def login():
"""Log user in"""
# clear session if any previous users
session.clear()
if request.method == "POST":
# Ensure username was submitted
if not request.form.get("username"):
return message("Please provide a username!")
# Ensure password was submitted
elif not request.form.get("password"):
return message("Please provide a password!")
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
username = request.form.get("username")
if username == " ":
return message("Please provide a valid username")
db.execute(
f"SELECT * FROM users WHERE username='******'")
rows = db.fetchall()
if not rows:
return message("User doesn't exist in the database!")
if len(rows) != 1 or not check_password_hash(rows[0][2], request.form.get("password")):
return message("Wrong username or password!")
# Remember which user has logged in
session["user_id"] = rows[0][0]
session["user_name"] = rows[0][1]
# Redirect to the homepage
return redirect("/")
else:
return render_template("login.html")
def cart():
if request.method == "GET":
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
myQuery = f"SELECT * FROM paintings WHERE id IN (SELECT painting_id FROM cart WHERE user_id= {session['user_id']})"
db.execute(myQuery)
rows = db.fetchall()
if not rows:
return render_template("cart.html", empty=True)
total = 0
for row in rows:
total = total + row[3]
return render_template("cart.html", rows=rows, total=total)
else:
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
db.execute(f"SELECT * FROM users WHERE id = {session['user_id']}")
rows = db.fetchall()
cash = rows[0][6]
total = int(request.form.get("total"))
if not total:
return message("No value in total!")
elif total > cash:
return message("You don't have enough funds for the puchase!")
else:
db.execute(f"UPDATE users SET cash = {cash - total} WHERE id = {session['user_id']}")
db.execute(
f"DELETE FROM paintings WHERE id IN (SELECT painting_id FROM cart WHERE user_id = {session['user_id']})")
db.execute(
f"DELETE FROM cart WHERE user_id = {session['user_id']}")
con.commit()
return redirect("/bought")
def addToCart():
if request.method == "POST":
paintingId = int(request.form.get("id"))
if not paintingId:
return message("No Painting Id")
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
db.execute(f"SELECT * FROM cart WHERE user_id = {session['user_id']}")
rows = db.fetchall()
for row in rows:
if paintingId == row[2]:
return message("Item already in cart!")
else:
db.execute(
"INSERT INTO cart (user_id, painting_id) VALUES(?,?)", (session["user_id"], paintingId))
con.commit()
return redirect("/buy")
else:
return redirect("/buy")
def changeUsername():
if request.method == "POST":
username = request.form.get("newUsername")
if username == " ":
return message("Please provide a username!")
# Establish a connection with database and update username
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
db.execute(f"SELECT * FROM users WHERE username = '******'")
rows = db.fetchall()
if len(rows) > 0:
return message("Username already exists")
db.execute(
f"UPDATE users SET username = '******' WHERE id = {session['user_id']}")
db.execute(f"UPDATE paintings SET seller = '{username}' WHERE seller = '{session['user_name']}'")
con.commit()
session['user_name'] = username
return redirect("/login")
else:
return redirect("/dashboard")
def removeFromCart():
if request.method == "POST":
paintingId = int(request.form.get("target"))
if not paintingId:
return message("Painting Id not found in cart!")
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
db.execute(f"DELETE FROM cart WHERE user_id = {session['user_id']} AND painting_id = {paintingId}")
con.commit()
return redirect("/cart")
else:
return redirect("/cart")
def sell():
if request.method == "GET":
return render_template("sell.html")
else:
if request.files:
image = request.files["artImage"]
if image.filename == "":
return message("Not a valid filename")
if allowed_image(image.filename):
now = datetime.now()
formattedDate = now.strftime('%Y-%m-%d %H:%M:%S')
filename = secure_filename(image.filename)
# To make the filename unique
extension = splitext(filename)[1]
filename = splitext(filename)[0]
filename = filename + re.sub('[^a-zA-Z0-9_]+', "", formattedDate) + extension
address = join(app.config["UPLOAD_FOLDER"], filename)
image.save(address)
title = request.form.get("title")
artist = request.form.get("artist")
price = int(request.form.get("price"))
if not title or not price or not artist:
return message("All the info was not provided")
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
db.execute(
"INSERT INTO paintings (title, artist, price, seller, imageAddress, additiondate) VALUES(?,?,?,?,?,?)", (title, artist, price, session["user_name"], address, formattedDate))
db.execute(f"SELECT * FROM users WHERE id={session['user_id']}")
rows = db.fetchall()
if not rows:
return message("Error in retrieving data from the database!")
cash = rows[0][6]
db.execute(f"UPDATE users SET cash={cash + price} where id={session['user_id']}")
con.commit()
return redirect(url_for('sold'))
else:
return message("That file extension is not allowed")
else:
return message("Upload unsuccessful!")
def register():
"""Register a new user"""
session.clear()
if request.method == "GET":
return render_template("register.html")
else:
if request.form.get("username") == " ":
return message("Please provide a name!")
elif request.form.get("password") == " " or request.form.get("secPassword") == " ":
return message("Please provide a valid password!")
elif request.form.get("country") == " ":
return message("Please provide a valid country name!")
elif request.form.get("firstName") == " " or request.form.get("lastName") == " ":
return message("Please prove valid first and last names!")
else:
username = request.form.get("username")
password = request.form.get("password")
secPass = request.form.get("secPassword")
firstName = request.form.get("firstName")
lastName = request.form.get("lastName")
country = request.form.get("country")
if password != secPass:
return message("Passwords don't match!")
else:
hashed = generate_password_hash(
password, method='pbkdf2:sha256', salt_length=8)
# Establish a connection with database and add data
with sqlite3.connect("gallery.db") as con:
db = con.cursor()
db.execute(f"SELECT * FROM users WHERE username='******'")
rows = db.fetchall()
if not rows:
db.execute("INSERT INTO users (username, hashvalue, firstname, lastname, country) VALUES(?,?,?,?,?)", (
username, hashed, firstName, lastName, country))
con.commit()
else:
return message("This username already exists. Please try another one!")
session.clear()
db.execute(f"SELECT * FROM users WHERE username='******'")
rows = db.fetchall()
if not rows:
return redirect("/login")
session["user_id"] = rows[0][0]
session["user_name"] = rows[0][1]
return redirect("/")
def errorhandler(e):
"""Handle error"""
if not isinstance(e, HTTPException):
e = InternalServerError()
return message("Internal Server Error!")