def make_order(): if email := session.get('logged_in'): email = email['email'] fields = { f"{key.removeprefix('prod_number_')}": value for key, value in request.form.items() } if not fields: abort(404) description = '\n'.join( [f"{key} = {value}" for key, value in fields.items()]) query = f""" INSERT INTO orders (user_email, description, summary, status) VALUES ('{str(email)}', '{description}', 0, 0) """ db_cursor = get_db().cursor() db_cursor.execute(query) get_db().commit() for key, value in fields.items(): query = f""" UPDATE products SET quantity = quantity - {value} WHERE id == {key} """ db_cursor.execute(query) get_db().commit() session.clear() session['logged_in'] = {'email': email} return redirect(url_for('main_app'))
def order(id_, email): if session.get('admin'): if request.method == "GET": query = f""" SELECT name, surname, city, mail_index, email, phone FROM users WHERE email == '{email}' """ db_cursor = get_db().cursor() db_cursor.execute(query) user = db_cursor.fetchone() query = f""" SELECT description, status FROM orders WHERE id == {id_} """ db_cursor = get_db().cursor() db_cursor.execute(query) order_ = db_cursor.fetchone() archiver_data = order_['description'].split('\n') archiver_data = { key: value for key, value in (item.split(' = ') for item in archiver_data) } keys = archiver_data.keys() query = f""" SELECT id, category, name, price FROM products WHERE id in ({', '.join([item for item in keys])}) """ db_cursor.execute(query) products = db_cursor.fetchall() order_price = 0 for item in products: item['number'] = int(archiver_data[str(item['id'])]) item['total'] = item['number'] * item['price'] order_price += item['total'] return render_template('order_template.html', user=user, products=products, order_price=order_price, status=order_['status'], id_=id_) elif request.method == "POST": status = request.form['status'] query = f""" UPDATE orders SET status={status} WHERE id == {id_} """ db_cursor = get_db().cursor() db_cursor.execute(query) get_db().commit() return redirect(url_for('admin.order', id_=id_, email=email))
def view_order(id_): if session.get('logged_in'): query = f""" SELECT description, status FROM orders WHERE id == {id_} """ db_cursor = get_db().cursor() db_cursor.execute(query) order_ = db_cursor.fetchone() archiver_data = order_['description'].split('\n') archiver_data = { key: value for key, value in (item.split(' = ') for item in archiver_data) } keys = archiver_data.keys() query = f""" SELECT id, category, name, price FROM products WHERE id in ({', '.join([item for item in keys])}) """ db_cursor.execute(query) products = db_cursor.fetchall() order_price = 0 for item in products: item['number'] = int(archiver_data[str(item['id'])]) item['total'] = item['number'] * item['price'] order_price += item['total'] return render_template('user_order_template.html', products=products, order_price=order_price)
def user(email): if request.method == "GET": if session.get('logged_in'): if session['logged_in']['email'] == email: query = f""" SELECT email, phone, name, surname, city, mail_index FROM users WHERE email == '{email}' """ db_cursor = get_db().cursor() db_cursor.execute(query) person = db_cursor.fetchone() query = f""" SELECT id, status FROM orders WHERE user_email == '{email}' """ db_cursor.execute(query) orders = db_cursor.fetchall() return render_template('user_template.html', person=person, orders=orders) else: abort(404) elif request.method == "POST": return render_template(url_for('news'))
def basket(): if request.method == "GET": selected = dict(session.items()) selected.pop('logged_in', True) selected.pop('admin', True) ids = selected.keys() query = f""" SELECT * FROM products WHERE id in ({', '.join([item for item in ids])}) """ db_cursor = get_db().cursor() db_cursor.execute(query) products = db_cursor.fetchall() for product_ in products: product_[ 'image'] = f"{product_['category']}/{product_.get('image', '')}" product_['number'] = selected[f'{product_["id"]}'] return render_template("basket.html", products=products, len=len(products)) elif request.method == "POST": fields = request.form.to_dict() value = list(fields.values())[0] session.pop(value, None) return redirect(url_for('basket'))
def add_product(): if session.get('admin'): if request.method == "GET": return render_template('add_product.html') elif request.method == "POST": if fields := request.form.to_dict(): query = f""" INSERT INTO products (image, category, name, price, quantity, country, description) VALUES ( '{fields['image']}', '{fields['category']}', '{fields['name']}', {fields['price']}, {fields['quantity']}, '{fields['country']}', '{fields['description']}' ) """ db_cursor = get_db().cursor() db_cursor.execute(query) get_db().commit() return redirect(url_for('admin.all_products')) else: return redirect(url_for('admin.add_product'))
def news(): query = """ SELECT title, image, date, description FROM news """ db_cursor = get_db().cursor() db_cursor.execute(query) posts = db_cursor.fetchall() return render_template('news.html', posts=posts)
def delete_user(): if email := session.get('logged_in'): if request.method == "GET": return render_template('delete_pop_up.html') elif request.method == "POST": query = f""" DELETE FROM users WHERE email == '{email['email']}' """ db_cursor = get_db().cursor() db_cursor.execute(query) get_db().commit() query = f""" DELETE FROM orders WHERE user_email == '{email['email']}' """ db_cursor.execute(query) get_db().commit() session.pop('logged_in') return "Ok", 200
