|
| 1 | +import os |
| 2 | + |
| 3 | +from flask import Flask, flash, redirect, render_template, request, session, url_for |
| 4 | +from flask_session import Session |
| 5 | +from tempfile import mkdtemp |
| 6 | +from werkzeug.security import check_password_hash, generate_password_hash |
| 7 | +from flask_login import current_user |
| 8 | +from cs50 import SQL |
| 9 | +import sqlite3 |
| 10 | +import re |
| 11 | + |
| 12 | +from helpers import apology, login_required, usd |
| 13 | + |
| 14 | + |
| 15 | +# Configure application |
| 16 | +app = Flask(__name__) |
| 17 | + |
| 18 | +# Custom filter |
| 19 | +app.jinja_env.filters["usd"] = usd |
| 20 | + |
| 21 | +# Configure session to use filesystem (instead of signed cookies) |
| 22 | +app.config["SESSION_FILE_DIR"] = mkdtemp() |
| 23 | +app.config["SESSION_PERMANENT"] = False |
| 24 | +app.config["SESSION_TYPE"] = "filesystem" |
| 25 | +Session(app) |
| 26 | + |
| 27 | +# Configure CS50 Library to use SQLite database |
| 28 | +db = SQL("sqlite:///library.db") |
| 29 | + |
| 30 | + |
| 31 | +@app.after_request |
| 32 | +def after_request(response): |
| 33 | + """Ensure responses aren't cached""" |
| 34 | + response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate" |
| 35 | + response.headers["Expires"] = 0 |
| 36 | + response.headers["Pragma"] = "no-cache" |
| 37 | + return response |
| 38 | + |
| 39 | + |
| 40 | +""" user authentication routes """ |
| 41 | + |
| 42 | + |
| 43 | +# Forms |
| 44 | +@app.route("/login", methods=["GET", "POST"]) |
| 45 | +def login(): |
| 46 | + """Log user in""" |
| 47 | + |
| 48 | + # Forget any user_id |
| 49 | + session.clear() |
| 50 | + |
| 51 | + # User reached route via POST (as by submitting a form via POST) |
| 52 | + if request.method == "POST": |
| 53 | + # Ensure username was submitted |
| 54 | + if not request.form.get("username"): |
| 55 | + return apology("Please provide a username.", 403) |
| 56 | + |
| 57 | + # Ensure password was submitted |
| 58 | + elif not request.form.get("password"): |
| 59 | + return apology("Please provide a password.", 403) |
| 60 | + |
| 61 | + # Query database for username |
| 62 | + rows = db.execute( |
| 63 | + "SELECT * FROM users WHERE username = ?", request.form.get("username") |
| 64 | + ) |
| 65 | + |
| 66 | + # Ensure username exists and password is correct |
| 67 | + if len(rows) != 1 or not check_password_hash( |
| 68 | + rows[0]["hash"], request.form.get("password") |
| 69 | + ): |
| 70 | + return apology("invalid username and/or password", 403) |
| 71 | + |
| 72 | + # Remember which user has logged in |
| 73 | + session["user_id"] = rows[0]["id"] |
| 74 | + |
| 75 | + # Redirect user to home page |
| 76 | + return redirect("/") |
| 77 | + else: |
| 78 | + return render_template("login.html") |
| 79 | + |
| 80 | + |
| 81 | +# register |
| 82 | +@app.route("/register", methods=["GET", "POST"]) |
| 83 | +def register(): |
| 84 | + """Register user""" |
| 85 | + # Forget any user_id. |
| 86 | + session.clear() |
| 87 | + |
| 88 | + if request.method == "POST": |
| 89 | + # Get user name and password. |
| 90 | + username = request.form.get("username") |
| 91 | + password = request.form.get("password") |
| 92 | + confirmation = request.form.get("confirmation") |
| 93 | + |
| 94 | + # Validate user input. |
| 95 | + if not username: |
| 96 | + return apology("must provide username", 400) |
| 97 | + |
| 98 | + elif not password: |
| 99 | + return apology("must provide password", 400) |
| 100 | + |
| 101 | + elif not confirmation: |
| 102 | + return apology("must confirm password", 400) |
| 103 | + |
