def __init__(self, uid):
(myconnection, mycursor) = database_connect()
get_user_details = "select username from logged_in_users where(Login_UID=?)"
mycursor.execute(get_user_details, (uid, ))
try:
username, = mycursor.fetchone()
mycursor.close()
myconnection.close()
self.username = username.decode()
except TypeError: #if user actually not logged in, destroy their login cookie
#internal libs
from functions import load_cookies, sendto
#external libs
from os import environ
COOKIES = load_cookies()
COOKIES["Login_UID"]["expires"] = -1
print(COOKIES)
sendto(environ["HTTP_REFERER"], message="Error with login cookie")
quit()
#get post data POST=cgi.FieldStorage() oldpwd=POST["oldpwd"].value newpwd1=POST["newpwd1"].value newpwd2=POST["newpwd2"].value #get old password from database myconnection,mycursor=database_connect() getoldpassword="******" mycursor.execute(getoldpassword,(user.username,) ) (hashedword,)=mycursor.fetchone() hashedword=hashedword.decode() #check old password if not verify_password(oldpwd,hashedword): sendto(environ["HTTP_REFERER"],message="wrong original password") quit() #check passwords match if newpwd1 != newpwd2: sendto(environ["HTTP_REFERER"],message="passwords don't match") quit() #generate new password newhashword=bcrypt.hashpw(newpwd1.encode(),bcrypt.gensalt()) #push to database change_password="******" mycursor.execute(change_password,(newhashword,user.username) ) myconnection.commit()
#!/usr/bin/python3.5
#mark an order fulfilled
#internal libs
from functions import is_admin,sendto
from database_connection import database_connect
#external libs
import cgi
from os import environ
#check admin
if not is_admin():
sendto("/",message="access denied")
quit()
#page vars
GET=cgi.FieldStorage()
orderno=GET["ordernumber"].value
#update database
myconnection,mycursor=database_connect()
set_fulfilled="update orders set fulfilled=1 where orderno=?"
mycursor.execute(set_fulfilled,(orderno,))
myconnection.commit()
mycursor.close()
myconnection.close()
sendto(environ["HTTP_REFERER"])
#delete an item from the menu
#external functions
import cgi, os
#internal functions
from functions import is_admin, sendto
from database_connection import database_connect
#http vars
GET = cgi.FieldStorage()
menunumber = GET["menunumber"].value
#check user is administrator
if not is_admin():
sendto("/", message="Permission denied")
quit()
#sql connection
myconnection, mycursor = database_connect()
#delete picture from storage
getpic = "select picture from food where (menunumber=?)"
mycursor.execute(getpic, (menunumber, ))
filename, = mycursor.fetchone()
try:
filename = filename.decode()
os.remove("food_images/" + filename)
except FileNotFoundError:
pass
#!/usr/bin/python3.5
#replace the image of a food
#internal libs
from database_connection import database_connect
from functions import is_admin,sendto
#external libs
import cgi
from os import environ
#check user is admin
if not is_admin():
sendto("/",message="Access denied")
quit()
#page variables
POST=cgi.FieldStorage()
menunumber=POST["menunumber"].value
filename=POST["picture"].filename
#update database
update_picture="update food set picture=? where (menunumber=?)"
myconnection,mycursor=database_connect()
mycursor.execute(update_picture, (filename,menunumber) )
#update file
try:
outfile=open("food_images/"+filename,"wb+")
outfile.write(POST["picture"].value)
myconnection.commit()
#page vars
GET = cgi.FieldStorage()
COOKIES = load_cookies()
#ensure user is logged in
if COOKIES["Login_UID"].get:
user = User(COOKIES["Login_UID"].value)
#check for outstanding orders
myconnection, mycursor = database_connect()
check_orders = "select count(orderno) from valid_orders where (fulfilled=0 and username=?)"
mycursor.execute(check_orders, (user.username, ))
order_count, = mycursor.fetchone()
if order_count > 0:
sendto(
environ["HTTP_REFERER"],
message="You may not delete payment information with outstanding orders"
)
elif GET["field"].value == "payinfo":
del_pay_info = "delete from payinfo where username = ?"
mycursor.execute(del_pay_info, (user.username, ))
myconnection.commit()
sendto(environ["HTTP_REFERER"])
elif GET["field"].value == "address":
del_address = "delete from address where username = ?"