def contact(): if request.method == "GET": return render_template("contacts.html") if request.method == "POST": if not (request.form.get('name') and request.form.get('phone') and request.form.get('email') and request.form.get('message') and request.form.get('answer')): flash("Введены не все данные! Сообщение не отправлено!") elif request.form.get('answer').strip() != "54": flash("Проблемы с математикой! Сообщение не отправлено!") else: query = f""" INSERT INTO letters (user_name, user_phone, user_email, description, status) VALUES ('{request.form.get('name')}', '{request.form.get('phone')}', '{request.form.get('email')}', '{request.form.get('message')}', 0) """ db_cursor = get_db().cursor() db_cursor.execute(query) get_db().commit() flash( "Сообщение успешно отправленно. Наш оператор ответит вам как сможет!" ) return redirect(url_for('contact'))
def all_products(): if session.get('admin'): if request.method == "GET": query = """ SELECT * FROM products """ db_cursor = get_db().cursor() db_cursor.execute(query) if not (products := db_cursor.fetchall()): products = [] return render_template('all_products.html', products=products) elif request.method == "POST": fields = request.form.to_dict() db_cursor = get_db().cursor() for key, value in fields.items(): query = f""" UPDATE products SET quantity = {value} WHERE id == {int(key)} """ db_cursor.execute(query) get_db().commit() return redirect(url_for('admin.all_products'))
def authorization(): if request.method == 'GET': return redirect(url_for('registration')) elif request.method == 'POST': fields = request.form.to_dict() query = f""" SELECT email FROM users WHERE email = '{fields.get('email')}' and password == '{fields.get('password')}' """ db_cursor = get_db().cursor() db_cursor.execute(query) if result := db_cursor.fetchone(): session['logged_in'] = {'email': result['email']} return redirect(url_for('user', email=result['email'])) else: flash("Неверные данные!")
def admin_login(): if request.method == "GET": if session.get('admin'): return redirect(url_for('admin.main_admin')) return render_template('login.html') elif request.method == "POST": if fields := request.form.to_dict(): query = f""" SELECT * FROM admins WHERE admin_email = '{fields['email']}' and password = '******'password']}' """ db_cursor = get_db().cursor() db_cursor.execute(query) if db_cursor.fetchone(): session['admin'] = True return redirect(url_for('admin.main_admin')) else: return redirect(url_for('admin.admin_login')) else: return redirect(url_for('admin.admin_login'))
def catalog(product_type): query = f""" SELECT weight, name FROM filters WHERE product == '{product_type}' AND category == 'kind' """ db_cursor = get_db().cursor() db_cursor.execute(query) kinds = db_cursor.fetchall() query = f""" SELECT weight, name FROM filters WHERE product == '{product_type}' AND category == 'country' """ db_cursor.execute(query) countries = db_cursor.fetchall() url_catalog = f'/catalog-{product_type}' if request.method == "GET": query = f""" SELECT id, image, name, price FROM products WHERE category== '{product_type}' """ db_cursor.execute(query) products = db_cursor.fetchall() for item in products: item['image'] = f"{product_type}/{item.get('image', '')}" return render_template("catalog_template.html", kinds=kinds, countries=countries, products=products, url_catalog=url_catalog) elif request.method == "POST": fields = request.form.to_dict() if not (lower_price := fields.get('lower_price')): lower_price = 0 if not (upper_price := fields.get('upper_price')): upper_price = 99999
def product(id_): if request.method == "GET": query = f""" SELECT id, image, category ,name, price, quantity, country, description FROM products WHERE id == '{id_}' """ db_cursor = get_db().cursor() db_cursor.execute(query) product_ = db_cursor.fetchone() product_[ 'image'] = f"{product_['category']}/{product_.get('image', '')}" return render_template("product_template.html", product=product_) elif request.method == "POST": if session.get(f"{id_}"): session[f"{id_}"] += int(request.form.get('prod_number')) if int(request.form.get(f"{id_}")) <= session[f"{id_}"]: session[f"{id_}"] = int(request.form.get(f"{id_}")) else: session[f"{id_}"] = int(request.form.get('prod_number')) return redirect(url_for('product', id_=id_))
def main_admin(): if request.method == "GET": if session.get('admin'): query = """ SELECT id, user_email, status FROM orders """ db_cursor = get_db().cursor() db_cursor.execute(query) orders = db_cursor.fetchall() query = """ SELECT user_email, description FROM letters """ db_cursor.execute(query) letters = db_cursor.fetchall() return render_template('main_admin.html', orders=orders, letters=letters) else: abort(404) elif request.method == "POST": pass
elif not (email := fields.get('email')) or not Validate.email(email): flash("Неверно введена электронная почта!") elif not (password := fields.get('password')) or not Validate.password(password): flash( "Слабый пароль! Пароль должен содержать минимум 8 символов, из них: 1 заглавная буква, 1 строчная буква, 1 цифра" ) elif password != fields.get('confirmed', ""): flash("Неверное подтверждение пароля!") else: query = f""" SELECT email FROM users WHERE email == '{email}' """ db_cursor = get_db().cursor() db_cursor.execute(query) if db_cursor.fetchone(): flash(f"Пользователь с таким email={email} уже существует") else: query = f""" INSERT INTO users VALUES ('{email}', '{password}', '{phone}', '{name}', '{surname}', '{city}' , '{mail_index}') """ db_cursor.execute(query) get_db().commit() session['logged_in'] = {'email': email} return redirect(url_for('user', email=email)) return redirect(url_for('registration'))