def change_card():
# Provide password
if not request.form.get("password"):
return apology("Provide a password", 403)
# Ensures password valid
rows = db.execute("SELECT hash FROM users WHERE id = :user_id",
user_id=session["user_id"])
if len(rows) != 1 or not check_password_hash(rows[0]["hash"],
request.form.get("password")):
return apology("Invalid password", 403)
# Ensures card number valid
card_number = request.form.get("card_number")
if verify(card_number) != True:
return apology("Invalid credit card number")
# Changes card on file
card_hash = generate_password_hash(card_number)
db.execute(
"UPDATE users SET cof = 1, card_hash = :card_hash WHERE id = :user_id",
card_hash=card_hash,
user_id=session["user_id"])
# Redirects with flash
flash("Card changed!")
return redirect("/")
def add_card():
# Ensures card number valid
card_number = request.form.get("card_number")
if verify(card_number) != True:
return apology("Invalid credit card number")
# Adds card to file
card_hash = generate_password_hash(card_number)
db.execute(
"UPDATE users SET cof = 1, card_hash = :card_hash WHERE id = :user_id",
card_hash=card_hash,
user_id=session["user_id"])
# Redirects with flash
flash("Card added!")
return redirect("/")