def login(): """Log in a registered user by adding the user id to the session.""" if request.method == 'POST': email = request.form['username'] password = request.form['password'] db = get_db() error = None user = db.execute('SELECT * FROM client WHERE email=?', (email, )).fetchone() if user is None: error = 'Invalid email' elif password != user['password']: error = 'Invalid password' if error is None: # store the user id in a new session and return to the index session.clear() session['user_id'] = user['id'] flash('Welcome, ' + user['name'] + '!') return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def cart(): price_sum = float(request.form['price']) amount = request.form['amount'] product_id = request.form['product_id'] username = session.get('user_id') db = get_db() client_info = db.execute('SELECT name,phone,address,mileage FROM client WHERE id = ?', (username,)).fetchall()[0] coupon_list = db.execute('SELECT a.name, a.coupon_id, a.discount FROM coupon a, coupon_list b ' 'WHERE a.coupon_id=b.coupon_id AND user_id = ? AND b.used=0', (username,)).fetchall() dc_sum = 0.0 select_coupon = 0 discount = request.form.get('discount') mileage = 0 coupon_discount = 0 if discount is not None: mileage = int(request.form['mileage']) select_coupon = int(request.form['coupon_list']) if select_coupon != 0: coupon_discount = db.execute('SELECT discount FROM coupon ' 'WHERE coupon_id = ?', [select_coupon]).fetchone()[0] dc_sum = price_sum - (price_sum-mileage*0.001) * (100-coupon_discount)/100 return render_template('payment/payment.html', **locals())
def delete_item(): username = session['user_id'] id = int(request.data) db = get_db() db.execute('DELETE FROM my_list WHERE product_id = ? and user_id = ?', ( id, username, )) db.commit() return jsonify(result="success")
def load_logged_in_user(): """If a user id is stored in the session, load the user object from the database into ``g.user``.""" user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM client WHERE id=?', (user_id, )).fetchone()
def my_list(): username = session['user_id'] db = get_db() cur = db.execute( 'SELECT name, product_id FROM product WHERE product_id IN ' '(SELECT product_id FROM my_list WHERE user_id = ?)', (username, )) lists = [dict(name=row[0], id=row[1]) for row in cur.fetchall()] return render_template('cart/my_list.html', lists=lists)
def delete(id): """Delete a post. Ensures that the post exists and that the logged in user is the author of the post. """ get_post(id) db = get_db() db.execute('DELETE FROM post WHERE id = ?', (id, )) db.commit() return redirect(url_for('blog.index'))
def searchDC(category=None): db = get_db() if category is not None: search_manager = SearchManager() products = search_manager.searchSale(category) return render_template('search/searchDC.html', category=category, products=products) products = db.execute( 'SELECT * FROM product WHERE dc_rate >10 ORDER BY dc_rate DESC ' ).fetchall() return render_template('search/searchDC.html', category=category, products=products)
def coupon_list(): username = session.get('user_id') db = get_db() coupon_lists = db.execute('SELECT * FROM coupon').fetchall() my_coupon_list = db.execute( 'SELECT coupon_id FROM coupon_list ' 'WHERE used = ? AND user_id = ? ', ( 1, username, )).fetchall() return render_template('coupon/coupon_list.html', lists=coupon_lists, my_coupon_list=my_coupon_list)
def searchHOTDEAL(category=None): db = get_db() if category is not None: search_manager = SearchManager() products = search_manager.searchHotdeal(category) return render_template('search/searchHOTDEAL.html', category=category, products=products) products = db.execute( 'SELECT * FROM product WHERE sales_num >10 ORDER BY sales_num DESC ' ).fetchall() return render_template('search/searchHOTDEAL.html', category=category, products=products)
