OneCompiler

changes

130

from flask import Flask, render_template, request, redirect, url_for, session, flash
from flask_session import Session
import psycopg2
import psycopg2.extras

app = Flask(name)
app.config['SESSION_PERMANENT'] = False
app.config['SESSION_TYPE'] = 'filesystem'
Session(app)

DB_CONFIG = {
"database": "postgres",
"user": "postgres",
"password": "postgres123",
"host": "localhost",
"port": "5432"
}

def get_db_connection():
"""Creates a new database connection for each request."""
return psycopg2.connect(**DB_CONFIG, cursor_factory=psycopg2.extras.DictCursor)

@app.route('/', methods=['GET', 'POST'])
def login():
"""Handles user login."""
if request.method == 'POST':
username = request.form['username']
password = request.form['password'] # Insecure: Should be hashed & verified

    conn = get_db_connection()
    cur = conn.cursor()
    cur.execute("SELECT * FROM check_admin WHERE username=%s AND password=%s", (username, password))
    admin = cur.fetchone()
    conn.close()

    if admin:
        session['logged_in'] = True
        return redirect(url_for('enter_telephone'))
    else:
        flash("Invalid credentials!", "danger")

return render_template('login.html')

@app.route('/enter-telephone', methods=['GET', 'POST'])
def enter_telephone():
"""Page where user enters their telephone number."""
if not session.get('logged_in'):
return redirect(url_for('login'))

if request.method == 'POST':
    telephone_no = request.form['telephone_no']
    
    conn = get_db_connection()
    cur = conn.cursor()
    cur.execute("SELECT * FROM Customer_info WHERE Telephone_No=%s", (telephone_no,))
    customer = cur.fetchone()
    print(customer)
    conn.close()
    # print(customer)
    if customer:
        print(customer['payment_status'])
        if customer['payment_status']=='paid':
            print("bills paid")
            flash("No pending Recharges")
        else:
            session['customer'] = dict(customer)  # Store fetched details in session
            return redirect(url_for('customer_payment'))
    else:
        print("Customer not found!", "danger")

return render_template('enter_telephone.html')

@app.route('/customer-payment', methods=['GET', 'POST'])
def customer_payment():
"""Handles payment processing."""
if not session.get('logged_in'):
return redirect(url_for('login'))

customer = session.get('customer')
if not customer:
    return redirect(url_for('enter_telephone'))
if customer['payment_status']=='paid':
    return redirect(url_for('receipt'))
if request.method == 'POST':
    amount_to_pay=customer['amount_payable']
    payment_method = request.form['payment_method']
    conn = get_db_connection()
    cur = conn.cursor()
    cur.execute("UPDATE Customer_info SET Payment_Status='Paid', paid_dt_time=NOW() WHERE Telephone_No=%s", 
                (customer['telephone_no'],))
    customer['payment_status']='paid'
    from datetime import date
    today = str(date.today())
    # print(today) 
    customer['paid_dt_time']=today
    print(customer)
    conn.commit()
    conn.close()

    # Store payment details in session
    session['payment_details'] = {
        'customer': customer,
        'amount_paid': amount_to_pay,
        'payment_method': payment_method,
    }
    return redirect(url_for('receipt'))

return render_template('customer_payment.html', customer=customer)

@app.route('/receipt')
def receipt():
"""Displays receipt after successful payment."""
if not session.get('logged_in'):
return redirect(url_for('login'))

payment_details = session.get('payment_details')
if not payment_details:
    return redirect(url_for('enter_telephone'))
# print(payment_details)
return render_template('receipt.html', **payment_details)

@app.route('/logout')
def logout():
"""Logs out the user."""
session.clear()
return redirect(url_for('login'))

if name == 'main':
app.run(debug=True)