mycursor.execute(del_address, (user.username, ))
myconnection.commit()
sendto(environ["HTTP_REFERER"])
mycursor.close()
#initialise POST and cookies
POST = cgi.FieldStorage()
COOKIES = load_cookies()
#ensure user is logged in
if COOKIES.get("Login_UID"):
user = User(COOKIES["Login_UID"].value)
#get info to insert into database
username = user.username
line1 = POST["line1"].value
town = POST["town"].value
eircode = POST["eircode"].value
#add line2 to info if not null
try:
line2 = POST["line2"].value
except KeyError:
line2 = ""
#open connection to database and prepare statement
myconnection, mycursor = database_connect()
add_pay_info = "insert into address (username,line1,line2,town,eircode) values(?,?,?,?,?)"
mycursor.execute(add_pay_info, (username, line1, line2, town, eircode))
myconnection.commit()
mycursor.close()
myconnection.close()
sendto(environ["HTTP_REFERER"])
#!/usr/bin/python3.5
#cancel an order
#internal libs
from functions import sendto, load_cookies
from database_connection import database_connect
from classes import User
#external libs
import cgi
from os import environ
#pagevars
GET = cgi.FieldStorage()
COOKIES = load_cookies()
#check user is logged in
if COOKIES.get("Login_UID"):
user = User(COOKIES["Login_UID"].value)
myconnection, mycursor = database_connect()
cancel_order = "delete from orders where (orderno=? and username=? and fulfilled=0)"
mycursor.execute(cancel_order, (GET["ordernumber"].value, user.username))
myconnection.commit()
sendto(environ["HTTP_REFERER"], message="Order has been canceled")
from functions import load_cookies, sendto
#external libs
from os import environ
import mysql.connector
#page vars
SESSION = session_start()
COOKIES = load_cookies()
lastpage = environ["HTTP_REFERER"]
#ensure user is logged in
if COOKIES.get("Login_UID"):
user = User(COOKIES["Login_UID"].value)
else:
sendto(lastpage, message="please login before ordering")
quit()
#ensure user has a card and address
try:
CreditCard(user.username)
Address(user.username)
except TypeError:
sendto(
lastpage,
message="Only users with a registered credit card and address may order"
)
quit()
#get item ids and prices
myconnection, mycursor = database_connect()
#external functions
import cgi, bcrypt
from mysql.connector import errors
#useful variables
COOKIES = load_cookies()
POST = cgi.FieldStorage()
#get username and password from post request
try:
username = POST["username"].value
password1 = POST["password1"].value
password2 = POST["password2"].value
except KeyError: #ensure correct post data
sendto("/cgi-bin/register.py", message="Username or password blank")
quit()
#check passwords match
if password1 != password2:
sendto("/cgi-bin/register.py", message="Passwords do not match")
quit()
#encrypt the password
hashword = bcrypt.hashpw(password1.encode(), bcrypt.gensalt())
#add user to database
myconnection, mycursor = database_connect()
try:
addnewuser = "******"
#!/usr/bin/python3.5
#allow the user to logout
#external libraries
from os import environ
#internal libraries
from database_connection import database_connect
from functions import sendto, load_cookies
COOKIES = load_cookies()
if not COOKIES.get("Login_UID"):
sendto("/", message="Not signed in")
else:
myconnection, mycursor = database_connect()
logout = ("delete from logged_in_users where(Login_UID=?)")
mycursor.execute(logout, (COOKIES["Login_UID"].value, ))
myconnection.commit()
COOKIES["Login_UID"]["expires"] = -1
print(COOKIES)
sendto(environ["HTTP_REFERER"])
mycursor.close()
myconnection.close()
#!/usr/bin/python3.5
#add an item to the menu
#internal functions
from functions import is_admin, sendto
from database_connection import database_connect
#external functions
import cgi
#ensure admin
if not is_admin():
sendto("/", message="Access denied")
quit()
#useful variables
POST = cgi.FieldStorage()
name = POST["name"].value
description = POST["description"].value
price = float(POST["price"].value)
filename = POST["picture"].filename
#add picture to storage
outfile = open("food_images/" + filename, "wb+")
outfile.write(POST["picture"].value)
outfile.close()
#add entry to database
myconnection, mycursor = database_connect()
putfood = "insert into food(name,description,price,picture) values(?,?,?,?)"
mycursor.execute(putfood, (name, description, price, filename))
