def add_cart(id): user_id = session.get('user_id') db = get_db() verifexistitem = get_db().execute( 'SELECT c.product_id' ' FROM cart c JOIN user u ON c.author_id = u.id' ' WHERE u.id = ?', (user_id, )).fetchone() if verifexistitem is not None: # On fait une boucle pour vérifier si le produit a déjà été ajouté au panier for itemid in verifexistitem: while itemid == id: flash('Cet article est déjà dans votre panier.', 'danger') return redirect(url_for('cart.cart')) else: db.execute( 'INSERT INTO cart (product_id, author_id)' ' VALUES (?, ?)', (id, g.user['id'])) db.commit() flash('Article ajouté dans votre panier !', 'success') return redirect(url_for('cart.cart')) else: db.execute('INSERT INTO cart (product_id, author_id)' ' VALUES (?, ?)', (id, g.user['id'])) db.commit() flash('Article ajouté dans votre panier !', 'success') return redirect(url_for('cart.cart'))
def load_logged_in_user(): user_id = session.get('user_id') user_admin = session.get('user_admin') if user_admin == 0: g.admin = 0 else: g.admin = get_db().execute('SELECT * FROM user WHERE isAdmin = ?', (user_admin, )).fetchone() if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone()
def update(id): user = get_user(id) cats = all_category() if request.method == 'POST': username = request.form['username'] admin = request.form['admin'] error = None if not username: error = 'Login obligatoire.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE user SET username = ?, isAdmin = ?' ' WHERE id = ?', (username, admin, id)) db.commit() flash('Modification réussie !', 'success') return redirect(url_for('admin.all')) return render_template('administration/update-user.html', cats=cats, user=user)
def delete(id): get_product(id) db = get_db() db.execute('DELETE FROM product WHERE id = ?', (id, )) db.commit() flash('Livre supprimé !', 'success') return redirect(url_for('product.inventory'))
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] admin = 0 db = get_db() error = None # On ajoute des vérifications avec contraintes de mot de passe if not username: error = 'Veuillez renseigner un login.' elif not password: error = 'Veuillez renseigner un mot de passe.' elif len(password) < 6: error = 'Mot de passe trop court.' elif re.search('[0-9]', password) is None: error = 'Votre mot de passe doit contenir au moins un chiffre.' elif re.search('[A-Z]', password) is None: error = 'Votre mot de passe doit contenir au moins une lettre majuscule.' elif db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = 'User {} is already registered.'.format(username) if error is None: db.execute( 'INSERT INTO user (username, password, isAdmin) VALUES (?, ?, ?)', (username, generate_password_hash(password), admin)) db.commit() flash('Compté créé ! Vous pouvez vous connecter.', 'success') return redirect(url_for('auth.login')) flash(error, 'danger') return render_template('auth/register.html')
def detail(id): db = get_db() details = db.execute( 'SELECT *' ' FROM product JOIN category ON product.category_id = category.id' ' WHERE category_id = ?', (id, )).fetchall() return render_template('category/detail.html', details=details, title=id)
def update(id): product = get_product(id) state_list = [ 'Neuf', 'Très bon état', 'Bon état', 'Etat correct', 'Mauvais état' ] if request.method == 'POST': name = request.form['name'] description = request.form['description'] price = request.form['price'] state = request.form['state'] error = None if not name: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE product SET name = ?, description = ?, price = ?, state = ?' ' WHERE id = ?', (name, description, price, state, id)) db.commit() flash('Modification réussie !', 'success') return redirect(url_for('product.inventory')) return render_template('product/update.html', product=product, state_list=state_list)
def index(): db = get_db() products = db.execute( 'SELECT p.id, name, description, price, state, image, created, author_id, username' ' FROM product p JOIN user u ON p.author_id = u.id' ' ORDER BY created DESC').fetchall() return render_template('product/home.html', products=products)
def delete(id): get_cat(id) db = get_db() db.execute('DELETE FROM category WHERE id = ?', (id, )) db.commit() flash('Catégorie supprimée !', 'success') return redirect(url_for('category.index'))
def query_from_db(isbn): db = get_db() book = db.execute( 'select name,cover,original_name,author,press,translator,publication_time,pricing,isbn,intro,score from book where isbn=?', (isbn, )).fetchone() return book
def detail(id): db = get_db() details = db.execute( 'SELECT p.id, name, description, price, state, image, created, author_id, username' ' FROM product p JOIN user u ON p.author_id = u.id' ' WHERE p.id = ?', (id, )).fetchall() return render_template('product/detail.html', details=details, title=id)
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] db = get_db() error = None if not username: error = 'Username is required.' elif not password: error = 'Password is required.' elif len(password) < 6: error = 'Password too short.' elif re.search('[0-9]', password) is None: error = 'Make sure your password has a number in it.' elif re.search('[A-Z]', password) is None: error = 'Make sure your password has a capital letter in it.' elif db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = 'User {} is already registered.'.format(username) if error is None: db.execute('INSERT INTO user (username, password) VALUES (?, ?)', (username, generate_password_hash(password))) db.commit() flash('Compté créé ! Vous pouvez vous connecter.', 'success') return redirect(url_for('auth.login')) flash(error, 'danger') return render_template('auth/register.html')
def all(): db = get_db() categories = db.execute( 'SELECT c.id, name, author_id' ' FROM category c JOIN user u ON c.author_id = u.id' ' ORDER BY name DESC').fetchall() return render_template('category/index.html', categories=categories)
