Update app.py

app.py

@@ -8,14 +8,16 @@ import threading
 import time
 from datetime import datetime
 from huggingface_hub import HfApi, hf_hub_download
-from huggingface_hub.utils import RepositoryNotFoundError
+from huggingface_hub.utils import RepositoryNotFoundError, HfHubHTTPError
 from werkzeug.utils import secure_filename
 from dotenv import load_dotenv
+import shutil # Added for atomic saves
 
 load_dotenv()
 
 app = Flask(__name__)
-app.secret_key = 'your_unique_secret_key_soola_cosmetics_67890'
+# IMPORTANT: Replace this with a strong, unique secret key, preferably stored securely (e.g., environment variable)
+app.secret_key = os.getenv('FLASK_SECRET_KEY', 'replace_this_with_a_real_secret_key_soola_67890')
 DATA_FILE = 'data_soola.json'
 USERS_FILE = 'users_soola.json'
 
@@ -26,118 +28,147 @@ HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
 HF_TOKEN_READ = os.getenv("HF_TOKEN_READ")
 
 STORE_ADDRESS = "Рынок Дордой, Джунхай, терминал, 38"
-
 CURRENCY_CODE = 'KGS'
 CURRENCY_NAME = 'Кыргызский сом (с)'
 
 logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
 
+def download_db_from_hf(specific_file=None):
+    if not HF_TOKEN_READ and not HF_TOKEN_WRITE:
+        logging.warning("Neither HF_TOKEN_READ nor HF_TOKEN_WRITE is set. Attempting download without token (may fail for private repos).")
+    token_to_use = HF_TOKEN_READ if HF_TOKEN_READ else HF_TOKEN_WRITE # Use write token if read token isn't available
+
+    files_to_download = [specific_file] if specific_file else SYNC_FILES
+    logging.info(f"Attempting to download files {files_to_download} from HF repo {REPO_ID}...")
+    downloaded_files_count = 0
+    all_successful = True
+    try:
+        for file_name in files_to_download:
+            try:
+                local_path = hf_hub_download(
+                    repo_id=REPO_ID,
+                    filename=file_name,
+                    repo_type="dataset",
+                    token=token_to_use,
+                    local_dir=".",
+                    local_dir_use_symlinks=False,
+                    force_download=True,
+                    cache_dir=None # Avoid caching issues when forcing download
+                )
+                logging.info(f"File {file_name} successfully downloaded from Hugging Face to {local_path}.")
+                downloaded_files_count += 1
+            except RepositoryNotFoundError:
+                 logging.error(f"Repository {REPO_ID} not found on Hugging Face. Download aborted.")
+                 all_successful = False
+                 break
+            except HfHubHTTPError as e:
+                if e.response.status_code == 404:
+                     logging.warning(f"File {file_name} not found in repository {REPO_ID}. Skipping download for this file.")
+                else:
+                    logging.error(f"HTTP error downloading {file_name} from Hugging Face: {e}", exc_info=True)
+                    all_successful = False
+            except Exception as e:
+                 logging.error(f"Error downloading file {file_name} from Hugging Face: {e}", exc_info=True)
+                 all_successful = False
+        logging.info(f"HF download process finished. Downloaded {downloaded_files_count}/{len(files_to_download)} files.")
+    except Exception as e:
+        logging.error(f"General error during Hugging Face download attempt: {e}", exc_info=True)
+        all_successful = False
+    return all_successful
+
 def load_data():
+    file_path = DATA_FILE
+    default_structure = {'products': [], 'categories': []}
+    download_success = download_db_from_hf(specific_file=file_path)
+
+    if not os.path.exists(file_path):
+        logging.warning(f"Local file {file_path} not found, even after download attempt. Initializing with empty structure.")
+        with open(file_path, 'w', encoding='utf-8') as f:
+            json.dump(default_structure, f)
+        return default_structure
+
     try:
-        download_db_from_hf()
-        with open(DATA_FILE, 'r', encoding='utf-8') as file:
+        with open(file_path, 'r', encoding='utf-8') as file:
             data = json.load(file)
-            logging.info(f"Данные успешно загружены из {DATA_FILE}")
-            if not isinstance(data, dict):
-                 logging.warning(f"{DATA_FILE} не является словарем. Инициализация пустой структурой.")
-                 return {'products': [], 'categories': []}
-            if 'products' not in data:
-                data['products'] = []
-            if 'categories' not in data:
-                data['categories'] = []
-            return data
-    except FileNotFoundError:
-        logging.warning(f"Локальный файл {DATA_FILE} не найден. Попытка скачать с HF.")
-        try:
-            if not os.path.exists(DATA_FILE):
-                with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'products': [], 'categories': []}, f)
-                logging.info(f"Создан пустой файл {DATA_FILE}")
-                return {'products': [], 'categories': []}
-            else:
-                 with open(DATA_FILE, 'r', encoding='utf-8') as file:
-                    data = json.load(file)
-                    logging.info(f"Данные успешно загружены из {DATA_FILE} после попытки скачивания.")
-                    if not isinstance(data, dict): return {'products': [], 'categories': []}
-                    if 'products' not in data: data['products'] = []
-                    if 'categories' not in data: data['categories'] = []
-                    return data
-        except (FileNotFoundError, RepositoryNotFoundError) as e:
-             logging.warning(f"Файл {DATA_FILE} не найден локально и ошибка при доступе к репозиторию HF ({e}). Создание пустой структуры.")
-             if not os.path.exists(DATA_FILE):
-                 with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'products': [], 'categories': []}, f)
-             return {'products': [], 'categories': []}
-        except json.JSONDecodeError:
-            logging.error(f"Ошибка декодирования JSON в {DATA_FILE} после попытки скачивания.")
-            return {'products': [], 'categories': []}
-        except Exception as e:
-            logging.error(f"Неизвестная ошибка при загрузке данных после попытки скачивания: {e}")
-            return {'products': [], 'categories': []}
+        logging.info(f"Data successfully loaded from {file_path}")
+
+        if not isinstance(data, dict):
+            logging.warning(f"{file_path} content is not a dictionary. Resetting to default structure.")
+            return default_structure
+        if 'products' not in data or not isinstance(data['products'], list):
+            logging.warning(f"'products' key missing or not a list in {file_path}. Initializing.")
+            data['products'] = []
+        if 'categories' not in data or not isinstance(data['categories'], list):
+            logging.warning(f"'categories' key missing or not a list in {file_path}. Initializing.")
+            data['categories'] = []
+        return data
     except json.JSONDecodeError:
-        logging.error(f"Ошибка декодирования JSON в локальном {DATA_FILE}. Файл может быть поврежден. Возврат пустой структуры.")
-        return {'products': [], 'categories': []}
+        logging.error(f"JSON decode error in {file_path}. File might be corrupted. Returning default structure.", exc_info=True)
+        # Optionally, try to re-download on decode error? Or just return default.
+        # For now, returning default to prevent cascading errors.
+        return default_structure
     except Exception as e:
-        logging.error(f"Неизвестная ошибка при загрузке данных ({DATA_FILE}): {e}", exc_info=True)
-        return {'products': [], 'categories': []}
+        logging.error(f"Unknown error loading data from {file_path}: {e}", exc_info=True)
+        return default_structure
 