def add_item(): username = session['user_id'] Data = request.json db = get_db() item = db.execute( 'SELECT product_id, quantity FROM cart_list WHERE user_id=? and product_id=?', (username, Data['ID'])).fetchone() if item is None: db.execute( 'INSERT INTO cart_list (user_id, product_id, quantity) VALUES(?,?,?)', (username, Data['ID'], Data['AMT'])) db.commit() msg = "장바구니에 추가되었습니다" else: msg = "장바구니에 이미 존재하는 제품입니다" return jsonify(result="success", msg=msg)
def create(): """Create a new post for the current user.""" if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO post (title, body, author_id)' ' VALUES (?, ?, ?)', (title, body, g.user['id'])) db.commit() return redirect(url_for('blog.index')) return render_template('blog/create.html')
def update(id): """Update a post if the current user is the author.""" post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute('UPDATE post SET title = ?, body = ? WHERE id = ?', (title, body, id)) db.commit() return redirect(url_for('blog.index')) return render_template('blog/update.html', post=post)
def cart_list(): username = session['user_id'] db = get_db() cur = db.execute( 'SELECT A.price, A.dc_rate, B.quantity FROM product A ' 'LEFT JOIN cart_list B ON A.product_id = B.product_id WHERE B.user_id = ?', (username, )) totalprice = 0 for row in cur.fetchall(): totalprice += round(row[0] * ((100.0 - row[1]) / 100.0), 2) * row[2] cur = db.execute( 'SELECT A.name, A.price, A.product_id, A.dc_rate, B.quantity FROM product A ' 'LEFT JOIN cart_list B ON A.product_id = B.product_id WHERE B.user_id = ?', (username, )) lists = [ dict(name=row[0], price=row[1], id=row[2], dc=row[3], quantity=row[4]) for row in cur.fetchall() ] return render_template('cart/cart_list.html', lists=lists, totalprice=totalprice)
def add_coupon(): username = session.get('user_id') db = get_db() select_coupon = request.form['coupon_id'] my_coupon_list = db.execute( 'SELECT coupon_id,used FROM coupon_list WHERE user_id=?', [username]).fetchall() coupon_name = db.execute('SELECT name FROM coupon WHERE coupon_id=?', [select_coupon]).fetchone() for coupon in my_coupon_list: if int(coupon[0]) is int(request.form['coupon_id']): if coupon[1] is 1: flash(coupon_name[0] + ' coupon already used.') else: flash('already have ' + coupon_name[0] + ' coupon.') return redirect('coupon/coupon_list') db.execute('INSERT into coupon_list(user_id,coupon_id) values(?,?)', (username, select_coupon)) db.commit() flash(coupon_name[0] + ' coupon added.') return redirect('coupon/coupon_list')
def get_post(id, check_author=True): """Get a post and its author by id. Checks that the id exists and optionally that the current user is the author. :param id: id of post to get :param check_author: require the current user to be the author :return: the post with author information :raise 404: if a post with the given id doesn't exist :raise 403: if the current user isn't the author """ post = get_db().execute( 'SELECT p.id, title, body, created, author_id, username' ' FROM post p JOIN user u ON p.author_id = u.id' ' WHERE p.id = ?', (id, )).fetchone() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_author and post['author_id'] != g.user['id']: abort(403) return post
def result(): db = get_db() username = session.get('user_id') amount = int(request.form['amount']) product_id = request.form['product_id'] cur_payment_id=db.execute('SELECT exists(select * from payment where payment_id = 1)').fetchall()[0][0] if cur_payment_id == 1: cur_payment_id = int(db.execute('SELECT payment_id FROM payment ORDER BY payment_id DESC LIMIT 1').fetchone()[0])+1 else : cur_payment_id = 1 # cur_order_id = db.execute('SELECT exists(select * from placed_order where order_id = 1)').fetchall()[0][0] # if cur_order_id == 1: # cur_order_id = int(db.execute('SELECT order_id FROM placed_order ORDER BY