request.method == "POST":
21. if 'sqlcode' in request.POST:
22. t=request.POST['sqlcode']
23. if t.lower() in ['delete', 'drop', 'alter', 'insert','update','deny','revoke','grant']:
24. t = "SELECT * FROM wrong"
25. if t.lower() in ['xmachina']:
26. t = "SELECT * FROM code"
27.  
28.  
29. vasia=t
30.  
31. number = 2
32. if '*' in t:
33. number = 1
34.  
35. db_conn = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_BASE)
36. cursor = db_conn.cursor()
37. '''cursor.execute(t)'''
38.  
39. try:
40. db_conn = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_BASE)
41. cursor.execute(t)
42.  
43. except:
44. t = "SELECT * FROM wrong"
45. db_conn = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_BASE)
46. cursor = db_conn.cursor()
47. #ursor = db_conn.cursor(cursorclass=MySQLdb.cursors.SSDictCursor)
48. cursor.execute(t)
49. res = cursor.fetchall()
50. number =1
51.  
52. else:
53. res= cursor.fetchall()
54. cursor.close
55. db_conn.close
56.  
57. #r=res.decode('utf-8', 'ignore')
58. resdate =_formatt(res, vasia, number)
59. res = unicode(res)
60. #res=str(res)
61.  
62. cont = resdate
63.  
64. return HttpResponse(cont, mimetype="text/html; charset=utf-8")
65.  
66.  
67.  
68. def _formatt(a,vasia,number):
69. if number == 1:
70. res = u'<table border="1" bgcolor="FFFFFF">'
71.  
72.  
73.  
74. if number == 2:
75. res = u'<table border="1" bgcolor="FFFFFF"><tr>'
76. start = []
77. for w in vasia.lower().replace(",", "").split():
78. if w == 'select': continue
79. elif w == 'from': break
80. else: start.append(w)
81.  
82. for nn in start:
83. res += u"<td>{0}</td>".format(nn)
84. res+=u'</tr>'
85.  
86.  
87.  
88.  
89. for i in a:
90. res += u"<tr>"
91. for y in i:
92.  
93. #res += u"<td>{0}</td>".format(y)
94. res+=u'<td>'
95. y=unicode(y)
96. res+=y.decode('utf-8', 'ignore')
97. res+=u'</td>'
98.  
99. res += u"</tr>"
100. res += u"</table>"
101. return res
102.  
103. @csrf_exempt
104. def RESULT(request):
105. tt=0
106. t=0
107. result=u'<table border="1">'
108. result+=u'<tr><td></td>'
109. for tsk in Task.objects.all():
110. result+=u'<td>'
111. un=tsk.group
112. un=unicode(un)
113. un+=u": "
114. br=u"<br>"
115. result = u" ".join([result,un,br,tsk.taskname])
116. result+=u'</td>'
117. result+=u'<td>'
118. result+=u'Сумма баллов</td>'
119.  
120. result+=u'</tr>'
121.  
122. for usr in User.objects.all():
123. result+=u'<tr><td>'
124. result=u" ".join([result,usr.last_name, usr.first_name])
125. result+=u'</td>'
126.  
127. for tsk in Task.objects.all():
128.  
129. result+=u'<td>'
130. for scr in Score.objects.filter(student=usr, task=tsk):
131. t = scr.score
132. tt+=t
133. r=unicode(t)
134. t=0
135. result+=r
136. result+=u'</td>'
137. rr=unicode(tt)
138. tt=0
139. result+=u'<td>'
140. result+=rr
141. result+=u'</td>'
142. result+=u'</tr>'
143.  
144. result+=u'</table>'
145.  
146.  
147. return HttpResponse(result, mimetype="text/html; charset=utf-8")