def emptycart(): db = get_db() goods = db.execute( 'SELECT cart.amount, goods.* FROM cart \ INNER JOIN goods ON goods.id = cart.goodid \ WHERE cart.userid = ? AND cart.ticketid IS NULL', (g.user['id'], )).fetchall() if goods == []: flash("Your cart is empty", category="error") return redirect(request.referrer) db.execute('DELETE FROM cart WHERE ticketid IS NULL AND userid = ?', (g.user['id'], )) db.commit() return redirect(request.referrer)
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None g.shopuser = None g.panuser = None else: db = get_db() g.user = db.execute('SELECT * FROM user WHERE id = ?', (user_id, )).fetchone() g.shopuser = db.execute('SELECT * FROM shopuser WHERE userid = ?', (g.user['id'], )).fetchone() g.panuser = db.execute('SELECT * FROM panuser WHERE userid = ?', (g.user['id'], )).fetchone()
def delete_link(): db=get_db() info=db.execute( 'SELECT * FROM share_info WHERE link = ?', (request.values['link'],) ).fetchone() if info['userid']!=g.user['id']: flash("非法操作",category="error") return redirect(request.referrer) db.execute( 'DELETE FROM share_info WHERE link = ?', (request.values['link'],) ) db.commit() return redirect(url_for('pan.shares'))
def index(): db = get_db() category = request.values.get('category') goods = None if category is None: goods = db.execute( 'SELECT id, name, value, type, amount FROM goods where isOnsale=1' ).fetchall() else: goods = db.execute( 'SELECT id, name, value, type, amount FROM goods where isOnsale=1 AND type = ?', (category, )).fetchall() categories = db.execute('SELECT name FROM category').fetchall() return render_template('shop/index.html', goods=goods, categories=categories, search=False)
def login(): if request.method == 'POST': username = request.form['username'] if re.fullmatch('[0-9A-Za-z]+', username) is None: flash('The username must match [0-9A-Za-z]+', category='error') return render_template('auth/login.html') username = secure_filename(request.form['username']) if username.strip() == "": abort(400) password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM user WHERE username = ?', (username, )).fetchone() if user is None: error = 'Incorrect username.' else: try: nacl.pwhash.verify(user['password'], password.encode('utf-8')) except nacl.exceptions.InvalidkeyError: error = 'Incorrect password.' db.execute( 'INSERT INTO logs (userid, title, body) VALUES (?, ?, ?)', (user['id'], "auth.login.failed", "Somebody failed to login your account.")) db.commit() if error is None: session.clear() session['user_id'] = user['id'] db.execute( 'INSERT INTO logs (userid, title, body) VALUES (?, ?, ?)', (user['id'], "auth.login.success", "You logged in the system successfully.")) db.commit() return redirect(url_for('index')) flash(error, category="error") if current_app.config['SECRET_KEY'] == 'dev': flash("You need to change your SECRET_KEY!", category='error') return render_template('auth/login.html')
def changeuserinfo(): if request.method == 'GET': return render_template('shop/userinfo.html', i=g.shopuser) address = request.form.get('address') postalcode = request.form.get('postalcode') phone = request.form.get('phone') email = request.form.get('email') db = get_db() db.execute( 'UPDATE shopuser SET phone = ?, email = ?, address = ?, postalcode = ? WHERE userid = ?', ( phone, email, address, postalcode, g.user['id'], )) db.commit() return redirect(url_for('shop.index'))
def registerAdmin(): isAdmin = int(g.user['isadmin']) if isAdmin == 0: return redirect(url_for('auth.settings')) else: db = get_db() user = db.execute('SELECT id FROM user WHERE username = ?', (request.form['username'], )).fetchone() if user is None: return redirect(url_for('auth.settings')) db.execute('UPDATE user SET isadmin = ? WHERE id = ?', ( 1, user['id'], )) db.execute('INSERT INTO logs (userid, title, body) VALUES (?, ?, ?)', (user['id'], "auth.registerAdmin", "You are registered as Admin in the cardinal system.")) db.commit() return redirect(url_for('auth.settings'))
