CS50_finalProject/application.py at main · cajjunior/CS50_finalProject · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
import re

from cs50 import SQL
from flask import Flask, redirect, render_template, request, session
from flask_session import Session
from werkzeug.security import check_password_hash, generate_password_hash

# Customize value to Reais standards
def real(value):
    return f"R${value:,.2f}"

# run flask
app = Flask(__name__)
app.config["SESSION_PERMANET"] = False
app.config["SESSION_TYPE"] = "filesystem"
Session(app)

# Custom filter
app.jinja_env.filters["real"] = real

# Define db
db = SQL("sqlite:///alphahops.db")


@app.route("/")
def index():

    # If not logged in redirect user
    if not session.get("user_id"):
        return redirect("/login")
    return render_template("index.html")

    # Set counter to blink on screen
    beer_stock = db.execute("SELECT SUM(orders) FROM orders")
    stock = beer_stock[0]["SUM(orders)"]
    # Assume total stock as 100 units
    total_stock = 100
    session["stock"] = total_stock - stock


@app.route("/order", methods=["GET", "POST"])
def order():
    # Ensure user is logged in
    if not session.get("user_id"):
        return redirect("/login")

    username = session["username"]
    order = request.form.get("order")

    # Error check
    if not order:
        return render_template("error.html", message="Missing order quantity!")

    # Avoid non positive int
    if int(order) <= 0:
        return render_template("error.html", message="Order quantity must be positive!")

    # Variables to calculate total price and update stock(counter) and place order into db
    price_db = db.execute("SELECT price FROM orders")
    price = price_db[0]["price"]
    total = int(order) * price

    # Counter
    beer_stock = db.execute("SELECT SUM(orders) FROM orders")
    stock = beer_stock[0]["SUM(orders)"] + int(order)
    # Assume total stock as 100 units
    total_stock = 100
    session["stock"] = total_stock - stock
    counter = session["stock"]

    # if sold out
    if beer_stock[0]["SUM(orders)"] == 100:
            # reset counter without last order
            session["stock"] = total_stock - beer_stock[0]["SUM(orders)"]
            return render_template("error.html", message="Sorry, SOLD OUT!")


    # If not enough stock
    if stock > total_stock:
            # reset counter without last order
            session["stock"] = total_stock - beer_stock[0]["SUM(orders)"]
            return render_template("error.html", message="Sorry, quantity is over stock. Check stock quantity and order again!")

    # Insert into db new order
    db.execute("INSERT INTO orders (name, orders, total) VALUES(?, ?, ?)", username, order, total)

    # redirect to my order page
    return redirect("/orders")


@app.route("/orders")
def orders():
    # Ensure user is logged in
    if not session.get("user_id"):
        return redirect("/login")

    # Run db to show users orders
    username = session["username"]
    orders = db.execute("SELECT * FROM orders WHERE name = ? ORDER BY time DESC", username)
    return render_template("orders.html", orders=orders)


@app.route("/login", methods=["GET", "POST"])
def login():

    # Forget any user_id
    session.clear()

    # Counter
    beer_stock = db.execute("SELECT SUM(orders) FROM orders")
    stock = beer_stock[0]["SUM(orders)"]
    session["stock"] = 100 - stock

    # Get info by POST method
    if request.method == "POST":

        # Ensure username was submitted
        if not request.form.get("username"):
            return render_template("error.html", message="Must provide username!")

        # Ensure password was submitted
        if not request.form.get("password"):
            return render_template("error.html", message="Must provide password!")

        # run db to get users info
        rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))

        # Ensure username exists and password is correct
        if len(rows) != 1 or not check_password_hash(rows[0]["hash"], request.form.get("password")):
            return render_template("error.html", message="Invalid username and/or password")

        # Remember user id and username
        session["user_id"] = rows[0]["id"]
        session["username"] = rows[0]["username"]

        return redirect("/")
    # If GET method
    else:
        return render_template("login.html")


@app.route("/logout")
def logout():
    # clear session
    session["user_id"] = None
    return redirect("/")


@app.route("/register", methods=["GET", "POST"])
def register():

    # Forget any user_id
    session.clear()

    # Register User reached via POST method
    if (request.method == "POST"):
        # match "name" field in html code ("name=username")
        username = request.form.get("username")
        email = request.form.get("email")
        phone = request.form.get("phone")
        password = request.form.get("password")
        confirmation = request.form.get("confirmation")

        # Ensure username was submitted (blank)
        if not username:
            return render_template("error.html", message="Must provide username!")

        # Ensure email and phone was submitted (blank)
        if not email or not phone:
            return render_template("error.html", message="Must provide phone and email!")

        # Ensure username is unique
        users = db.execute("SELECT username FROM users")

        for user in users:
            if user["username"] == username:
                return render_template("error.html", message="Username already exists!")

        # Password conditions (at least 6 characters including 1 capital letter and 1 number)
        if len(password) < 6:
            return render_template("error.html", message="Your password must have at least 6 characters!")
        elif re.search("[0-9]", password) is None:
            return render_template("error.html", message="You must have a number in your password!")
        elif re.search("[A-Z]", password) is None:
            return render_template("error.html", message="You must have a capital letter in you password!")

        # Ensure password was submitted
        elif not password:
            return render_template("error.html", message="Password is required!")

        # Ensure confirmation password was submitted
        elif not confirmation:
            return render_template("error.html", message="Password confirmation is required!")

        # Ensure password matches
        if password != confirmation:
            return render_template("error.html", message="Password must match!")

        # Hash function // generate hash password
        hash = generate_password_hash(password)

        # Try /excecpt condition to check if user exists
        try:
            # Insert data in database using hash password
            db.execute("INSERT INTO users (username, email, phone, hash) VALUES (?, ?, ?, ?)", username, email, phone, hash)
            return redirect("/")
        except:
            return render_template("error.html", message="Username already exists!")

    else:
        return render_template("register.html")