-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathviews.py
180 lines (150 loc) · 6.61 KB
/
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
from django.http import HttpResponseRedirect
from django.http import HttpResponse
from django.core.mail import send_mail
from django.template import loader
from django.db import connection
from django.views.decorators.csrf import csrf_exempt
from .models import Lustudent, ImageUpload
from .forms import ProfileForm, UploadImageForm
from contextlib import closing
from django.urls import reverse
from django.shortcuts import render
import base64
from django.core.files.base import ContentFile
# Create your views here.
def index(request):
return render(request, 'bisonMatchApp/index.html')
def about(request):
LU_student = Lustudent.objects.values('name')
context = {'LU_student': LU_student}
return render(request, 'bisonMatchApp/about.html', context)
def quiz(request):
if request.method == 'POST':
print("Processing post...")
# Check in the terminal for how the session variables are coming in...
for key, value in request.POST.items():
if key != "image_data":
print('{} => {}'.format(key, value))
MEDIA_ROOT = "/media/user_profiles/"
if request.POST["image_data"] != "":
image_data = request.POST["image_data"]
format, imgstr = image_data.split(';base64,')
ext = format.split('/')[-1]
file_name = str(request.POST["l-number"]) + "." + ext
image = ContentFile(base64.b64decode(imgstr))
document = ImageUpload()
document.media.save(file_name, image)
document.save()
image_file_path = MEDIA_ROOT + file_name
else:
image_file_path = MEDIA_ROOT + "bisonMatchLogo.png"
#param1 = request.POST["name"];param2 = request.POST["l-number"];param3 = request.POST["email"];param4 = request.POST["major"]; param5 = request.POST["bio"]; param6 = request.POST["idealdate"];
sql = "INSERT INTO lustudent VALUES ("
sql += "\"" + request.POST["name"] + "\", "
sql += "\"" + request.POST["l-number"] + "\", "
sql += "\"" + request.POST["email"] + "\", "
sql += "\"" + request.POST["major"] + "\", "
sql += "\"" + request.POST["bio"] + "\", "
sql += "\"" + request.POST["idealdate"] + "\", "
sql += "\"" + request.POST["gender"] + "\", "
sql += request.POST["question1"] + ", "
sql += request.POST["question2"] + ", "
sql += request.POST["question3"] + ", "
sql += request.POST["question4"] + ", "
sql += request.POST["question5"] + ", "
sql += request.POST["question6"] + ", "
sql += request.POST["question7"] + ", "
sql += request.POST["question8"] + ", "
sql += request.POST["question9"] + ", "
sql += request.POST["question10"] + ", "
sql += "\"" + image_file_path + "\", "
sql += "0);"
evilStuff = ["lustudent", "delete", "studentmatches", "*", "DELETE", "DROP TABLE", "drop table", "Addison"]
textInputs = [request.POST["name"], request.POST["l-number"], request.POST["email"], request.POST["bio"], request.POST["idealdate"], request.POST["major"] ]
if any(elem in evilStuff for elem in textInputs):
return render(request, 'bisonMatchApp/quiz.html')
for text in textInputs:
for evil in evilStuff:
if evil in text.lower():
return render(request, 'bisonMatchApp/quiz.html')
print("here be ye sql statement " + str(sql))
#TODO Consider replacing the below to lines with the following
with closing(connection.cursor()) as cursor:
cursor = connection.cursor()
cursor.execute(sql)
connection.close()
#This ensures that both the cursor and the connection are closed
lnumbers = getAllStudentNumbers()
return HttpResponseRedirect('/bisonMatch/thanks/', {"lnumbers" : lnumbers})
else:
return render(request, 'bisonMatchApp/quiz.html')
@csrf_exempt
def thanks(request):
if request.POST:
lnumber = request.POST.get("invoice", "")
if lnumber != "":
with closing(connection.cursor()) as cursor:
cursor = connection.cursor()
cursor.execute("UPDATE lustudent SET paid=1 WHERE lnumber='" + str(lnumber) + "';")
connection.close()
print("Updated person with lnumber: " + str(lnumber))
else:
print("There has been a fatal error...")
return None
return render(request, 'bisonMatchApp/index.html')
lnumbers = getAllStudentNumbers()
return render(request, 'bisonMatchApp/thanks.html', {"lnumbers" : lnumbers})
@csrf_exempt
def payment_finished(request):
#sendResult('[email protected]','results')
return render(request, 'bisonMatchApp/payment_success.html')
@csrf_exempt
def payment_error(request):
#sendResult('[email protected]','results')
return render(request, 'bisonMatchApp/payment_error.html')
def getStudentData(lnumber):
student = None
with closing(connection.cursor()) as cursor:
cursor = connection.cursor()
cursor.execute("SELECT * FROM lustudent where lnumber = '" + str(lnumber) + "';")
student = cursor.fetchone()
connection.close()
return student
def getAllStudentNumbers():
lnumbers = []
with closing(connection.cursor()) as cursor:
cursor = connection.cursor()
cursor.execute("SELECT lnumber FROM lustudent;")
res = cursor.fetchall()
connection.close()
for obj in res:
if obj[0] != "":
lnumbers.append(obj[0])
return lnumbers
def matches(request, slug):
matchLNumbers = []
percentages = []
paid = 0
with closing(connection.cursor()) as cursor:
cursor = connection.cursor()
cursor.execute("SELECT * FROM studentmatches WHERE studentlnumber = '" + str(slug) + "';")
res = cursor.fetchall()
#print("res from student matches " + str(res))
connection.close()
for object in res:
matchLNumbers.append(object[2])
percentages.append(object[3])
with closing(connection.cursor()) as cursor:
cursor = connection.cursor()
cursor.execute("SELECT * FROM lustudent WHERE lnumber = '" + str(slug) + "';")
res = cursor.fetchone()
#print("res from lu student " + str(res))
paid = res[-1]
connection.close()
matches = []
i = 0
for lnumber in matchLNumbers:
matches.append(list(getStudentData(lnumber)) + [percentages[i]])
i += 1
#print("matches: " + str(matches))
return render(request, 'bisonMatchApp/matches.html', {"matches" : matches, "paid" : paid})