daily pastebin goal
58%
SHARE
TWEET

Untitled

a guest Oct 22nd, 2017 86 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # -*- coding: utf-8 -*-
  2. from django.template import RequestContext
  3. from django.shortcuts import render_to_response
  4. from django.http import HttpResponse
  5. from django.http import HttpResponseRedirect
  6. from django.views.decorators.csrf import csrf_exempt
  7. from models import Score
  8. from django.contrib.auth.models import User
  9. from models import Task
  10. import MySQLdb
  11.  
  12. DB_USER = 'user'
  13. DB_PASS = 'ckj;ysq'
  14. DB_BASE = 'Decanat'
  15. @csrf_exempt
  16. def SQL(request):
  17.     cont = {}
  18.     tt={}
  19.  
  20.     if request.method == "POST":
  21.         if 'sqlcode' in request.POST:
  22.             t=request.POST['sqlcode']
  23.             if t.lower() in ['delete', 'drop', 'alter', 'insert','update','deny','revoke','grant']:
  24.                 t = "SELECT * FROM wrong"
  25.             if t.lower() in ['xmachina']:                  
  26.                 t = "SELECT * FROM code"
  27.  
  28.            
  29.             vasia=t
  30.  
  31.             number = 2
  32.             if '*' in t:
  33.                 number = 1
  34.        
  35.             db_conn = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_BASE)
  36.             cursor = db_conn.cursor()
  37.             '''cursor.execute(t)'''
  38.            
  39.             try:
  40.                 db_conn = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_BASE)        
  41.                 cursor.execute(t)
  42.                
  43.             except:
  44.                 t = "SELECT * FROM wrong"
  45.                 db_conn = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_BASE)
  46.                 cursor = db_conn.cursor()  
  47.                 #ursor = db_conn.cursor(cursorclass=MySQLdb.cursors.SSDictCursor)          
  48.                 cursor.execute(t)
  49.                 res = cursor.fetchall()
  50.                 number =1
  51.            
  52.             else:
  53.                 res= cursor.fetchall()
  54.             cursor.close
  55.             db_conn.close  
  56.            
  57.             #r=res.decode('utf-8', 'ignore')
  58.             resdate =_formatt(res, vasia, number)
  59.             res = unicode(res)
  60.             #res=str(res)
  61.        
  62.             cont = resdate
  63.            
  64.     return HttpResponse(cont, mimetype="text/html; charset=utf-8")
  65.  
  66.  
  67.  
  68. def _formatt(a,vasia,number):
  69.     if number == 1:
  70.         res = u'<table border="1" bgcolor="FFFFFF">'
  71.    
  72.    
  73.    
  74.     if number == 2:
  75.         res = u'<table border="1" bgcolor="FFFFFF"><tr>'
  76.         start = []
  77.         for w in vasia.lower().replace(",", "").split():
  78.             if w == 'select': continue
  79.             elif w == 'from': break
  80.             else: start.append(w)
  81.            
  82.         for nn in start:
  83.             res += u"<td>{0}</td>".format(nn)
  84.         res+=u'</tr>'
  85.  
  86.  
  87.  
  88.    
  89.     for i in a:
  90.         res += u"<tr>"
  91.         for y in i:
  92.            
  93.             #res += u"<td>{0}</td>".format(y)
  94.             res+=u'<td>'
  95.             y=unicode(y)
  96.             res+=y.decode('utf-8', 'ignore')
  97.             res+=u'</td>'
  98.    
  99.         res += u"</tr>"
  100.     res += u"</table>"
  101.     return res
  102.  
  103. @csrf_exempt       
  104. def RESULT(request):
  105.     tt=0
  106.     t=0
  107.     result=u'<table border="1">'
  108.     result+=u'<tr><td></td>'
  109.     for tsk in Task.objects.all():  
  110.         result+=u'<td>'
  111.         un=tsk.group
  112.         un=unicode(un)
  113.         un+=u": "
  114.         br=u"<br>"
  115.         result = u" ".join([result,un,br,tsk.taskname])
  116.         result+=u'</td>'
  117.     result+=u'<td>'
  118.     result+=u'Сумма баллов</td>'
  119.    
  120.     result+=u'</tr>'
  121.  
  122.     for usr in User.objects.all():
  123.         result+=u'<tr><td>'
  124.         result=u" ".join([result,usr.last_name, usr.first_name])
  125.         result+=u'</td>'
  126.            
  127.         for tsk in Task.objects.all():
  128.  
  129.             result+=u'<td>'
  130.             for scr in Score.objects.filter(student=usr, task=tsk):
  131.                 t = scr.score
  132.             tt+=t
  133.             r=unicode(t)
  134.             t=0
  135.             result+=r
  136.             result+=u'</td>'
  137.         rr=unicode(tt)
  138.         tt=0
  139.         result+=u'<td>'
  140.         result+=rr
  141.         result+=u'</td>'
  142.         result+=u'</tr>'
  143.    
  144.     result+=u'</table>'
  145.    
  146.    
  147.     return HttpResponse(result, mimetype="text/html; charset=utf-8")
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top