def updateproduct(prod_id):
form = SellProduct()
product = Product.query.get_or_404(prod_id)
if product.seller != current_user:
abort(403)
if form.validate_on_submit():
if form.picture.data:
picture_file = save_prodpicture(form.picture.data)
product.image_file = picture_file
product.productname = form.productname.data
product.producttype = form.producttype.data
product.description = form.description.data
product.price = form.price.data
db.session.commit()
flash('Your product has been updated.', 'success')
return redirect(url_for('products.product', prod_id=product.prod_id))
elif request.method == 'GET':
form.productname.data = product.productname
form.producttype.data = product.producttype
form.description.data = product.description
form.price.data = product.price
searchform = Search()
return render_template('sell_product.html',
product=product,
title='Update Product',
form=form,
legend='Update Product',
searchform=searchform) #, image_file=image_file)
def account():
form = UpdateAccountForm()
if form.validate_on_submit():
if form.picture.data:
picture_file = save_picture(form.picture.data)
current_user.image_file = picture_file
print(form.picture.data)
current_user.firstname = form.firstname.data
current_user.lastname = form.lastname.data
current_user.username = form.username.data
current_user.dob = form.dob.data
current_user.email = form.email.data
db.session.commit()
flash('Your information has been updated.', 'success')
# must redirect here for post get redirect pattern. Doesnt make u request another POST
return redirect(url_for('users.account'))
elif request.method == 'GET':
form.firstname.data = current_user.firstname
form.lastname.data = current_user.lastname
form.username.data = current_user.username
form.email.data = current_user.email
form.dob.data = current_user.dob
image_file = url_for('static',
filename='profile_pics/' + current_user.image_file)
searchform = Search()
return render_template('account.html',
title='Account Management',
image_file=image_file,
form=form,
searchform=searchform)
def sellproduct():
form = SellProduct()
if form.validate_on_submit():
newProduct = Product(productname=form.productname.data,
producttype=form.producttype.data,
price=form.price.data,
description=form.description.data,
seller=current_user)
if form.picture.data:
save_prodpicture(form.picture.data)
picture_file = save_prodpicture(form.picture.data)
newProduct.image_file = picture_file
db.session.add(newProduct)
db.session.commit()
flash('Product is now up for sale.', 'success')
return redirect(url_for('products.sellproduct'))
searchform = Search()
return render_template('sell_product.html',
title='Sell a Product',
form=form,
legend='Sell Product',
searchform=searchform) #, image_file=image_file)
def login():
# auto knows if user is logged in
if current_user.is_authenticated:
return redirect(url_for('main.home'))
form = LoginForm()
if form.validate_on_submit():
selUser = User.query.filter_by(username=form.username.data).first()
if selUser and bcrypt.check_password_hash(selUser.password,
form.password.data):
login_user(selUser, remember=form.remember.data)
# args is a dictionary, but use .get to access for no error incase None
next_page = request.args.get('next')
flash(f'Logged in as {form.username.data}', 'success')
#turnary condition
return redirect(next_page) if next_page else redirect(
url_for('main.home'))
else:
flash('Login unsuccessful. Incorrect username or password',
'danger')
searchform = Search()
return render_template('login.html',
title='Login Page',
form=form,
searchform=searchform)
def home():
searchform = Search()
page = request.args.get('page', 1, type=int)
getProducts = Product.query.join(User, Product.user_id == User.user_id) \
.filter(Product.sold == 0)\
.order_by(Product.date_posted.desc()).paginate(page=page, per_page=7)
img_location = url_for('static', filename='product_pics/')
if searchform.is_submitted():
return redirect(
url_for('main.searchresults', keyword=searchform.search.data))
return render_template('home.html',
title='Home Page',
getProducts=getProducts,
img_location=img_location,
searchform=searchform)
def product(prod_id):
product = Product.query.get_or_404(prod_id)
img_location = url_for('static',
filename='product_pics/' + product.image_file)
searchform = Search()
return render_template('product.html',
product=product,
title=product.productname,
img_location=img_location,
searchform=searchform)
def manageproducts():
form = ManageProducts()
page = request.args.get('page', 1, type=int)
getProducts = Product.query.filter_by(user_id=current_user.user_id)\
.order_by(Product.productname).paginate(page=page, per_page=5)
img_location = url_for('static', filename='product_pics/')
searchform = Search()
return render_template('manage_products.html',
title='Manage Your Products',
form=form,
getProducts=getProducts,
img_location=img_location,
searchform=searchform)
def checkout(prod_id):
form = Checkout()
product = Product.query.get_or_404(prod_id)