| 104 | + elif password != confirmation: |
| 105 | + return apology("must confirm password", 400) |
| 106 | + |
| 107 | + # Query the database to check if the username is already taken. |
| 108 | + existing_user = db.execute("SELECT * FROM users WHERE username = ?", username) |
| 109 | + if len(existing_user) != 0: |
| 110 | + return apology("userename taken", 400) |
| 111 | + |
| 112 | + # Generate a hash of the password. |
| 113 | + hashed_password = generate_password_hash(password) |
| 114 | + |
| 115 | + # Insert the new user into the database. |
| 116 | + db.execute( |
| 117 | + "INSERT INTO users (username, hash) VALUES (?, ?)", |
| 118 | + username, |
| 119 | + hashed_password, |
| 120 | + ) |
| 121 | + |
| 122 | + # Query the database for newly inserted user. |
| 123 | + new_user = db.execute("SELECT * FROM users WHERE username = ?", username) |
| 124 | + |
| 125 | + # Remember user. |
| 126 | + session["user_id"] = new_user[0]["id"] |
| 127 | + |
| 128 | + # Display success message. |
| 129 | + flash("Registration successful.", "success") |
| 130 | + return redirect("/") |
| 131 | + else: |
| 132 | + return render_template("register.html") |
| 133 | + |
| 134 | + |
| 135 | +# logout |
| 136 | +@app.route("/logout", methods=["GET", "POST"]) |
| 137 | +@login_required |
| 138 | +def logout(): |
| 139 | + """Log user out""" |
| 140 | + |
| 141 | + # Forget any user_id |
| 142 | + session.clear() |
| 143 | + # Redirect user to login form |
| 144 | + return redirect("/") |
| 145 | + |
| 146 | + |
| 147 | +# delete |
| 148 | +@app.route("/remove", methods=["GET", "POST"]) |
| 149 | +@login_required |
| 150 | +def remove(): |
| 151 | + """Delete user account""" |
| 152 | + if request.method == "POST": |
| 153 | + # Get user name and password. |
| 154 | + username = request.form.get("username") |
| 155 | + password = request.form.get("password") |
| 156 | + confirmation = request.form.get("confirmation") |
| 157 | + |
| 158 | + # Validate user input. |
| 159 | + if not username: |
| 160 | + return apology("must provide username", 400) |
| 161 | + elif not password: |
| 162 | + return apology("must provide password", 400) |
| 163 | + elif not confirmation: |
| 164 | + return apology("must confirm password", 400) |
| 165 | + elif password != confirmation: |
| 166 | + return apology("passwords must match", 400) |
| 167 | + |
| 168 | + # Query the database to check if the username is already taken. |
| 169 | + existing_user = db.execute("SELECT * FROM users WHERE username = ?", username) |
| 170 | + if not existing_user: |
| 171 | + return apology("Wrong username", 403) |
| 172 | + else: |
| 173 | + # Get user id. |
| 174 | + user_id_data = db.execute( |
| 175 | + "SELECT id FROM users WHERE username = ?", (username,) |
| 176 | + ) |
| 177 | + user_id = user_id_data[0]["id"] |
| 178 | + # Delete user's account and related data from the database. |
| 179 | + db.execute("DELETE FROM cart WHERE user_id = ?", (user_id,)) |
| 180 | + db.execute("DELETE FROM users WHERE username = ?", (username,)) |
| 181 | + # Display success message. |
| 182 | + flash("Account deleted successfully.", "success") |
| 183 | + session.clear() |
| 184 | + return redirect("/") |
| 185 | + else: |
| 186 | + return render_template("remove.html") |
| 187 | + |
| 188 | + |
| 189 | +@app.route("/checkout", methods=["GET", "POST"]) |
| 190 | +@login_required |
| 191 | +def checkout(): |
| 192 | + """Check out""" |
| 193 | + |
| 194 | + if request.method == "POST": |
| 195 | + # Get the form data |
| 196 | + city = request.form.get("city") |
| 197 | + address = request.form.get("address") |
