def edit_categories():
perimeter_check("CMSCATEGORY")
newname = request.form['rename_cat']
oldname = request.form['old_name']
cat_info = read_categories()
if newname in cat_info:
return render_template("cms.html",
editname="Edit Categories",
cat_info=cat_info,
ins="error")
db = getattr(g, 'db', None)
query = "UPDATE tbl_category SET name=%s WHERE name=%s;"
with db as cursor:
cursor.execute(query, (newname, oldname))
db.commit()
cat_info = read_categories()
return render_template("cms.html",
editname="Edit Categories",
cat_info=cat_info,
ins="success")
def remove_category():
perimeter_check("CMSCATEGORY")
cats = read_categories()
to_remove = []
status = "error"
for c in cats:
try:
temp = request.form[c]
to_remove.append(temp)
except Exception:
pass
for c in to_remove:
if category_remover(c):
status = "success"
else:
status = "error"
cat_info = read_categories()
return render_template("cms.html",
editname="Remove Category",
ins=status,
cat_info=cat_info)
def show_order(orderid):
order_detail = read_order_detail(orderid)
product_rows = read_product_rows(orderid)
user_details = read_user_details(orderid)
order_status = read_order_status()
perimeter_check("CMSCATEGORY")
return render_template("cms.html", editname="Browse Orders", order_detail=order_detail,
product_rows=product_rows, user_details=user_details, order_status=order_status)
def edit_specific_product(oldname):
perimeter_check("CMSPRODUCT")
prodname = request.form['prodname']
prodprice = request.form['prodprice']
proddesc = request.form['proddesc']
prodcat = request.form['prodcat']
prodstock = request.form['prodstock']
prodfile = request.files['prodfile']
produrl = ""
existing_products = read_products()
cat_info = read_categories()
db = getattr(g, 'db', None)
query = "UPDATE tbl_product SET name=%s, description=%s, price=%s, cat_id=(SELECT id FROM " \
"tbl_category WHERE tbl_category.name=%s) WHERE name=%s;"
with db as cursor:
data = (prodname, proddesc, prodprice, prodcat, oldname)
cursor.execute(query, data)
db.commit()
query = "UPDATE tbl_stock SET amount=%s WHERE product_id=(SELECT id FROM tbl_product WHERE name=%s);"
with db as cursor:
data = (prodstock, prodname)
cursor.execute(query, data)
db.commit()
query = "SELECT id, image_url FROM tbl_product WHERE name = %s;"
id = None
old_url = ""
with db as cursor:
data = (prodname, )
cursor.execute(query, data)
db.commit()
temp = cursor.fetchone()
id = temp[0]
old_url = temp[1]
#attempt fileupload
if id:
filename = str(id) + "_" + secure_filename(prodfile.filename)
if prodfile:
add_file(prodfile, filename)
remove_file(old_url)
produrl = filename
query = "UPDATE tbl_product SET image_url=%s WHERE id=%s;"
with db as cursor:
data = (produrl, id)
cursor.execute(query, data)
db.commit()
return render_template("cms.html",
editname="Add Product",
cat_info=cat_info,
ins="success")
def add_product():
perimeter_check("CMSPRODUCT")
prodname = request.form['prodname']
prodprice = request.form['prodprice']
proddesc = request.form['proddesc']
prodcat = request.form['prodcat']
prodstock = request.form['prodstock']
prodfile = request.files['prodfile']
produrl = ""
existing_products = read_products()
cat_info = read_categories()
if prodname in existing_products:
return render_template("cms.html",
editname="Add Product",
cat_info=cat_info,
ins="error")
db = getattr(g, 'db', None)
query = "INSERT INTO tbl_product (name, description,price, cat_id) VALUES (%s, %s, %s, (SELECT id from tbl_category WHERE name=%s));"
with db as cursor:
data = (prodname, proddesc, prodprice, prodcat)
cursor.execute(query, data)
db.commit()
query = "INSERT INTO tbl_stock (product_id, amount) VALUES ((SELECT id FROM tbl_product WHERE name = %s), %s);"
with db as cursor:
data = (prodname, prodstock)
cursor.execute(query, data)
db.commit()
query = "SELECT id FROM tbl_product WHERE name = %s;"
id = None
with db as cursor:
data = (prodname, )
cursor.execute(query, data)
db.commit()
id = cursor.fetchone()[0]
#attempt fileupload
if id:
filename = str(id) + "_" + secure_filename(prodfile.filename)
add_file(prodfile, filename)
produrl = filename
query = "UPDATE tbl_product SET image_url=%s WHERE id=%s;"
with db as cursor:
data = (produrl, id)
