def register():
if request.method == 'POST':
name = request.form['name']
username = request.form['username']
password = request.form['password']
isAdmin = request.form.get('isAdmin')
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
admin = 1 if isAdmin else 0
if error is None:
db.execute(
'INSERT INTO user (name, username, password, admin) VALUES (?, ?, ?, ?)',
(name, username, generate_password_hash(password), admin))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def delete_item(cart_item_id):
print("HERE")
db = get_db()
print(cart_item_id)
db.execute('DELETE FROM cart WHERE cart_id = ?', [cart_item_id])
db.commit()
return redirect(url_for('cart.checkout'))
def add_cart(item_id):
db = get_db()
db.execute('INSERT INTO cart (user_id, item_id)'
' VALUES (?, ?)', (g.user['id'], item_id))
db.commit()
flash("Item successfully added to cart", 'success')
return redirect(url_for('store.index'))
def index():
if not g.user:
return redirect(url_for('auth.login'))
db = get_db()
items = db.execute(
'SELECT i.id, i.item_name, i.item_description, i.item_image, i.price'
' FROM item i').fetchall()
return render_template('store/index.html', items=items)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def checkout():
db = get_db()
cart_items = db.execute(
'SELECT cart_id, i.item_name, i.price, i.item_image FROM cart c'
' INNER JOIN item i ON c.item_id = i.id'
' WHERE c.user_id = ?', [g.user['id']]).fetchall()
total_price = 0
for item in cart_items:
total_price = total_price + item['price']
return render_template('cart/checkout.html',
cart_items=cart_items,
total_price=total_price)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def create():
if request.method == 'POST':
item_name = request.form["name"]
item_description = request.form["description"]
item_image = request.files["image"]
price = request.form["price"]
if item_image:
secure_filename(item_image.filename)
item_image.save(os.path.join(UPLOAD_FOLDER, item_image.filename))
if not item_name:
error = 'Title is required.'
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO item (item_name, item_description, item_image, price)'
' VALUES (?, ?, ?, ?)',
(item_name, item_description, item_image.filename, price))
db.commit()
flash(item_name + ' was added to the store', 'success')
return render_template('store/create.html')
def delete(item_id):
db = get_db()
db.execute('DELETE FROM item WHERE id = ?', [item_id])
db.commit()
return redirect(url_for('store.index'))