from cs50 import SQLfrom flask import Flask, flash, redirect, render_template,

1. from cs50 import SQL
2. from flask import Flask, flash, redirect, render_template, request, session, url_for
3. from flask_session import Session
4. from passlib.apps import custom_app_context as pwd_context
5. from tempfile import gettempdir
6.  
7. from helpers import *
8.  
9. # configure application
10. app = Flask(__name__)
11.  
12. # ensure responses aren't cached
13. if app.config["DEBUG"]:
14. @app.after_request
15. def after_request(response):
16. response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
17. response.headers["Expires"] = 0
18. response.headers["Pragma"] = "no-cache"
19. return response
20.  
21. # custom filter
22. app.jinja_env.filters["usd"] = usd
23.  
24. # configure session to use filesystem (instead of signed cookies)
25. app.config["SESSION_FILE_DIR"] = gettempdir()
26. app.config["SESSION_PERMANENT"] = False
27. app.config["SESSION_TYPE"] = "filesystem"
28. Session(app)
29.  
30. # configure CS50 Library to use SQLite database
31. db = SQL("sqlite:///finance.db")
32.  
33. @app.route("/")
34. @login_required
35. def index():
36.  
37. indexrow = db.execute("SELECT share, sum(sharequantity) as sharequantity FROM portfolio WHERE userid = :user_id group by share", user_id=session["user_id"])
38. for i in indexrow:
39. symbol = lookup(i["share"])
40. price = symbol["price"]
41. sharequantity = i["sharequantity"]
42. total = price * sharequantity
43. name = symbol["name"]
44. ticker = symbol["symbol"]
45. i["ticker"] = ticker
46. i["price"] = price
47. i["name"] = name
48. i["total"] = total
49.  
50.  
51. return render_template('index.html', indexrow = indexrow)
52.  
53. @app.route("/buy", methods=["GET", "POST"])
54. @login_required
55. def buy():
56. """Buy shares of stock."""
57. if request.method == 'GET':
58. return render_template('buy.html')
59. tobuy = request.form.get('tobuy')
60. amount = request.form.get('amount')
61. if lookup(tobuy) == None:
62. return apology("Quote doesn't exist!")
63. cashrow = db.execute("SELECT * FROM users WHERE id = :user_id", user_id=session["user_id"])
64. cash_user = cashrow[0]["cash"]
65. sharetobuy = lookup(tobuy)
66. if (sharetobuy["price"] * int(amount) > cash_user):
67. return apology("Insufficient funds!")
68. else:
69. cash_user = cash_user - (sharetobuy["price"] * int(amount))
70. db.execute('INSERT INTO userhistory (userid, share, sharequantity, price) VALUES (:userid, :share, :sharequantity, :price)', userid=session["user_id"], share=sharetobuy["symbol"], sharequantity=amount, price=sharetobuy["price"])
71. db.execute('UPDATE users SET cash=:cash WHERE id=:id', cash=cash_user, id=session["user_id"])
72. portfolio = db.execute('SELECT * FROM portfolio WHERE userid=:userid AND share=:share', userid=session["user_id"], share=sharetobuy["symbol"])
73. if len(portfolio) == 0:
74. db.execute('INSERT INTO portfolio (userid, price, share, name, sharequantity) VALUES (:userid, :price, :share, :name, :sharequantity)', userid=session["user_id"], price=sharetobuy["price"], share=sharetobuy["symbol"], name=sharetobuy["name"], sharequantity=amount )
75. else:
76. db.execute('UPDATE portfolio SET price=:price, sharequantity=:sharequantity WHERE userid=:userid', price=sharetobuy["price"], sharequantity=portfolio[0]["sharequantity"] + int(amount), userid=session["user_id"])
77. return redirect(url_for("index"))
78.  
79.  
80. @app.route("/history")
81. @login_required
82. def history():
83. """Show history of transactions."""
84. historyrow = db.execute('SELECT share, sharequantity, timestamp, price FROM userhistory WHERE userid=:user_id', user_id=session["user_id"])
85. for i in historyrow:
86. symbol = lookup(i["share"])
87. sharequantitiy = i["sharequantity"]
88. price = symbol["price"]
89. ticker = symbol["symbol"]
90. timestamp = i["timestamp"]
91. i["ticker"] = ticker
92. i["price"] = price
93.  
94. return render_template('history.html', historyrow = historyrow)
95.  
96.  
97.  
98. @app.route("/login", methods=["GET", "POST"])
99. def login():
100. """Log user in."""
