def get_order_tables(): '''generate table of orders''' #internal libs from database_connection import database_connect returnme = "" row_template = loadsubpage("orders_table_row.html") myconnection, mycursor = database_connect() get_orders = "select username,placed,items_ordered,orderno from valid_orders where fulfilled=0" mycursor.execute(get_orders) for username, placed, items_ordered, orderno in mycursor: row = row_template safeusername = escape(username.decode()) row = row.replace("%USERNAME%", safeusername) row = row.replace("%PLACED%", placed.strftime("%H:%M")) row = row.replace("%ORDERED_ITEMS%", parse_order(items_ordered)) addr = str(Address(username.decode())).replace("\n", "<br>") row = row.replace("%ADDRESS%", addr) row = row.replace("%ORDERNO%", str(orderno)) returnme = returnme + row mycursor.close() myconnection.close() return returnme
def get_user_order_table(username): '''generate a table of orders for a specific user''' #internal libs from database_connection import database_connect returnme = "" row_template = loadsubpage("user_orders_table_row.html") myconnection, mycursor = database_connect() get_orders = "select placed, items_ordered, total, orderno, fulfilled from orders where username=?" mycursor.execute(get_orders, (username, )) for placed, items_ordered, total, orderno, fulfilled in mycursor: row = row_template row = row.replace("%PLACED%", placed.strftime("%d/%B/%Y<br>%H:%M")) row = row.replace("%ORDERED_ITEMS%", parse_order(items_ordered)) row = row.replace("%TOTAL%", "€%.2f" % total) if not fulfilled: row = row.replace("%CANCEL_BUTTON%", cancel_button(orderno)) else: row = row.replace("%CANCEL_BUTTON%", "") returnme = returnme + row return returnme
def gen_payment_info_form(username,showdel=False): myconnection,mycursor=database_connect() getpayinfo="select cardnumber,expiremonth,expireyear,ccv from payinfo where (username = ?)" mycursor.execute(getpayinfo,(username,)) try: cardnumber,expiremonth,expireyear,ccv=mycursor.fetchone() formstring=loadsubpage("payment-info-form.html") formstring=formstring.replace("%CARDNUMBER%",cardnumber.decode()) formstring=formstring.replace("%EXPIREMONTH%",expiremonth.decode()) formstring=formstring.replace("%EXPIREYEAR%","%2d" % expireyear) formstring=formstring.replace("%CCV%","%3d" % ccv) if showdel: delbutton=loadsubpage("delbutton.html") delbutton=delbutton.replace("%FIELD%","payinfo") formstring=formstring.replace("%DELBUTTON%",delbutton) else: formstring=formstring.replace("%DELBUTTON%","") except TypeError: formstring=loadsubpage("blank-payment-info-form.html") mycursor.close() myconnection.close() return formstring
def get_books_rows(): '''return all the books rows and totals for day month and all time''' #internal libs from database_connection import database_connect #external libs import datetime myconnection,mycursor=database_connect() get_fulfilled_orders="select orderno,username,placed,total from valid_orders where fulfilled=1 order by placed desc" mycursor.execute(get_fulfilled_orders) cutoff_time = datetime.datetime.now().replace(hour=0,minute=0,second=0) day_row,day_total=get_twixt(mycursor, cutoff_time) cutoff_time = datetime.datetime.now() - datetime.timedelta(days=30) month_row,month_total=get_twixt(mycursor, cutoff_time) month_total=month_total+day_total cutoff_time=datetime.datetime(1,1,1) alltime_row,alltime_total=get_twixt(mycursor, cutoff_time) alltime_total=alltime_total+month_total return day_row,day_total,month_row,month_total,alltime_row,alltime_total
def gen_address_form(username,showdel=False): formstring=loadsubpage("delivery-address-form.html") myconnection,mycursor=database_connect() getaddress="select line1,line2,town,eircode from address where (username = ?)" mycursor.execute(getaddress,(username,)) try: line1,line2,address,eircode=mycursor.fetchone() formstring=formstring.replace("%LINE1%",line1.decode() ) formstring=formstring.replace("%LINE2%",line2.decode() ) formstring=formstring.replace("%TOWN%",address.decode() ) formstring=formstring.replace("%EIRCODE%",eircode.decode() ) if showdel: delbutton=loadsubpage("delbutton.html") delbutton=delbutton.replace("%FIELD%","address") formstring=formstring.replace("%DELBUTTON%",delbutton) else: formstring=formstring.replace("%DELBUTTON%","") except TypeError: formstring=loadsubpage("blank-delivery-address-form.html") mycursor.close() myconnection.close() return formstring
def __init__(self, user): (myconnection, mycursor) = database_connect() get_address = "select line1, line2, town, eircode from address where (username=?)" mycursor.execute(get_address, (user, )) line1, line2, town, eircode = mycursor.fetchone() mycursor.close() myconnection.close() self.line1 = line1.decode() self.line2 = line2.decode() self.town = town.decode() self.eircode = eircode.decode()