cursor.execute(query, data)
db.commit()
return render_template("cms.html",
editname="Add Product",
cat_info=cat_info,
ins="success")
def edit_specific_product(oldname):
perimeter_check("CMSPRODUCT")
prodname = request.form['prodname']
prodprice = request.form['prodprice']
proddesc = request.form['proddesc']
prodcat = request.form['prodcat']
prodstock = request.form['prodstock']
prodfile = request.files['prodfile']
produrl = ""
existing_products = read_products()
cat_info = read_categories()
db = getattr(g, 'db', None)
query = "UPDATE tbl_product SET name=%s, description=%s, price=%s, cat_id=(SELECT id FROM " \
"tbl_category WHERE tbl_category.name=%s) WHERE name=%s;"
with db as cursor:
data = (prodname, proddesc, prodprice,prodcat, oldname)
cursor.execute(query, data)
db.commit()
query = "UPDATE tbl_stock SET amount=%s WHERE product_id=(SELECT id FROM tbl_product WHERE name=%s);"
with db as cursor:
data = (prodstock,prodname)
cursor.execute(query, data)
db.commit()
query = "SELECT id, image_url FROM tbl_product WHERE name = %s;"
id = None
old_url = ""
with db as cursor:
data = (prodname,)
cursor.execute(query, data)
db.commit()
temp = cursor.fetchone()
id = temp[0]
old_url = temp[1]
#attempt fileupload
if id:
filename = str(id) + "_" + secure_filename(prodfile.filename)
if prodfile:
add_file(prodfile, filename)
remove_file(old_url)
produrl = filename
query = "UPDATE tbl_product SET image_url=%s WHERE id=%s;"
with db as cursor:
data = (produrl, id)
cursor.execute(query, data)
db.commit()
return render_template("cms.html", editname = "Add Product", cat_info=cat_info, ins = "success")
def update_status(orderid):
perimeter_check("CMSCATEGORY")
status = request.form['status']
db = getattr(g, 'db', None)
query = "update tbl_order set tbl_order.order_status = %s where tbl_order.id = %s;"
with db as cursor:
cursor.execute(query, (status,orderid))
db.commit()
return show_order(orderid)
def update_status(orderid):
perimeter_check("CMSCATEGORY")
status = request.form['status']
db = getattr(g, 'db', None)
query = "update tbl_order set tbl_order.order_status = %s where tbl_order.id = %s;"
with db as cursor:
cursor.execute(query, (status, orderid))
db.commit()
return show_order(orderid)
def show_order(orderid):
order_detail = read_order_detail(orderid)
product_rows = read_product_rows(orderid)
user_details = read_user_details(orderid)
order_status = read_order_status()
perimeter_check("CMSCATEGORY")
return render_template("cms.html",
editname="Browse Orders",
order_detail=order_detail,
product_rows=product_rows,
user_details=user_details,
order_status=order_status)
def add_product():
perimeter_check("CMSPRODUCT")
prodname = request.form['prodname']
prodprice = request.form['prodprice']
proddesc = request.form['proddesc']
prodcat = request.form['prodcat']
prodstock = request.form['prodstock']
prodfile = request.files['prodfile']
produrl = ""
existing_products = read_products()
cat_info = read_categories()
if prodname in existing_products:
return render_template("cms.html", editname = "Add Product", cat_info=cat_info, ins = "error")
db = getattr(g, 'db', None)
query = "INSERT INTO tbl_product (name, description,price, cat_id) VALUES (%s, %s, %s, (SELECT id from tbl_category WHERE name=%s));"
with db as cursor:
data = (prodname, proddesc, prodprice, prodcat)
cursor.execute(query, data)
db.commit()
query = "INSERT INTO tbl_stock (product_id, amount) VALUES ((SELECT id FROM tbl_product WHERE name = %s), %s);"
with db as cursor:
data = (prodname, prodstock)
cursor.execute(query, data)
db.commit()
query = "SELECT id FROM tbl_product WHERE name = %s;"
id = None
with db as cursor:
data = (prodname,)
cursor.execute(query, data)
db.commit()
id = cursor.fetchone()[0]
#attempt fileupload
if id:
filename = str(id) + "_" + secure_filename(prodfile.filename)
add_file(prodfile, filename)
produrl = filename
query = "UPDATE tbl_product SET image_url=%s WHERE id=%s;"
with db as cursor:
data = (produrl, id)
cursor.execute(query, data)
db.commit()
return render_template("cms.html", editname = "Add Product", cat_info=cat_info, ins = "success")
def update_status_2():
perimeter_check("CMSCATEGORY")
orderid = request.form['orderid']
status = request.form['status']