def safes(): db=get_db() info=db.execute( 'SELECT * FROM share_info WHERE link = ?', (request.values['link'],) ).fetchone() if info is None: abort(404) if info['expiretime'] is not None and datetime.datetime.utcnow()>info['expiretime']: flash("分享链接已过期",category="error") return redirect(url_for('index')) if info['password'] is None: flash("该文件无密码",category="error") return redirect(url_for('index')) try: nacl.pwhash.verify(info['password'],str(request.form['password']).encode('utf-8')) return send_file(info['filename'],as_attachment=True,conditional=True) except Exception: abort(403)
def delete(idnum): db = get_db() info = db.execute( 'SELECT amount FROM cart WHERE goodid = ? AND ticketid IS NULL AND userid = ?', ( idnum, g.user['id'], )).fetchone() if info is None: flash("Illegal delete", category="error") return redirect(request.referrer) db.execute( 'DELETE FROM cart WHERE goodid = ? AND ticketid IS NULL AND userid = ?', ( idnum, g.user['id'], )) db.commit() flash("All goods have been remove from your cart") return redirect(request.referrer)
def delete(idnum): db = get_db() info = db.execute( 'SELECT amount FROM cart WHERE goodid = ? AND ticketid IS NULL AND userid = ?', ( idnum, g.user['id'], )).fetchone() if info is None: flash("非法删除操作", category="error") return redirect(request.referrer) db.execute( 'DELETE FROM cart WHERE goodid = ? AND ticketid IS NULL AND userid = ?', ( idnum, g.user['id'], )) db.commit() flash("商品已从购物车移除") return redirect(request.referrer)
def register(): if request.method == 'POST': username = request.form['username'] if re.fullmatch('[0-9A-Za-z]+', username) is None: flash('The username must match [0-9A-Za-z]+', category='error') return render_template('auth/register.html') username = secure_filename(request.form['username']) if username.strip() == "": abort(400) password = request.form['password'] db = get_db() error = None if not username: error = '需要用户名。' elif not password: error = 'Password is required.' elif db.execute('SELECT id FROM user WHERE username = ?', (username, )).fetchone() is not None: error = 'User {} is already registered.'.format(username) elif zxcvbn(str(password), user_inputs=[str(username)])['score'] < 1: error = "Insufficient password strength." if error is None: all_user = None all_user = db.execute('SELECT * FROM user').fetchone() if all_user is None: db.execute( 'INSERT INTO user (username, password, isadmin) VALUES (?, ?, ?)', (username, nacl.pwhash.str(password.encode('utf-8')), 1)) else: db.execute( 'INSERT INTO user (username, password, isadmin) VALUES (?, ?, ?)', (username, nacl.pwhash.str(password.encode('utf-8')), 0)) db.commit() return redirect(url_for('auth.login')) flash(error, category="error") return render_template('auth/register.html')
def renamecategory(idnum): db = get_db() info = db.execute('SELECT * FROM category WHERE id = ?', (idnum, )).fetchone() if info is None: flash("The category doesn't exist") return redirect(request.referrer) if request.method == 'GET': return render_template("shop/createcategory.html") name = request.form.get('name') oldname = db.execute('SELECT name FROM category WHERE id = ?', (idnum, )).fetchone()['name'] db.execute('UPDATE category SET name = ? WHERE id = ?', ( name, idnum, )) db.execute('UPDATE goods SET type = ? WHERE type = ?', ( name, oldname, )) db.commit() return redirect(url_for("shop.categories"))