if product.seller == current_user:
abort(403)
img_location = url_for('static',
filename='product_pics/' + product.image_file)
searchform = Search()
return render_template('checkout.html',
title='Checkout',
form=form,
legend='User Profile',
product=product,
img_location=img_location,
searchform=searchform)
def userprofile(user_id):
page = request.args.get('page', 1, type=int)
form = UpdateAccountForm()
user = User.query.get_or_404(user_id)
products = Product.query.filter_by(user_id=user.user_id)\
.order_by(Product.date_posted.desc()).paginate(page=page, per_page=5)
user_image_file = url_for('static',
filename='profile_pics/' + user.image_file)
img_location = url_for('static', filename='product_pics/')
searchform = Search()
return render_template('user_profile.html',
user=user,
title='Update Product',
form=form,
legend='User Profile',
products=products,
user_image_file=user_image_file,
img_location=img_location,
searchform=searchform)
def reset_request():
if current_user.is_authenticated:
return redirect(url_for('main.home'))
form = RequestResetForm()
if form.validate_on_submit():
print(os.environ.get('HARAY_USER'))
print(os.environ.get('HARAY_PASS'))
getUser = User.query.filter(User.email == form.email.data).first()
token = getUser.get_reset_token()
send_mail(getUser.email, token)
flash(
'An email has been sent with instructions to reset your password',
'info')
return redirect(url_for('users.login'))
searchform = Search()
return render_template('reset_request.html',
title='Reset Password',
form=form,
searchform=searchform)
def purchasehistory():
page = request.args.get('page', 1, type=int)
products = db.session.query(Product, Payment).\
join(Payment, Product.prod_id == Payment.prod_id).\
join(User, User.user_id == Product.user_id).\
filter(Payment.user_id == current_user.user_id).\
order_by(Payment.transaction_date.desc()).paginate(page=page, per_page=5)
user_image_file = url_for('static',
filename='profile_pics/' +
current_user.image_file)
img_location = url_for('static', filename='product_pics/')
searchform = Search()
return render_template('userhistory.html',
title='Purchase History',
products=products,
user_image_file=user_image_file,
img_location=img_location,
searchform=searchform)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid token. Please try again', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
# encryption for password
hashed_passw = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_passw
db.session.commit()
flash('Your password has been updated.', 'success')
return redirect(url_for('users.login'))
searchform = Search()
return render_template('reset_token.html',
title='Reset Password',
form=form,
searchform=searchform)
def searchresults(keyword):
searchform = Search()
# page = request.args.get('page', 1, type=int)
getProducts = []
# if form.is_submitted():
searchfor = f'%{keyword}%'
getProducts = Product.query.join(User, Product.user_id == User.user_id) \
.filter(and_(Product.sold == 0,
Product.locked == 0,
Product.productname.like(searchfor))) \
.order_by(Product.date_posted.desc()).all()
img_location = url_for('static', filename='product_pics/')
# return render_template('searchresult.html', title='Search results...', getProducts=getProducts, form=form,
# img_location=img_location)
return render_template('searchresult.html',
title='Search results...',
getProducts=getProducts,
searchform=searchform,
img_location=img_location,
keyword=keyword)
def paymentconfirmed(prod_id):
form = Checkout()
product = Product.query.get_or_404(prod_id)
if product.seller == current_user:
abort(403)
datef = str(datetime.now())
date = datef[0:19]
paymethod = dict(form.paym.choices).get(form.paym.data)
newPayment = Payment(transaction_date=datetime.utcnow(),
method=paymethod,
prod_id=prod_id,
user_id=current_user.user_id)
product.sold = True
db.session.add(newPayment)
db.session.commit()
payment = newPayment
img_location = url_for('static',
filename='product_pics/' + product.image_file)
searchform = Search()
return render_template('payconfirmed.html',
title='Checkout',
form=form,
legend='User Profile',
product=product,
date=date,
payment=payment,
img_location=img_location,
searchform=searchform)
def register():
if current_user.is_authenticated:
return redirect(url_for('main.home'))
form = RegistrationForm()
if form.validate_on_submit():
# encryption for password
hashed_passw = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
newUser = User(firstname=form.firstname.data,
lastname=form.lastname.data,
username=form.username.data,
email=form.email.data,
dob=form.dob.data,
password=hashed_passw)
db.session.add(newUser)
db.session.commit()
flash('Your account has been created.', 'success')
return redirect(url_for('users.login'))
searchform = Search()
return render_template('register.html',
title='Register Page',
form=form,
searchform=searchform)
def manageaccount():
searchform = Search()
return render_template('manage_account.html',
title='Manage Account',
searchform=searchform)