def get_order_tables():
'''generate table of orders'''
#internal libs
from database_connection import database_connect
returnme = ""
row_template = loadsubpage("orders_table_row.html")
myconnection, mycursor = database_connect()
get_orders = "select username,placed,items_ordered,orderno from valid_orders where fulfilled=0"
mycursor.execute(get_orders)
for username, placed, items_ordered, orderno in mycursor:
row = row_template
safeusername = escape(username.decode())
row = row.replace("%USERNAME%", safeusername)
row = row.replace("%PLACED%", placed.strftime("%H:%M"))
row = row.replace("%ORDERED_ITEMS%", parse_order(items_ordered))
addr = str(Address(username.decode())).replace("\n", "<br>")
row = row.replace("%ADDRESS%", addr)
row = row.replace("%ORDERNO%", str(orderno))
returnme = returnme + row
mycursor.close()
myconnection.close()
return returnme
def get_user_order_table(username):
'''generate a table of orders for a specific user'''
#internal libs
from database_connection import database_connect
returnme = ""
row_template = loadsubpage("user_orders_table_row.html")
myconnection, mycursor = database_connect()
get_orders = "select placed, items_ordered, total, orderno, fulfilled from orders where username=?"
mycursor.execute(get_orders, (username, ))
for placed, items_ordered, total, orderno, fulfilled in mycursor:
row = row_template
row = row.replace("%PLACED%", placed.strftime("%d/%B/%Y<br>%H:%M"))
row = row.replace("%ORDERED_ITEMS%", parse_order(items_ordered))
row = row.replace("%TOTAL%", "€%.2f" % total)
if not fulfilled:
row = row.replace("%CANCEL_BUTTON%", cancel_button(orderno))
else:
row = row.replace("%CANCEL_BUTTON%", "")
returnme = returnme + row
return returnme
def gen_payment_info_form(username,showdel=False):
myconnection,mycursor=database_connect()
getpayinfo="select cardnumber,expiremonth,expireyear,ccv from payinfo where (username = ?)"
mycursor.execute(getpayinfo,(username,))
try:
cardnumber,expiremonth,expireyear,ccv=mycursor.fetchone()
formstring=loadsubpage("payment-info-form.html")
formstring=formstring.replace("%CARDNUMBER%",cardnumber.decode())
formstring=formstring.replace("%EXPIREMONTH%",expiremonth.decode())
formstring=formstring.replace("%EXPIREYEAR%","%2d" % expireyear)
formstring=formstring.replace("%CCV%","%3d" % ccv)
if showdel:
delbutton=loadsubpage("delbutton.html")
delbutton=delbutton.replace("%FIELD%","payinfo")
formstring=formstring.replace("%DELBUTTON%",delbutton)
else:
formstring=formstring.replace("%DELBUTTON%","")
except TypeError:
formstring=loadsubpage("blank-payment-info-form.html")
mycursor.close()
myconnection.close()
return formstring
def get_books_rows(): '''return all the books rows and totals for day month and all time''' #internal libs from database_connection import database_connect #external libs import datetime myconnection,mycursor=database_connect() get_fulfilled_orders="select orderno,username,placed,total from valid_orders where fulfilled=1 order by placed desc" mycursor.execute(get_fulfilled_orders) cutoff_time = datetime.datetime.now().replace(hour=0,minute=0,second=0) day_row,day_total=get_twixt(mycursor, cutoff_time) cutoff_time = datetime.datetime.now() - datetime.timedelta(days=30) month_row,month_total=get_twixt(mycursor, cutoff_time) month_total=month_total+day_total cutoff_time=datetime.datetime(1,1,1) alltime_row,alltime_total=get_twixt(mycursor, cutoff_time) alltime_total=alltime_total+month_total return day_row,day_total,month_row,month_total,alltime_row,alltime_total
def gen_address_form(username,showdel=False):
formstring=loadsubpage("delivery-address-form.html")
myconnection,mycursor=database_connect()
getaddress="select line1,line2,town,eircode from address where (username = ?)"
mycursor.execute(getaddress,(username,))
try:
line1,line2,address,eircode=mycursor.fetchone()
formstring=formstring.replace("%LINE1%",line1.decode() )
formstring=formstring.replace("%LINE2%",line2.decode() )
formstring=formstring.replace("%TOWN%",address.decode() )
formstring=formstring.replace("%EIRCODE%",eircode.decode() )
if showdel:
delbutton=loadsubpage("delbutton.html")
delbutton=delbutton.replace("%FIELD%","address")
formstring=formstring.replace("%DELBUTTON%",delbutton)
else:
formstring=formstring.replace("%DELBUTTON%","")
except TypeError:
formstring=loadsubpage("blank-delivery-address-form.html")
mycursor.close()
myconnection.close()
return formstring
def __init__(self, user):
(myconnection, mycursor) = database_connect()
get_address = "select line1, line2, town, eircode from address where (username=?)"
mycursor.execute(get_address, (user, ))
line1, line2, town, eircode = mycursor.fetchone()
mycursor.close()
myconnection.close()
self.line1 = line1.decode()
self.line2 = line2.decode()
self.town = town.decode()
self.eircode = eircode.decode()
def __init__(self, user):
(myconnection, mycursor) = database_connect()
get_credit_card = "select cardnumber, expiremonth, expireyear, ccv from payinfo where (username=?)"