| 198 | + postal_code = request.form.get("postal_code") |
| 199 | + phone_number = request.form.get("phone_number") |
| 200 | + |
| 201 | + # Validate the form data |
| 202 | + if not city or not address or not postal_code or not phone_number: |
| 203 | + return apology("Please provide all required information.", 400) |
| 204 | + elif not postal_code.isdigit() or int(postal_code) <= 0: |
| 205 | + return apology( |
| 206 | + "Invalid postal code. Please provide a valid postal code.", 400 |
| 207 | + ) |
| 208 | + elif not phone_number.isdigit() or int(phone_number) <= 0: |
| 209 | + return apology( |
| 210 | + "Invalid phone number. Please provide a valid phone number.", 400 |
| 211 | + ) |
| 212 | + |
| 213 | + try: |
| 214 | + # Get the user's ID from the session |
| 215 | + user_id = session["user_id"] |
| 216 | + |
| 217 | + # Fetch the product id from the cart table based on the user_id |
| 218 | + rows = db.execute( |
| 219 | + "SELECT product_id FROM cart WHERE user_id = ?", (user_id,) |
| 220 | + ) |
| 221 | + for row in rows: |
| 222 | + # Extract the product id from the row |
| 223 | + product_id = row["product_id"] |
| 224 | + # Insert the order into the database |
| 225 | + db.execute( |
| 226 | + "INSERT INTO orders (user_id, city, address, postal_code, phone_number, product_id) VALUES (:user_id, :city, :address, :postal_code, :phone_number, :product_id)", |
| 227 | + user_id=user_id, |
| 228 | + city=city, |
| 229 | + address=address, |
| 230 | + postal_code=postal_code, |
| 231 | + phone_number=phone_number, |
| 232 | + product_id=product_id, |
| 233 | + ) |
| 234 | + |
| 235 | + # Display success message. |
| 236 | + flash("Address saved successfully.", "success") |
| 237 | + return redirect("/cart") |
| 238 | + |
| 239 | + except Exception as e: |
| 240 | + # Log errors |
| 241 | + print("Error:", str(e)) |
| 242 | + return apology("An error occurred while saving the address.", 500) |
| 243 | + |
| 244 | + else: |
| 245 | + # Render the check out template |
| 246 | + return render_template("checkout.html") |
| 247 | + |
| 248 | + |
| 249 | +# Displaying routes |
| 250 | +@app.route("/profile", methods=["GET", "POST"]) |
| 251 | +@login_required |
| 252 | +def profile(): |
| 253 | + """Display profile""" |
| 254 | + |
| 255 | + # Get the user's ID from the session |
| 256 | + user_id = session["user_id"] |
| 257 | + # Query the database for the user's data |
| 258 | + user_data = db.execute("SELECT * FROM users WHERE id = ?", user_id) |
| 259 | + # Query the database for the user's orders |
| 260 | + orders = db.execute( |
| 261 | + "SELECT address, city, postal_code, phone_number, history, id FROM orders WHERE user_id = ?", |
| 262 | + user_id, |
| 263 | + ) |
| 264 | + # Query the database for the products in the user's cart |
| 265 | + items = db.execute( |
| 266 | + "SELECT products.price, cart.quantity FROM cart JOIN products ON cart.product_id = products.id WHERE cart.user_id = ?", |
| 267 | + user_id, |
| 268 | + ) |
| 269 | + |
| 270 | + # Calculate the total amount for the items in the cart |
| 271 | + total_amount = 0 |
| 272 | + for item in items: |
| 273 | + total_amount += item["price"] * item["quantity"] |
| 274 | + |
| 275 | + # Render the profile template with the user's data, orders, and total amount |
| 276 | + return render_template( |
| 277 | + "profile.html", user_data=user_data[0], orders=orders, total_amount=total_amount |
| 278 | + ) |
| 279 | + |
| 280 | + |
| 281 | +@app.route("/", methods=["GET", "POST"]) |
| 282 | +def index(): |
| 283 | + """Display shop catalog""" |
| 284 | + |
| 285 | + # Query the database for all products and supplies |