db = getattr(g, 'db', None)
query = "update tbl_order set tbl_order.order_status = %s where tbl_order.id = %s;"
with db as cursor:
cursor.execute(query, (status,orderid))
db.commit()
order_row = read_orders()
order_status = read_order_status()
return render_template("cms.html", editname="Browse Orders", order_row=order_row, order_status=order_status)
def edit_products():
perimeter_check("CMSPRODUCT")
alt = request.form['edit']
if alt == "edit_prod":
oldname = request.form['old_name']
edit_specific_product(oldname)
info = read_stock()
others = read_not_stock()
return render_template("cms.html",
editname="Edit Products",
info=info,
others=others,
ins="success")
unchecked = read_products()
checked = []
for p in unchecked:
try:
temp = request.form["check_" + p]
checked.append(temp)
except Exception:
pass
for p in checked:
if p in unchecked:
unchecked.remove(p)
if alt == "set_unavaliable":
for p in unchecked:
remove_from_stock(p)
for p in checked:
stock_value = request.form["stock_" + p]
add_to_stock(p, stock_value)
elif alt == "set_avaliable":
for p in checked:
stock_value = request.form["stock_" + p]
add_to_stock(p, stock_value)
info = read_stock()
others = read_not_stock()
return render_template("cms.html",
editname="Edit Products",
info=info,
others=others,
ins="success")
def remove_product():
perimeter_check("CMSPRODUCT")
prods = read_products()
to_remove = []
for p in prods:
try:
temp = request.form[p]
to_remove.append(temp)
except Exception:
pass
for p in to_remove:
product_remover(p)
info = read_products_and_categories()
return render_template("cms.html", editname = "Remove Product", info=info, ins = "success")
def add_category():
perimeter_check("CMSCATEGORY")
catname = request.form['catname']
categories = read_categories()
if catname in categories:
cat_info = read_categories()
return render_template("cms.html", editname="Add Category", ins="error")
db = getattr(g, 'db', None)
query = "insert into tbl_category (name) VALUES (%s);"
with db as cursor:
cursor.execute(query, (catname,))
db.commit()
cat_info = read_categories()
return render_template("cms.html", editname="Add Category", ins="success")
def update_status_2():
perimeter_check("CMSCATEGORY")
orderid = request.form['orderid']
status = request.form['status']
db = getattr(g, 'db', None)
query = "update tbl_order set tbl_order.order_status = %s where tbl_order.id = %s;"
with db as cursor:
cursor.execute(query, (status, orderid))
db.commit()
order_row = read_orders()
order_status = read_order_status()
return render_template("cms.html",
editname="Browse Orders",
order_row=order_row,
order_status=order_status)
def remove_product():
perimeter_check("CMSPRODUCT")
prods = read_products()
to_remove = []
for p in prods:
try:
temp = request.form[p]
to_remove.append(temp)
except Exception:
pass
for p in to_remove:
product_remover(p)
info = read_products_and_categories()
return render_template("cms.html",
editname="Remove Product",
info=info,
ins="success")
def add_category():
perimeter_check("CMSCATEGORY")
catname = request.form['catname']
categories = read_categories()
if catname in categories:
cat_info = read_categories()
return render_template("cms.html",
editname="Add Category",
ins="error")
db = getattr(g, 'db', None)
query = "insert into tbl_category (name) VALUES (%s);"
with db as cursor:
cursor.execute(query, (catname, ))
db.commit()
cat_info = read_categories()
return render_template("cms.html", editname="Add Category", ins="success")
def edit_categories():
perimeter_check("CMSCATEGORY")
newname = request.form['rename_cat']
oldname = request.form['old_name']
cat_info = read_categories()
if newname in cat_info:
return render_template("cms.html", editname="Edit Categories", cat_info = cat_info, ins="error")
db = getattr(g, 'db', None)
query = "UPDATE tbl_category SET name=%s WHERE name=%s;"
with db as cursor:
cursor.execute(query, (newname, oldname))
db.commit()
cat_info = read_categories()
return render_template("cms.html", editname="Edit Categories", cat_info = cat_info, ins="success")
def edit_products():
perimeter_check("CMSPRODUCT")
alt = request.form['edit']
if alt == "edit_prod":
oldname = request.form['old_name']
edit_specific_product(oldname)