def registerPan(): isAdmin = int(g.user['isadmin']) if isAdmin == 0: return redirect(url_for('auth.settings')) else: db = get_db() user = db.execute('SELECT * FROM user WHERE username = ?', (request.form['username'], )).fetchone() if user is None: return redirect(url_for('auth.settings')) currentUser = db.execute('SELECT * FROM panuser WHERE userid = ?', (user['id'], )).fetchone() if currentUser is not None: error = 'User {} is already granted disk access.'.format( user['username']) flash(error, category="error") return redirect(url_for('auth.settings')) db.execute('INSERT INTO panuser (userid) VALUES (?)', (user['id'], )) db.execute( 'INSERT INTO logs (userid, title, body) VALUES (?, ?, ?)', (user['id'], "auth.registerPan", "You are granted disk access.")) db.commit() return redirect(url_for('auth.settings'))
def search(): search_name = request.values.get('search_name') category = request.values.get('category') db = get_db() goods = None if search_name is None: search_name = '' if category is not None: goods = db.execute( 'SELECT id, name, value, type, amount FROM goods where isOnsale=1 AND name LIKE ? AND type = ?', ( "%" + search_name + "%", category, )).fetchall() else: goods = db.execute( 'SELECT id, name, value, type, amount FROM goods where isOnsale=1 AND name LIKE ?', ("%" + search_name + "%", )).fetchall() categories = db.execute('SELECT name FROM category').fetchall() return render_template('shop/index.html', goods=goods, categories=categories, search=True, search_name=search_name)
def calccart(): db = get_db() goods = db.execute( 'SELECT cart.amount, goods.* FROM cart \ INNER JOIN goods ON goods.id = cart.goodid \ WHERE cart.userid = ? AND cart.ticketid IS NULL', (g.user['id'], )).fetchall() if goods == []: flash("Your cart is empty", category="error") return redirect(request.referrer) existedgoods = db.execute( 'SELECT cart.amount AS cartamount, goods.* FROM cart \ INNER JOIN goods ON goods.id = cart.goodid \ WHERE cart.userid = ? AND cart.ticketid IS NULL AND goods.isOnsale=1', (g.user['id'], )).fetchall() isValid = True for good in existedgoods: try: if good['amount'] is not None and good['amount'] != '' and int( good['cartamount']) > int(good['amount']): isValid = False flash("There are only" + str(good['amount']) + str(good['id']) + " - " + good['name'] + "in stock", category="error") except KeyError: pass if isValid == False: return redirect(request.referrer) for good in existedgoods: try: if good['amount'] is not None and good['amount'] != '': db.execute('UPDATE goods SET amount = ? WHERE id = ?', ( int(good['amount']) - int(good['cartamount']), good['id'], )) except KeyError: pass deletedgoods = db.execute( 'SELECT cart.amount, goods.* FROM cart \ INNER JOIN goods ON goods.id = cart.goodid \ WHERE cart.userid = ? AND cart.ticketid IS NULL AND goods.isOnsale=0', (g.user['id'], )).fetchall() for deletedgood in deletedgoods: db.execute( 'DELETE FROM cart WHERE userid = ? AND ticketid IS NULL AND goodid = ?', ( g.user['id'], deletedgood['id'], )) if existedgoods == []: flash("It only contains off-shore goods", category="error") return redirect(request.referrer) amount = db.execute( 'SELECT SUM(amount*value) AS VALUE \ FROM (SELECT cart.amount, goods.* FROM cart INNER JOIN goods ON goods.id = cart.goodid \ WHERE cart.userid = ? AND cart.ticketid IS NULL AND goods.isOnsale=1)', (g.user['id'], )).fetchone()['value'] info = db.execute( 'INSERT INTO ticket (address, postalcode, value, userid, status) VALUES (?, ?, ?, ?, ?)', ( g.shopuser['address'], g.shopuser['postalcode'], amount, g.user['id'], "pending", )) db.execute( 'UPDATE cart SET ticketid = ? WHERE userid = ? AND ticketid IS NULL', ( info.lastrowid, g.user['id'], )) db.commit() flash("Checkout Succed!") return redirect(url_for("shop.tickets"))
def settings(): db = get_db() logs = db.execute( 'SELECT * FROM logs WHERE userid = ? ORDER BY created DESC', (g.user['id'], )).fetchall() return render_template('auth/settings.html', logs=logs)
def categories(): db = get_db() info = db.execute('SELECT * FROM category').fetchall() return render_template("shop/categories.html", info=info)
def emptycart(): db = get_db() db.execute('DELETE FROM cart WHERE ticketid IS NULL AND userid = ?', (g.user['id'], )) db.commit() return redirect(request.referrer)