Esempio n. 1
0
def login():
    """Log user in"""
    # clear session if any previous users
    session.clear()

    if request.method == "POST":
        # Ensure username was submitted
        if not request.form.get("username"):
            return message("Please provide a username!")
        # Ensure password was submitted
        elif not request.form.get("password"):
            return message("Please provide a password!")
        with sqlite3.connect("gallery.db") as con:
            db = con.cursor()
            username = request.form.get("username")
            if username == " ":
                return message("Please provide a valid username")
            db.execute(
                f"SELECT * FROM users WHERE username='******'")
            rows = db.fetchall()
            if not rows:
                return message("User doesn't exist in the database!")
            if len(rows) != 1 or not check_password_hash(rows[0][2], request.form.get("password")):
                return message("Wrong username or password!")

        # Remember which user has logged in
        session["user_id"] = rows[0][0]
        session["user_name"] = rows[0][1]

        # Redirect to the homepage
        return redirect("/")
    else:
        return render_template("login.html")
Esempio n. 2
0
def cart():
    if request.method == "GET":
        with sqlite3.connect("gallery.db") as con:
            db = con.cursor()
            myQuery = f"SELECT * FROM paintings WHERE id IN (SELECT painting_id FROM cart WHERE user_id= {session['user_id']})"
            db.execute(myQuery)
            rows = db.fetchall()
            if not rows:
                return render_template("cart.html", empty=True)
            total = 0
            for row in rows:
                total = total + row[3]
        return render_template("cart.html", rows=rows, total=total)
    else:
        with sqlite3.connect("gallery.db") as con:
            db = con.cursor()
            db.execute(f"SELECT * FROM users WHERE id = {session['user_id']}")
            rows = db.fetchall()
            cash = rows[0][6]
            total = int(request.form.get("total"))
            if not total:
                return message("No value in total!")
            elif total > cash:
                return message("You don't have enough funds for the puchase!")
            else:
                db.execute(f"UPDATE users SET cash = {cash - total} WHERE id = {session['user_id']}")
            db.execute(
                f"DELETE FROM paintings WHERE id IN (SELECT painting_id FROM cart WHERE user_id = {session['user_id']})")
            db.execute(
                f"DELETE FROM cart WHERE user_id = {session['user_id']}")
            con.commit()
        return redirect("/bought")
Esempio n. 3
0
def addToCart():
    if request.method == "POST":
        paintingId = int(request.form.get("id"))
        if not paintingId:
            return message("No Painting Id")
        with sqlite3.connect("gallery.db") as con:
            db = con.cursor()
            db.execute(f"SELECT * FROM cart WHERE user_id = {session['user_id']}")
            rows = db.fetchall()
            for row in rows:
                if paintingId == row[2]:
                    return message("Item already in cart!")
            else:
                db.execute(
                    "INSERT INTO cart (user_id, painting_id) VALUES(?,?)", (session["user_id"], paintingId))
                con.commit()
        return redirect("/buy")
    else:
        return redirect("/buy")
Esempio n. 4
0
def changeUsername():
    if request.method == "POST":
        username = request.form.get("newUsername")
        if username == " ":
            return message("Please provide a username!")            
        # Establish a connection with database and update username
        with sqlite3.connect("gallery.db") as con:
            db = con.cursor()
            db.execute(f"SELECT * FROM users WHERE username = '******'")
            rows = db.fetchall()
            if len(rows) > 0:
                return message("Username already exists")
            db.execute(
                f"UPDATE users SET username = '******' WHERE id = {session['user_id']}")
            db.execute(f"UPDATE paintings SET seller = '{username}' WHERE seller = '{session['user_name']}'")
            con.commit()
            session['user_name'] = username
            return redirect("/login")
    else:
        return redirect("/dashboard")
Esempio n. 5
0
def removeFromCart():
    if request.method == "POST":
        paintingId = int(request.form.get("target"))
        if not paintingId:
            return message("Painting Id not found in cart!")
        with sqlite3.connect("gallery.db") as con:
            db = con.cursor()
            db.execute(f"DELETE FROM cart WHERE user_id = {session['user_id']} AND painting_id = {paintingId}")
            con.commit()
        return redirect("/cart")
    else:
        return redirect("/cart")
Esempio n. 6
0
def sell():
    if request.method == "GET":
        return render_template("sell.html")
    else:
        if request.files:
            image = request.files["artImage"]
            if image.filename == "":
                return message("Not a valid filename")
            if allowed_image(image.filename):
                now = datetime.now()
                formattedDate = now.strftime('%Y-%m-%d %H:%M:%S')
                filename = secure_filename(image.filename)
                # To make the filename unique
                extension = splitext(filename)[1]
                filename = splitext(filename)[0]
                filename = filename + re.sub('[^a-zA-Z0-9_]+', "", formattedDate) + extension
                address = join(app.config["UPLOAD_FOLDER"], filename)
                image.save(address)
                title = request.form.get("title")
                artist = request.form.get("artist")
                price = int(request.form.get("price"))
                if not title or not price or not artist:
                    return message("All the info was not provided")
                with sqlite3.connect("gallery.db") as con:
                    db = con.cursor()
                    db.execute(
                        "INSERT INTO paintings (title, artist, price, seller, imageAddress, additiondate) VALUES(?,?,?,?,?,?)", (title, artist, price, session["user_name"], address, formattedDate))
                    db.execute(f"SELECT * FROM users WHERE id={session['user_id']}")
                    rows = db.fetchall()
                    if not rows:
                        return message("Error in retrieving data from the database!")
                    cash = rows[0][6]
                    db.execute(f"UPDATE users SET cash={cash + price} where id={session['user_id']}")
                    con.commit()
                return redirect(url_for('sold'))
            else:
                return message("That file extension is not allowed")
        else:
            return message("Upload unsuccessful!")
Esempio n. 7
0
def register():
    """Register a new user"""
    session.clear()

    if request.method == "GET":
        return render_template("register.html")
    else:
        if request.form.get("username") == " ":
            return message("Please provide a name!")
        elif request.form.get("password") == " " or request.form.get("secPassword") == " ":
            return message("Please provide a valid password!")
        elif request.form.get("country") == " ":
            return message("Please provide a valid country name!")
        elif request.form.get("firstName") == " " or request.form.get("lastName") == " ":
            return message("Please prove valid first and last names!")
        else:
            username = request.form.get("username")
            password = request.form.get("password")
            secPass = request.form.get("secPassword")
            firstName = request.form.get("firstName")
            lastName = request.form.get("lastName")
            country = request.form.get("country")
            if password != secPass:
                return message("Passwords don't match!")
            else:
                hashed = generate_password_hash(
                    password, method='pbkdf2:sha256', salt_length=8)
                # Establish a connection with database and add data
                with sqlite3.connect("gallery.db") as con:
                    db = con.cursor()
                    db.execute(f"SELECT * FROM users WHERE username='******'")
                    rows = db.fetchall()
                    if not rows:
                        db.execute("INSERT INTO users (username, hashvalue, firstname, lastname, country) VALUES(?,?,?,?,?)", (
                            username, hashed, firstName, lastName, country))
                        con.commit()
                    else:
                        return message("This username already exists. Please try another one!")
                    session.clear()
                    db.execute(f"SELECT * FROM users WHERE username='******'")
                    rows = db.fetchall()
                    if not rows:
                        return redirect("/login")
                    session["user_id"] = rows[0][0]
                    session["user_name"] = rows[0][1]
        return redirect("/")
Esempio n. 8
0
def errorhandler(e):
    """Handle error"""
    if not isinstance(e, HTTPException):
        e = InternalServerError()
    return message("Internal Server Error!")