info = read_stock()
others = read_not_stock()
return render_template("cms.html", editname="Edit Products", info=info, others=others, ins = "success")
unchecked = read_products()
checked = []
for p in unchecked:
try:
temp = request.form["check_" + p]
checked.append(temp)
except Exception:
pass
for p in checked:
if p in unchecked:
unchecked.remove(p)
if alt == "set_unavaliable":
for p in unchecked:
remove_from_stock(p)
for p in checked:
stock_value = request.form["stock_" + p]
add_to_stock(p, stock_value);
elif alt == "set_avaliable":
for p in checked:
stock_value = request.form["stock_" + p]
add_to_stock(p, stock_value);
info = read_stock()
others = read_not_stock()
return render_template("cms.html", editname="Edit Products", info=info, others=others, ins = "success")
def remove_category():
perimeter_check("CMSCATEGORY")
cats = read_categories()
to_remove = []
status = "error"
for c in cats:
try:
temp = request.form[c]
to_remove.append(temp)
except Exception:
pass
for c in to_remove:
if category_remover(c):
status = "success"
else:
status = "error"
cat_info = read_categories()
return render_template("cms.html", editname = "Remove Category", ins = status, cat_info=cat_info)
def show_cms():
perimeter_check("CMSINDEX")
return render_template("cms.html", editname="Content Management")
def show_cms_editor(editname):
perimeter_check("CMSINDEX")
if editname == "Browse Orders":
perimeter_check("CMSCATEGORY")
order_row = read_orders()
order_status = read_order_status()
return render_template("cms.html",
editname=editname,
order_row=order_row,
order_status=order_status)
elif editname == "Add Category":
perimeter_check("CMSCATEGORY")
return render_template("cms.html", editname=editname)
elif editname == "Add Product":
perimeter_check("CMSPRODUCT")
cat_info = read_categories()
return render_template("cms.html",
editname=editname,
cat_info=cat_info)
elif editname == "Edit Categories":
perimeter_check("CMSCATEGORY")
cat_info = read_categories()
return render_template("cms.html",
editname=editname,
cat_info=cat_info)
elif editname == "Edit Products":
perimeter_check("CMSSTOCK")
info = read_stock()
others = read_not_stock()
cat_info = read_categories()
return render_template("cms.html",
editname=editname,
info=info,
others=others,
cat_info=cat_info)
elif editname == "Remove Category":
perimeter_check("CMSCATEGORY")
cat_info = read_categories()
return render_template("cms.html",
editname=editname,
cat_info=cat_info)
elif editname == "Remove Product":
perimeter_check("CMSPRODUCT")
info = read_products_and_categories()
return render_template("cms.html", editname=editname, info=info)
else:
return render_template("cms.html", editname="Content Management")
def show_cms():
perimeter_check("CMSINDEX")
return render_template("cms.html", editname="Content Management")
def show_cms_editor(editname):
perimeter_check("CMSINDEX")
if editname == "Browse Orders":
perimeter_check("CMSCATEGORY")
order_row = read_orders()
order_status = read_order_status()
return render_template("cms.html", editname=editname, order_row=order_row, order_status=order_status)
elif editname == "Add Category":
perimeter_check("CMSCATEGORY")
return render_template("cms.html", editname=editname)
elif editname == "Add Product":
perimeter_check("CMSPRODUCT")
cat_info = read_categories()
return render_template("cms.html", editname=editname, cat_info = cat_info)
elif editname == "Edit Categories":
perimeter_check("CMSCATEGORY")
cat_info = read_categories()
return render_template("cms.html", editname=editname, cat_info = cat_info)
elif editname == "Edit Products":
perimeter_check("CMSSTOCK")
info = read_stock()
others = read_not_stock()
cat_info = read_categories()
return render_template("cms.html", editname=editname, info=info, others=others, cat_info=cat_info)
elif editname == "Remove Category":
perimeter_check("CMSCATEGORY")
cat_info = read_categories()
return render_template("cms.html", editname=editname, cat_info=cat_info)
elif editname == "Remove Product":
perimeter_check("CMSPRODUCT")
info = read_products_and_categories()
return render_template("cms.html", editname=editname, info=info)
else:
return render_template("cms.html", editname="Content Management")