Example #1
0
def edit_account():
    if not authorize():
        return redirect('/User/SignIn')

    form = EditAccountForm()
    row = get_user()

    if form.validate_on_submit() and row is not None:
        user, email, phone = form.username.data, form.email.data, form.phone.data
        with db.cursor() as cursor:
            cursor.execute(
                "UPDATE User "
                "SET UserName = %s, Email = %s, Phone = %s "
                "WHERE UserId = %s", (user, email, phone, row["UserId"]))
        db.commit()
        flash('Mise à jour du profile réussie')
        return redirect('/')

    if row is not None:
        form.username.data = row["UserName"]
        form.email.data = row["Email"]
        form.confirm_email.data = row["Email"]
        form.phone.data = row["Phone"]
        return View('edit_account.html', title='Profile', form=form)

    return View('edit_account.html', title='Profile', form=form)
Example #2
0
def logout():
    if not authorize():
        return redirect('/User/SignIn')

    if 'session_id' in session:
        with db.cursor() as cursor:
            cursor.execute("DELETE FROM Session WHERE SessionId = %s",
                           (session["session_id"], ))
        db.commit()
        del session['session_id']

    return redirect('/')
Example #3
0
def remove_product(id):
    user = get_user()
    with db.cursor() as cursor:
        cursor.execute("SELECT UserId FROM Product "
                       "WHERE ProductId = %s", (id,))
        product = cursor.fetchone()
        if product is not None:
            if user is not None and user["UserId"] == product["UserId"]:
                cursor.execute("DELETE FROM Product "
                               "WHERE ProductId = %s", (id,))
                db.commit()
                flash("L'annonce a bien été supprimée")

    return redirect('/')
Example #4
0
def add_product():
    if not authorize():
        return redirect('/User/SignIn')

    form = NewProductForm()

    with db.cursor() as cursor:
        cursor.execute("SELECT CategoryId, Type FROM Category")
        form.category.choices = [('--', '-- Veuillez sélectionner une catégorie --')] + [
            (str(row["CategoryId"]), row["Type"]) for row in cursor.fetchall()]

    if form.validate_on_submit():
        if form.category.data != '--':
            with db.cursor() as cursor:
                town = form.town.data
                cursor.execute("SELECT TownId FROM Town "
                               "WHERE TownName = %s", (town, ))
                row = cursor.fetchone()
                if row is None:
                    cursor.execute("INSERT INTO Town (TownName) VALUES (%s)", (town,))

                filename = ""
                if form.image.data is not None:
                    u = uuid4().hex
                    filename = "{}.{}".format(u, secure_filename(form.image.data.filename).split('.')[-1])
                    form.image.data.save(os.path.join(
                        app.static_folder, app.config["UPLOAD_FILE"], filename
                    ))
                    cursor.execute("INSERT INTO Image (FileName) "
                                   "VALUES (%s)", (filename,))


                user = get_user()
                cursor.execute("INSERT INTO Product (ProductName, Price, Description, Date, CategoryId, UserId, TownId, ImageId) "
                               "VALUES (%s, %s, %s, NOW(), %s, %s, "
                               "(SELECT TownId FROM Town WHERE TownName = %s), "
                               "(SELECT ImageId FROM Image WHERE FileName = %s))", (form.name.data,
                                                                                     form.price.data,
                                                                                     form.description.data,
                                                                                     form.category.data,
                                                                                     user["UserId"],
                                                                                     town,
                                                                                     filename))
                db.commit()
                return redirect('/')
        else:
            flash('Veuillez choisir une catégorie')

    return View('add_product.html', title='Nouveau produit', form=form)
Example #5
0
def register():
    form = RegisterForm()
    if form.validate_on_submit():
        email, user, pwd, phone = form.email.data, form.username.data, form.password.data, form.phone.data

        pw_hash = generate_password_hash(pwd)
        with db.cursor() as cursor:
            cursor.execute(
                "INSERT INTO User (UserName, PasswordHash, RegistrationDate, Email, Phone) "
                "VALUES (%s, %s, CURRENT_DATE(), %s, %s)",
                (user, pw_hash, email, phone))
        db.commit()
        flash('Inscription réussie, vous pouvez maintenant vous connecter')
        return redirect('/')

    return View('register.html', title='Inscription', form=form)
Example #6
0
def delete_account():
    if not authorize():
        return redirect('/User/SignIn')

    row = get_user()
    with db.cursor() as cursor:
        cursor.execute(
            "DELETE FROM User "
            "WHERE UserId = %s",
            (row["UserId"]),
        )
    db.commit()
    if 'session_id' in session:
        del session['session_id']