| 286 | + products = db.execute("SELECT * FROM products") |
| 287 | + |
| 288 | + # Renders them using the 'index.html' template. |
| 289 | + return render_template("index.html", products=products) |
| 290 | + |
| 291 | + |
| 292 | + |
| 293 | +# cart and product details |
| 294 | +@app.route("/productdetails/<int:id>", methods=["GET", "POST"]) |
| 295 | +def productdetails(id): |
| 296 | + """Display products details""" |
| 297 | + |
| 298 | + # Query the database for the product details according to its id. |
| 299 | + details = db.execute("SELECT * FROM products WHERE id=?", (id,)) |
| 300 | + # Print the product details to the console (for debugging purposes). |
| 301 | + print("Product:", details) |
| 302 | + # Renders them using the 'productdetails.html' template. |
| 303 | + return render_template("productdetails.html", details=details) |
| 304 | + |
| 305 | + |
| 306 | +@app.route("/addtocart/<id>", methods=["GET", "POST"]) |
| 307 | +@login_required |
| 308 | +def addtocart(id): |
| 309 | + """Adds products to the cart""" |
| 310 | + try: |
| 311 | + # Check if the request method is POST |
| 312 | + if request.method == "POST": |
| 313 | + # Get the quantity from the form. |
| 314 | + quantity = request.form.get("quantity") |
| 315 | + # Validate the quantity |
| 316 | + if not quantity: |
| 317 | + return apology("Must provide quantity", 400) |
| 318 | + elif not quantity.isdigit(): |
| 319 | + return apology("invalid number", 400) |
| 320 | + # Convert quantity into an int |
| 321 | + quantity = int(quantity) |
| 322 | + |
| 323 | + # Check if the quantity is less than 0 |
| 324 | + if quantity <= 0: |
| 325 | + return apology("invalid number", 400) |
| 326 | + # Get the user's ID from the session |
| 327 | + user_id = session["user_id"] |
| 328 | + # Convert the poduct id into an int |
| 329 | + product_id = int(id) |
| 330 | + |
| 331 | + # Check if product exists |
| 332 | + product = db.execute("SELECT * FROM products WHERE id=?", (id,)) |
| 333 | + if not product: |
| 334 | + return apology("product does not exist", 404) |
| 335 | + |
| 336 | + # Insert the product into the cart in the database |
| 337 | + db.execute( |
| 338 | + "INSERT INTO cart (user_id, product_id, quantity) VALUES (:user_id, :product_id, :quantity)", |
| 339 | + user_id=user_id, |
| 340 | + product_id=product_id, |
| 341 | + quantity=quantity, |
| 342 | + ) |
| 343 | + # Display success message. |
| 344 | + flash("Added to cart!", "success") |
| 345 | + # Log errors |
| 346 | + except Exception as e: |
| 347 | + app.logger.error(f"Error in addtocart: {e}") |
| 348 | + return apology("an error occurred", 500) |
| 349 | + else: |
| 350 | + # Render the product details page |
| 351 | + return render_template("productdetails.html") |
| 352 | + |
| 353 | + |
| 354 | +@app.route("/cart", methods=["GET", "POST"]) |
| 355 | +@login_required |
| 356 | +def cart(): |
| 357 | + """Display cart""" |
| 358 | + |
| 359 | + # Get the user's ID from the session |
| 360 | + user_id = session["user_id"] |
| 361 | + # Query the data base to get the data of the products in the user's cart |
| 362 | + query = """ SELECT p.id, p.name, p.price, p.availability, p.cover, c.quantity |
| 363 | + FROM products p |
| 364 | + INNER JOIN cart c ON p.id = c.product_id |
| 365 | + WHERE c.user_id = ? |
| 366 | + """ |
| 367 | + # Execute the SQL query |
| 368 | + rows = db.execute(query, (user_id,)) |
| 369 | + # Renders them using the 'cart.html' template. |
| 370 | + return render_template("cart.html", rows=rows) |
| 371 | + |
| 372 | + |
| 373 | + |
0 commit comments