def item(): if 'username' not in session: username = CASClient().authenticate().strip() check_user(username) else: username = session.get('username').strip() #username = '******' itemid = request.args.get('itemid') string = request.cookies.get('lastSearch') if string is None: string = '' maxP = request.cookies.get('maxPrice') if maxP is None: maxP = '' minP = request.cookies.get('minPrice') if minP is None: minP = '' ntags = request.cookies.get('ntags') tags = [] for i in range(int(ntags)): tags.append(request.cookies.get(f'tag{i + 1}')) database = Database() database.connect() # check if item still exists in available database # if not, check if it was sold if not str(itemid).isnumeric(): errormsg = 'Sorry, this item does not exist.' html = render_template('error.html', errormsg=errormsg) response = make_response(html) return response if not (database.check_exists_item(itemid)): if not (database.check_exists_solditem(itemid)): errormsg = 'Sorry, this item does not exist.' html = render_template('error.html', errormsg=errormsg) response = make_response(html) return response else: entry = database.get_solditem(itemid) database.disconnect() errormsg = 'Sorry, this item has already been sold.' html = render_template('itemsold.html', entry=entry[0], errormsg=errormsg) response = make_response(html) return response if request.method == 'POST': bid = request.form['bid'] # check if bid is numeric try: bid = float(bid) except Exception as e: database = Database() database.connect() entry = database.get_item(itemid) database.disconnect() msg = 'Please enter a valid bid.' html = render_template('item.html', entry=entry[0], msg=msg, lastSearch=string, maxPrice=maxP, minPrice=minP, tags=tags) response = make_response(html) return response # round bid to nearest 0.5 bid = math.floor(bid) #if netid is None: netid = username database = Database() database.connect() # add bid to database entry = database.get_item(itemid) seller_id = (entry[0])[2] print(seller_id) if (seller_id == netid): database.disconnect() msg = 'Sorry, you may not bid on an item you are selling.' html = render_template('item.html', entry=entry[0], msg=msg, lastSearch=string, maxPrice=maxP, minPrice=minP, tags=tags) response = make_response(html) return response entry = database.get_item(itemid) current_price = (entry[0])[3] if (float(bid) <= current_price): database.disconnect() msg = 'Please enter a bid higher than the current price.' html = render_template('item.html', entry=entry[0], msg=msg, lastSearch=string, maxPrice=maxP, minPrice=minP, tags=tags) response = make_response(html) return response database.bid(itemid, bid, netid) entry = database.get_item(itemid) database.disconnect() msg = 'Your bid has been processed. Thank you!' html = render_template('item.html', entry=entry[0], msg=msg, lastSearch=string, maxPrice=maxP, minPrice=minP, tags=tags) response = make_response(html) return response else: try: database = Database() database.connect() entry = database.get_item(itemid) database.disconnect() html = render_template('item.html', entry=entry[0], lastSearch=string, maxPrice=maxP, minPrice=minP, tags=tags) response = make_response(html) return response except Exception as e: print("error" + str(e), file=stderr) exit(1)
def sell(): if 'username' not in session: username = CASClient().authenticate().strip() check_user(username) else: username = session.get('username').strip() #username = '******' # parse user input for item upload details # ***** need to handle other info still ***** if request.method == 'POST': print("sell: " + str(request)) if 'image' not in request.files: print("err") image = request.files['image'] title = request.form['title'] description = request.form['description'] price = request.form['price'] tag = request.form['tag'] if title is None: title = '' if description is None: description = '' if price is None: price = '' # generate a random itemid until you get one that isn't # in the itemdid_hashet, meaning that it isn't already being # used by an item in available_items itemid = int(random.uniform(100, 1000000)) while str(itemid) in itemid_hashset: itemid = int(random.uniform(100, 1000000)) itemid_hashset.append(str(itemid)) #if postdate is None: postdate = datetime.date.today() #if netid is None: netid = username # connect to database database = Database() database.connect() if (image.filename == ''): print("none") image = '' image_read = None safefilename = '' else: print(image) safefilename = secure_filename(randstr() + '-' + image.filename) imgpath = '{}/{}'.format(IMAGE_DIR_AVAILABLE, safefilename) image.save(imgpath) image.seek(0) image_read = image.read() database.add_image(itemid, image_read, safefilename) print(database.image_table_size()) database.add_to_db(itemid, postdate, netid, price, safefilename, description, title, tag) # add to bid database with null bidder netid database.bid(itemid, price, None) database.disconnect() html = render_template('confirmation.html') response = make_response(html) return response else: try: html = render_template('sell.html') response = make_response(html) return response except Exception as e: print("error" + str(e), file=stderr) exit(1)
def modify_item(): print("server reached") print(request) if 'username' not in session: username = CASClient().authenticate().strip() check_user(username) else: username = session.get('username').strip() database = Database() database.connect() itemid = None if (request.method == "GET" and request.args.get('modify') != None): print("get reached") itemid = request.args.get('modify') print("itemid: " + str(itemid)) print(request) entry = (database.get_item(itemid))[0] html = render_template('modify_item.html', entry=entry) response = make_response(html) return response # a confirm_change button (let them know it will reset bids), a cancel button (redirect to track page) # confirm_change redirects back here, with a get_request elif (request.method == "POST" and request.form['item_id'] != None): print("post reached") title = request.form['title'] print("title") image = request.files['image'] print(image) print("img") description = request.form['description'] print("desc") price = request.form['price'] print("pr") tag = request.form['tag'] print("tag") postdate = datetime.date.today() netid = username old_item_id = request.form['item_id'] print("id") # new_item_id = int(random.uniform(100, 1000000)) # error handling on the above in case it comes from a non web browser source print("getting stuff reached") prev_info = (database.get_item(old_item_id))[0] # send e-mail to bidders before deleting the bids item_bids = database.get_item_bids(old_item_id) send_modify_mail(item_bids, prev_info[6], old_item_id) database.delete_from_bids(old_item_id) # delete the old item entry data database.delete_from_db(old_item_id) new_img_bool = True # if new image is null and previous image is not null if image.filename == '' and prev_info[4] != '': safefilename = prev_info[4] new_img_bool = False print("db stuff") # insert the new image into the db if new_img_bool == True: # delete the old image if there was one if (prev_info[4] != ''): os.remove(os.path.join(IMAGE_DIR_AVAILABLE, prev_info[4])) database.delete_image(old_item_id) if (image.filename == ''): image = '' image_read = None safefilename = '' else: # print(image) safefilename = secure_filename(randstr() + '-' + image.filename) imgpath = '{}/{}'.format(IMAGE_DIR_AVAILABLE, safefilename) image.save(imgpath) image.seek(0) image_read = image.read() database.add_image(old_item_id, image_read, safefilename) # print(database.image_table_size()) # add new db info for the item database.add_to_db(old_item_id, postdate, netid, price, safefilename, description, title, tag) # add to bid database with null bidder netid database.bid(old_item_id, price, None) print("work done") return redirect("/item?itemid={}".format(old_item_id)) else: return redirect('/index')