    return redirect('/')
Example #7
0
def login():
    form = LoginForm()
    if form.validate_on_submit():
        with db.cursor() as cursor:
            cursor.execute(
                "SELECT UserId, PasswordHash FROM User WHERE Email = %s",
                (form.email.data, ))
            row = cursor.fetchone()
            if row is not None and check_password_hash(row["PasswordHash"],
                                                       form.password.data):
                session_id = guid().hex
                cursor.execute(
                    "INSERT INTO Session (SessionId, UserId) VALUES (%s, %s)",
                    (session_id, row["UserId"]))
                db.commit()
                session["session_id"] = session_id
                return redirect('/')
            else:
                flash('Tentative de connection incorrecte')

    return View('login.html', title='Connexion', form=form)
Example #8
0
def change_password():
    if not authorize():
        return redirect('/User/SignIn')

    form = ChangePassword()
    row = get_user()

    if form.validate_on_submit():
        old_pwd, new_pwd = form.old_password.data, form.password.data
        if check_password_hash(row["PasswordHash"], old_pwd):
            with db.cursor() as cursor:
                cursor.execute(
                    "UPDATE User "
                    "SET PasswordHash = %s "
                    "WHERE UserId = %s",
                    (generate_password_hash(new_pwd), row["UserId"]))
            db.commit()
            flash('Mise à jour du mot de passe réussie')
            return redirect('/')
        flash('Mot de passe actuel incorrect')

    return View('change_password.html',
                title='Modifier son mot de passe',
                form=form)
Example #9
0
def edit_product(id):
    form = NewProductForm()
    user = get_user()

    with db.cursor() as cursor:
        cursor.execute("SELECT UserId, ProductName, Price, Description, TownName, Product.CategoryId, Type FROM Product "
                       "INNER JOIN Town ON Product.TownId = Town.TownId "
                       "INNER JOIN Category ON Product.CategoryId = Category.CategoryId "
                       "WHERE ProductId = %s", (id,))
        product = cursor.fetchone()
        if product is None:
            flash('Produit invalide')
            return redirect('/')

        if user is None:
            return redirect('/User/SignIn')
        elif user["UserId"] != product["UserId"]:
            return redirect('/')

        cursor.execute("SELECT CategoryId, Type FROM Category")
        form.category.choices = [(str(product["CategoryId"]), product["Type"])] + [
            (str(row["CategoryId"]), row["Type"]) for row in cursor.fetchall() if row["CategoryId"] != product["CategoryId"]]


    if form.validate_on_submit():
        town = form.town.data
        with db.cursor() as cursor:
            if product["TownName"] != town:
                cursor.execute("SELECT TownId FROM Town "
                               "WHERE TownName = %s", (town,))
                row = cursor.fetchone()
                if row is None:
                    cursor.execute("INSERT INTO Town (TownName) VALUES (%s)", (town,))

            cursor.execute("SELECT CategoryId FROM Category "
                           "WHERE CategoryId = %s", (form.category.data,))
            row = cursor.fetchone()
            if row is None:
                flash('Catégorie invalide')
                return redirect('/')

            if form.image.data is not None:
                u = uuid4().hex
                filename = "{}.{}".format(u, secure_filename(form.image.data.filename).split('.')[-1])
                form.image.data.save(os.path.join(
                    app.static_folder, app.config["UPLOAD_FILE"], filename
                ))
                cursor.execute("INSERT INTO Image (FileName) "
                               "VALUES (%s)", (filename,))

                cursor.execute("UPDATE PRODUCT "
                               "SET ProductName = %s, Price = %s, Description = %s, Date = NOW(), CategoryId = %s, "
                               "ImageId = (SELECT ImageId FROM Image WHERE FileName = %s), "
                               "TownId = (SELECT TownId FROM Town WHERE TownName = %s) "
                               "WHERE ProductId = %s", (form.name.data, form.price.data, form.description.data, form.category.data, filename, town, id))

            else:
                cursor.execute("UPDATE PRODUCT "
                               "SET ProductName = %s, Price = %s, Description = %s, Date = NOW(), CategoryId = %s, "
                               "TownId = (SELECT TownId FROM Town WHERE TownName = %s) "
                               "WHERE ProductId = %s", (form.name.data, form.price.data, form.description.data, form.category.data, town, id))
            db.commit()
            flash("L'annonce a bien été modifiée")
            return redirect('/')

    form.name.data = product["ProductName"]
    form.price.data = product["Price"]
    form.description.data = product["Description"]
    form.town.data = product["TownName"]
    form.category.data = product["Type"]

    return View('edit_product.html', title="Modifier l'annonce", form=form)