def __init__(self, user): (myconnection, mycursor) = database_connect() get_credit_card = "select cardnumber, expiremonth, expireyear, ccv from payinfo where (username=?)" mycursor.execute(get_credit_card, (user, )) cardnumber, expiremonth, expireyear, ccv = mycursor.fetchone() mycursor.close() myconnection.close() self.cardnumber = cardnumber.decode() self.expiremonth = expiremonth.decode() self.expireyear = expireyear self.ccv = ccv
def make_menu(): myconnection, mycursor = database_connect() getfood = "select menunumber,name,description,price,picture from food" mycursor.execute(getfood) menu = [] for menunumber, name, description, price, picture in mycursor: name = name.decode() description = description.decode() picture = picture.decode() menu.append(Food(menunumber, name, description, price, picture)) mycursor.close() myconnection.close() return menu
def loadfood(menunumber): #request data from database myconnection, mycursor = database_connect() getfood = "select menunumber,name,description,price,picture from food where(menunumber=?)" mycursor.execute(getfood, (menunumber, )) #put data in vars menunumber, name, description, price, picture = mycursor.fetchone() mycursor.close() myconnection.close() #decode the unicode objects name = name.decode() description = description.decode() picture = picture.decode() return Food(menunumber, name, description, price, picture)
def get_modlink_items(): '''list of foods with options to modify or delete them''' modlink_items = loadsubpage("modlink_items.html") myconnection, mycursor = database_connect() get_items = "select name,menunumber from food" mycursor.execute(get_items) returnme = "" for (name, menunumber) in mycursor: line = modlink_items line = line.replace("%NAME%", name.decode()) line = line.replace("%MENUNUMBER%", str(menunumber)) returnme = returnme + line mycursor.close() myconnection.close() return returnme
def __init__(self, uid): (myconnection, mycursor) = database_connect() get_user_details = "select username from logged_in_users where(Login_UID=?)" mycursor.execute(get_user_details, (uid, )) try: username, = mycursor.fetchone() mycursor.close() myconnection.close() self.username = username.decode() except TypeError: #if user actually not logged in, destroy their login cookie #internal libs from functions import load_cookies, sendto #external libs from os import environ COOKIES = load_cookies() COOKIES["Login_UID"]["expires"] = -1 print(COOKIES) sendto(environ["HTTP_REFERER"], message="Error with login cookie") quit()
def parse_order(items_ordered): '''convert an order string to a human readable order''' #internal libs from database_connection import database_connect items_ordered = items_ordered.decode().strip(":") foodict = {} getfoods = "select menunumber,name from food" myconnection, mycursor = database_connect() mycursor.execute(getfoods) for menunumber, name in mycursor: foodict[menunumber] = name.decode() returnme = "" for line in items_ordered.split(":"): line = line.split("x") line[0] = int(line[0]) returnme = returnme + foodict[line[0]] + "×" + line[1] + "<br>" mycursor.close() myconnection.close() return returnme
def gen_item_table(): SESSION = session_start() myconnection, mycursor = database_connect() getitems = "select menunumber, name, price from food" mycursor.execute(getitems) checkout_table_row = loadsubpage("checkout_table_row.html") returnme = loadsubpage("checkout_table_head.html") #first line of table total = 0 #track basket total for menunumber, name, price in mycursor: menunumber = str(menunumber) if "food" + menunumber in SESSION: #calculate how many and how much inbasket = SESSION["food" + menunumber] batch_price = price * int(SESSION["food" + menunumber]) total = total + batch_price #delimit table row = checkout_table_row row = row.replace("%MENUNUMBER%", menunumber) row = row.replace("%NAME%", name.decode()) row = row.replace("%INBASKET%", inbasket) row = row.replace("%BATCH_PRICE%", "€%.2f" % batch_price) returnme = returnme + row tail = loadsubpage("checkout_table_tail.html") #last line of table tail = tail.replace("%TOTAL%", "€%.2f" % total) #apply total returnme = returnme + tail mycursor.close() myconnection.close() return returnme
#get cookies COOKIES=load_cookies() #ensure user is logged in if COOKIES.get("Login_UID"): user=User(COOKIES["Login_UID"].value) #get post data POST=cgi.FieldStorage() oldpwd=POST["oldpwd"].value newpwd1=POST["newpwd1"].value newpwd2=POST["newpwd2"].value #get old password from database myconnection,mycursor=database_connect() getoldpassword="******" mycursor.execute(getoldpassword,(user.username,) ) (hashedword,)=mycursor.fetchone() hashedword=hashedword.decode() #check old password if not verify_password(oldpwd,hashedword): sendto(environ["HTTP_REFERER"],message="wrong original password") quit() #check passwords match if newpwd1 != newpwd2: sendto(environ["HTTP_REFERER"],message="passwords don't match") quit()