def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {0} is already registered.'.format(username)
if error is None:
# the name is available, store it in the database and go to
# the login page
db.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def index():
db = get_db()
items = db.execute(
'SELECT id, item_name, cost'
' FROM list'
' ORDER BY id DESC'
).fetchall()
return render_template('shopper/index.html', list=items)
def view():
db = get_db()
items = db.execute(
'SELECT id, item_name, cost, quantity'
' FROM final'
' ORDER BY id DESC'
).fetchall()
return render_template('shopper/view.html', list=items)
def load_logged_in_user():
"""If a user id is stored in the session, load the user object from
the database into ``g.user``."""
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def drop(id):
"""Delete an item.
Ensures that the item exists
"""
get_item(id)
db = get_db()
db.execute('DELETE FROM list WHERE id = ?', (id,))
db.commit()
return redirect(url_for('main.index'))
def checkout():
db = get_db()
selected = request.form.getlist('selected')
for item in selected:
db.execute(
'UPDATE list SET selected = 1 WHERE id = ?',
(item,)
)
db.commit()
selected = db.execute('SELECT * FROM list WHERE selected = 1').fetchall()
return redirect(url_for('main.view'))
def get_item(id):
post = get_db().execute(
'SELECT id, item_name, cost'
' FROM list'
' WHERE id = ?',
(id,)
).fetchone()
if post is None:
abort(404, "Item id {0} doesn't exist.".format(id))
return post
def add():
"""Create a new item"""
if request.method == 'POST':
item = request.form['item']
cost = request.form['cost']
error = None
if not item:
error = 'Item is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO list (item_name, cost)'
' VALUES (?, ?)',
(item, cost)
)
db.commit()
return redirect(url_for('main.index'))
return render_template('shopper/add.html')
def login():
"""Log in a registered user by adding the user id to the session."""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
# store the user id in a new session and return to the index
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def edit(id):
"""Edit an item"""
item = get_item(id)
if request.method == 'POST':
item = request.form['item']
cost = request.form['cost']
error = None
if not item:
error = 'Item name is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE list SET item_name = ?, cost = ? WHERE id = ?',
(item, cost, id)
)
db.commit()
return redirect(url_for('main.index'))
return render_template('shopper/edit.html', items=item)