101.  
102. # forget any user_id
103. session.clear()
104.  
105. # if user reached route via POST (as by submitting a form via POST)
106. if request.method == "POST":
107.  
108. # ensure username was submitted
109. if not request.form.get("username"):
110. return apology("must provide username")
111.  
112. # ensure password was submitted
113. elif not request.form.get("password"):
114. return apology("must provide password")
115.  
116. # query database for username
117. rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))
118.  
119. # ensure username exists and password is correct
120. if len(rows) != 1 or not pwd_context.verify(request.form.get("password"), rows[0]["hash"]):
121. return apology("invalid username and/or password")
122.  
123. # remember which user has logged in
124. session["user_id"] = rows[0]["id"]
125.  
126. # redirect user to home page
127. return redirect(url_for("index"))
128.  
129. # else if user reached route via GET (as by clicking a link or via redirect)
130. else:
131. return render_template("login.html")
132.  
133. @app.route("/logout")
134. def logout():
135. """Log user out."""
136.  
137. # forget any user_id
138. session.clear()
139.  
140. # redirect user to login form
141. return redirect(url_for("login"))
142.  
143. @app.route("/quote", methods=["GET", "POST"])
144. @login_required
145. def quote():
146. if request.method == 'GET':
147. return render_template('quote.html')
148. quote = request.form.get('quote')
149. quote_output = lookup(quote)
150. if quote_output == None:
151. return apology("TODO")
152. else:
153. return render_template('quoted.html', the_quote=quote_output['name'], the_price=usd(quote_output['price']), the_symbol=quote_output['symbol'])
154.  
155. @app.route("/register", methods=["GET", "POST"])
156. def register():
157. """Register user."""
158. if request.method == 'GET':
159. return render_template('register.html')
160. username = request.form.get('username')
161. # if db.execute('SELECT * FROM users WHERE username == :username', username):
162. password = request.form.get('password')
163. repassword = request.form.get('repassword')
164. if(password != repassword):
165. return apology("Passwords don't Match!")
166. else:
167. # db.execute('INSERT INTO users (username, password) VALUES (:username, :password)', username=username, password=pwd_context.encrypt(password))
168. db.execute('INSERT INTO users (username, hash) VALUES (:username, :password)', username=username, password=pwd_context.encrypt(password))
169.  
170.  
171. return redirect(url_for('index'))
172.  
173.  
174. @app.route("/sell", methods=["GET", "POST"])
175. @login_required
176. def sell():
177. """Sell shares of stock."""
178. if request.method == 'GET':
179. return render_template('sell.html')
180. tosell = request.form.get('tosell')
181. amount = request.form.get('amount')
182. if lookup(tosell) == None:
183. return apology("Quote doesn't exist!")
184. sharetosell = lookup(tosell)
185. sellrow = db.execute('SELECT share, sum(sharequantity) as sharequantity FROM portfolio WHERE userid = :user_id group by share', user_id=session["user_id"])
186. portfolio = db.execute('SELECT * FROM portfolio WHERE userid=:userid AND share=:share', userid=session["user_id"], share=sharetosell["symbol"])
187.  
188. if len(portfolio) == 0:
189. return apology("Not in your possession")
190. if int(amount) <= 0:
191. return apology("Invalid Shares")
192. elif int(amount) > int(portfolio[0]["sharequantity"]):
193. return apology("Too many shares")
194.  
195. cashrow = db.execute("SELECT * FROM users WHERE id = :user_id", user_id=session["user_id"])
196. cash_user = cashrow[0]["cash"]
197. cash_user = cash_user + (sharetosell["price"] * int(amount))
198. db.execute('INSERT INTO userhistory(userid, share, sharequantity, price) VALUES (:userid, :share, :sharequantity, :price)', userid=session["user_id"], share=sharetosell["symbol"], sharequantity=int(amount)*(-1), price=sharetosell["price"])
199. db.execute('UPDATE users SET cash=:cash WHERE id=:id', cash=cash_user, id=session["user_id"])
200. db.execute('UPDATE portfolio SET sharequantity=:sharequantity WHERE userid=:userid', sharequantity=portfolio[0]["sharequantity"] - int(amount), userid=session["user_id"])
201.  
202. checker = db.execute('SELECT * FROM portfolio WHERE sharequantity=0')
203. if checker != 0:
204. db.execute('DELETE FROM portfolio WHERE sharequantity=0')
205.  
206. return redirect(url_for("index"))