mycursor.execute(get_credit_card, (user, ))
cardnumber, expiremonth, expireyear, ccv = mycursor.fetchone()
mycursor.close()
myconnection.close()
self.cardnumber = cardnumber.decode()
self.expiremonth = expiremonth.decode()
self.expireyear = expireyear
self.ccv = ccv
def make_menu():
myconnection, mycursor = database_connect()
getfood = "select menunumber,name,description,price,picture from food"
mycursor.execute(getfood)
menu = []
for menunumber, name, description, price, picture in mycursor:
name = name.decode()
description = description.decode()
picture = picture.decode()
menu.append(Food(menunumber, name, description, price, picture))
mycursor.close()
myconnection.close()
return menu
def loadfood(menunumber):
#request data from database
myconnection, mycursor = database_connect()
getfood = "select menunumber,name,description,price,picture from food where(menunumber=?)"
mycursor.execute(getfood, (menunumber, ))
#put data in vars
menunumber, name, description, price, picture = mycursor.fetchone()
mycursor.close()
myconnection.close()
#decode the unicode objects
name = name.decode()
description = description.decode()
picture = picture.decode()
return Food(menunumber, name, description, price, picture)
def get_modlink_items():
'''list of foods with options to modify or delete them'''
modlink_items = loadsubpage("modlink_items.html")
myconnection, mycursor = database_connect()
get_items = "select name,menunumber from food"
mycursor.execute(get_items)
returnme = ""
for (name, menunumber) in mycursor:
line = modlink_items
line = line.replace("%NAME%", name.decode())
line = line.replace("%MENUNUMBER%", str(menunumber))
returnme = returnme + line
mycursor.close()
myconnection.close()
return returnme
def __init__(self, uid):
(myconnection, mycursor) = database_connect()
get_user_details = "select username from logged_in_users where(Login_UID=?)"
mycursor.execute(get_user_details, (uid, ))
try:
username, = mycursor.fetchone()
mycursor.close()
myconnection.close()
self.username = username.decode()
except TypeError: #if user actually not logged in, destroy their login cookie
#internal libs
from functions import load_cookies, sendto
#external libs
from os import environ
COOKIES = load_cookies()
COOKIES["Login_UID"]["expires"] = -1
print(COOKIES)
sendto(environ["HTTP_REFERER"], message="Error with login cookie")
quit()
def parse_order(items_ordered):
'''convert an order string to a human readable order'''
#internal libs
from database_connection import database_connect
items_ordered = items_ordered.decode().strip(":")
foodict = {}
getfoods = "select menunumber,name from food"
myconnection, mycursor = database_connect()
mycursor.execute(getfoods)
for menunumber, name in mycursor:
foodict[menunumber] = name.decode()
returnme = ""
for line in items_ordered.split(":"):
line = line.split("x")
line[0] = int(line[0])
returnme = returnme + foodict[line[0]] + "×" + line[1] + "<br>"
mycursor.close()
myconnection.close()
return returnme
def gen_item_table():
SESSION = session_start()
myconnection, mycursor = database_connect()
getitems = "select menunumber, name, price from food"
mycursor.execute(getitems)
checkout_table_row = loadsubpage("checkout_table_row.html")
returnme = loadsubpage("checkout_table_head.html") #first line of table
total = 0 #track basket total
for menunumber, name, price in mycursor:
menunumber = str(menunumber)
if "food" + menunumber in SESSION:
#calculate how many and how much
inbasket = SESSION["food" + menunumber]
batch_price = price * int(SESSION["food" + menunumber])
total = total + batch_price
#delimit table
row = checkout_table_row
row = row.replace("%MENUNUMBER%", menunumber)
row = row.replace("%NAME%", name.decode())
row = row.replace("%INBASKET%", inbasket)
row = row.replace("%BATCH_PRICE%", "€%.2f" % batch_price)
returnme = returnme + row
tail = loadsubpage("checkout_table_tail.html") #last line of table
tail = tail.replace("%TOTAL%", "€%.2f" % total) #apply total
returnme = returnme + tail
mycursor.close()
myconnection.close()
return returnme
#get cookies
COOKIES=load_cookies()
#ensure user is logged in
if COOKIES.get("Login_UID"):
user=User(COOKIES["Login_UID"].value)
#get post data
POST=cgi.FieldStorage()
oldpwd=POST["oldpwd"].value
newpwd1=POST["newpwd1"].value
newpwd2=POST["newpwd2"].value
#get old password from database
myconnection,mycursor=database_connect()
getoldpassword="******"
mycursor.execute(getoldpassword,(user.username,) )
(hashedword,)=mycursor.fetchone()
hashedword=hashedword.decode()
#check old password
if not verify_password(oldpwd,hashedword):
sendto(environ["HTTP_REFERER"],message="wrong original password")
quit()
#check passwords match
if newpwd1 != newpwd2:
sendto(environ["HTTP_REFERER"],message="passwords don't match")
quit()