order_id DESC LIMIT 1').fetchone()[0])+1 # else : # cur_order_id = 1 # # cur_track_number = db.execute('SELECT exists(select * from placed_order where track_number = 1)').fetchall()[0][0] # if cur_track_number == 1: # cur_track_number = int(db.execute('SELECT track_number FROM placed_order ORDER BY track_number DESC LIMIT 1').fetchone()[0])+1 # else: # cur_track_number = 1 # 카트거치고옴 if amount == 0: cart_list = db.execute('SELECT a.price, a.dc_rate,a.product_id, b.quantity,a.stock FROM product a, cart_list b ' 'WHERE a.product_id = b.product_id AND user_id = ?', (username,)).fetchall() for products in cart_list: if products[4]-products[3] < 0: return render_template('payment/payment_result.html', payment_success=False) # db.execute('INSERT INTO placed_order(track_number, delivery_company, last_status) VALUES(?, ?, ?)',(cur_track_number,"LOGEN",0) ) db.execute('INSERT INTO payment (price, name, phone, address, discount_price) VALUES(?, ?, ?, ?, ?)', (request.form['price'], request.form['name'], request.form['phone'], request.form['address'], request.form['dc_price'])) db.commit() for products in cart_list: db.execute('INSERT INTO payment_detail (payment_id,product_id,quantity,price,total_sum) VALUES(?,?,?,?,?)' ,(cur_payment_id,products[2],products[3],products[0] * ((100.0-products[2])/100.0),products[0] * ((100.0-products[2])/100.0)*products[3])) # db.execute('INSERT INTO product_order (order_id,product_id,quantity) VALUES(?,?,?)',(cur_order_id,products[2],products[3])) db.execute('UPDATE product SET stock = ? WHERE product_id = ?', (products[4] - products[3], products[2])) db.execute('DELETE FROM cart_list WHERE user_id = ?', (username,)) # 카트안거침 else: product_info= db.execute('SELECT stock,price,dc_rate FROM product WHERE product_id = ?', (product_id,)).fetchone() stock = product_info[0] price = product_info[1] * ((100.0-product_info[2])/100.0) if stock < amount: return render_template('payment/payment_result.html', payment_success=False) # db.execute('INSERT INTO placed_order(track_number, delivery_company, last_status) VALUES(?, ?, ?)',(cur_track_number,"LOGEN",1) ) db.execute('INSERT INTO payment (price, name, phone, address, discount_price) VALUES(?, ?, ?, ?, ?)', (request.form['price'], request.form['name'], request.form['phone'], request.form['address'], request.form['dc_price'])) db.commit() # db.execute('INSERT INTO product_order (order_id,product_id,quantity) VALUES(?,?,?)',(cur_order_id,product_id,amount)) db.execute('INSERT INTO payment_detail (payment_id,product_id,quantity,price,total_sum) VALUES(?,?,?,?,?)',(cur_payment_id,product_id,amount,price,amount*price)) db.execute('DELETE FROM my_list WHERE user_id = ? AND product_id = ? ',(username,product_id)) db.execute('UPDATE product SET stock = stock - ?, sales_num = sales_num + ? ' 'WHERE product_id = ?', (amount, amount, product_id)) mileage_used = int(request.form['mileage_used']) mileage_add = int(float(request.form['dc_price']))*10 mileage = int(request.form['mileage']) - mileage_used + mileage_add db.execute('UPDATE client SET mileage = ? WHERE id = ?', (mileage, username)) coupon_id = int(request.form['coupon_id']) if coupon_id is not 0: db.execute('UPDATE coupon_list SET used = ? WHERE user_id = ? AND coupon_id = ? ', (1, username, coupon_id)) # db.execute('INSERT INTO client_order(client_id,order_id,dc_price) VALUES(?,?,?)',(username,cur_order_id,request.form['dc_price'])) controller = ManageOrder() controller.addDelivery(username,cur_payment_id) db.commit() return render_template('payment/payment_result.html', payment_success=True, **locals())
def product_info(product_id): db = get_db() product = db.execute('SELECT * FROM product WHERE product_id = ?', (product_id,)).fetchone() return render_template('product/product_info.html', product=product)
def __init__(self): self.db = db.get_db()