def get_image(id): get_product(id) image = get_db().execute( 'SELECT image' ' FROM product' ' WHERE id = ?', (id,) ).fetchone() return image
def get_user(id): user = get_db().execute( 'SELECT id, username, isAdmin' ' FROM user' ' WHERE id = ?', (id, )).fetchone() if user is None: abort(404, "Le user id {0} n'existe pas.".format(id)) return user
def inventory(): user_id = session.get('user_id') db = get_db() products = db.execute( 'SELECT p.id, name, description, price, state, image, created, author_id, username' ' FROM product p JOIN user u ON p.author_id = u.id' ' WHERE author_id = ?' ' ORDER BY created DESC', (user_id, )).fetchall() return render_template('product/inventory.html', products=products)
def note_add(): if request.method == 'POST': db = get_db() createds = request.form['selected'].split(',') # 否则对整个字符串进行遍历 for item in createds: db.execute( 'DELETE FROM note where created = ?', (item,) ) db.commit() return jsonify([])
def category(): db = get_db() categories = db.execute('SELECT id, name' ' FROM category' ' ORDER BY id DESC').fetchall() cats = all_category() return render_template('administration/category.html', categories=categories, cats=cats)
def product(): db = get_db() products = db.execute('SELECT id, name, description, price, state' ' FROM product' ' ORDER BY id DESC').fetchall() cats = all_category() return render_template('administration/product.html', products=products, cats=cats)
def insert_to_db(data): db = get_db() db.execute( 'INSERT INTO book(name,cover,original_name,author,press,translator,publication_time,pricing,isbn,intro,score) VALUES (?,?,?,?,?,?,?,?,?,?,?)', (data.get('name', ''), data.get('cover', ''), data.get('original_name', ''), data.get( 'author', ''), data.get('press', ''), data.get('translator', ''), data.get('publication_time', ''), data.get('pricing', ''), data.get('isbn', ''), data.get('intro', ''), data.get('score', ''))) db.commit()
def delete(id): db = get_db() file = get_image(id) location = "book/static/uploads" db.execute('DELETE FROM product WHERE id = ?', (id,)) for filename in file: # On supprime l'image du produit dans le dossier uploads os.remove(os.path.join(location, filename)) db.commit() flash('Livre supprimé !', 'success') return redirect(url_for('product.inventory'))
def order(): db = get_db() orders = db.execute('SELECT c.id, c.created, p.name, p.price, u.username' ' FROM command c' ' JOIN user u ON c.author_id = u.id' ' JOIN product p ON c.product_id = p.id' ' ORDER BY p.name ASC').fetchall() cats = all_category() return render_template('administration/command.html', orders=orders, cats=cats)
def note_add_temp(): if request.method == 'POST': db = get_db() created = request.form['created'] title = request.form['title'] content = request.form['content'] # 前端已作验证 db.execute( 'INSERT INTO note (author_id, title, content, created)' ' VALUES (?, ?, ?, ?)', (0,title,content,created) ) db.commit() # 记得commit return jsonify([])
def get_cat(id, check_author=True): product = get_db().execute( 'SELECT c.id, name, author_id' ' FROM category c JOIN user u ON c.author_id = u.id' ' WHERE c.id = ?', (id, )).fetchone() if product is None: abort(404, "Product id {0} doesn't exist.".format(id)) if check_author and product['author_id'] != g.user['id']: abort(403) return product
def get_product(id, check_author=True): product = get_db().execute( 'SELECT p.id, name, description, price, state, created, author_id, username' ' FROM product p JOIN user u ON p.author_id = u.id' ' WHERE p.id = ?', (id, )).fetchone() if product is None: abort(404, "Le produit id {0} n'existe pas.".format(id)) if check_author and product['author_id'] != g.user['id']: abort(403) return product
def note_get_temp(): db = get_db() notes = db.execute( 'SELECT title, content, created' ' FROM note' # 换行后记得加开头的空格 ' ORDER BY created DESC' ).fetchall() notes = [{ 'title': note['title'], 'content': note['content'], 'created': note['created'] } for note in notes] return jsonify(notes)
def detail(id): db = get_db() details = db.execute( 'SELECT *' ' FROM product JOIN category ON product.category_id = category.id' ' WHERE category_id = ?', (id, )).fetchall() if not details: flash('Pas de livres trouvés pour cette catégorie.', 'danger') cats = all_category() return render_template('category/detail.html', details=details, title=id, cats=cats)
def get_product_cart(id, check_author=True): product = get_db().execute( 'SELECT p.id, author_id' ' FROM product p JOIN user u ON p.author_id = u.id' ' WHERE p.id = ?', (id,) ).fetchone() if product is None: abort(404, "Le produit id {0} n'existe pas.".format(id)) # On empêche un utilisateur de mettre au panier son propre produit if check_author and product['author_id'] == g.user['id']: abort(403) return product
def get_cat_user(): user_id = session.get('user_id') db = get_db() categories = db.execute( 'SELECT c.id, name, author_id' ' FROM category c JOIN user u ON c.author_id = u.id' ' WHERE author_id = ?' ' ORDER BY name ASC', (user_id, )).fetchall() cats = all_category() if not categories: flash('Vous n\'avez pas encore ajouté de catégorie.', 'danger') return render_template('category/index.html', categories=categories, cats=cats)
def search(): query = "%" + request.args['q'] + "%" db = get_db() # Pour afficher la liste des catégories dans le menu cats = all_category() searches = db.execute( 'SELECT *' ' FROM product p JOIN user u ON p.author_id = u.id' ' where name like ? OR description like ?', (query, query,) ).fetchall() # Si pas de résultats trouvés if not searches: flash('Pas de résultats trouvés pour ' + query.replace("%", ""), 'danger') return render_template('product/search.html', searches=searches, query=query.replace("%", ""), cats=cats)