-
-def save_data(data):
+def save_data_atomic(data, file_path):
+    temp_file_path = file_path + '.tmp'
     try:
-        with open(DATA_FILE, 'w', encoding='utf-8') as file:
+        with open(temp_file_path, 'w', encoding='utf-8') as file:
             json.dump(data, file, ensure_ascii=False, indent=4)
-        logging.info(f"Данные успешно сохранены в {DATA_FILE}")
-        upload_db_to_hf(specific_file=DATA_FILE)
+        # Atomically replace the old file with the new one
+        shutil.move(temp_file_path, file_path)
+        logging.info(f"Data successfully saved atomically to {file_path}")
+        return True
     except Exception as e:
-        logging.error(f"Ошибка при сохранении данных в {DATA_FILE}: {e}", exc_info=True)
+        logging.error(f"Error during atomic save to {file_path}: {e}", exc_info=True)
+        # Clean up temp file if it exists
+        if os.path.exists(temp_file_path):
+            try:
+                os.remove(temp_file_path)
+            except OSError as rm_err:
+                logging.error(f"Error removing temporary file {temp_file_path}: {rm_err}")
+        return False
+
+def save_data(data):
+    if save_data_atomic(data, DATA_FILE):
+        upload_db_to_hf(specific_file=DATA_FILE)
 
 def load_users():
+    file_path = USERS_FILE
+    default_structure = {}
+    download_success = download_db_from_hf(specific_file=file_path)
+
+    if not os.path.exists(file_path):
+        logging.warning(f"Local file {file_path} not found, even after download attempt. Initializing with empty structure.")
+        with open(file_path, 'w', encoding='utf-8') as f:
+            json.dump(default_structure, f)
+        return default_structure
+
     try:
-        with open(USERS_FILE, 'r', encoding='utf-8') as file:
+        with open(file_path, 'r', encoding='utf-8') as file:
             users = json.load(file)
-            logging.info(f"Данные пользователей успешно загружены из {USERS_FILE}")
-            return users if isinstance(users, dict) else {}
-    except FileNotFoundError:
-        logging.warning(f"Локальный файл {USERS_FILE} не найден. Попытка скачать с HF.")
-        try:
-            download_db_from_hf(specific_file=USERS_FILE)
-            with open(USERS_FILE, 'r', encoding='utf-8') as file:
-                 users = json.load(file)
-                 logging.info(f"Данные пользователей загружены из {USERS_FILE} после скачивания.")
-                 return users if isinstance(users, dict) else {}
-        except (FileNotFoundError, RepositoryNotFoundError):
-             logging.warning(f"Файл {USERS_FILE} не найден локально и в репозитории HF. Создание пустого файла.")
-             with open(USERS_FILE, 'w', encoding='utf-8') as f: json.dump({}, f)
-             return {}
-        except json.JSONDecodeError:
-             logging.error(f"Ошибка декодирования JSON в {USERS_FILE} после скачивания.")
-             return {}
-        except Exception as e:
-             logging.error(f"Неизвестная ошибка при загрузке пользователей после скачивания: {e}", exc_info=True)
-             return {}
+        logging.info(f"User data successfully loaded from {file_path}")
+        return users if isinstance(users, dict) else default_structure
     except json.JSONDecodeError:
-        logging.error(f"Ошибка декодирования JSON в локальном {USERS_FILE}. Файл может быть поврежден. Возврат пустого словаря.")
-        return {}
+        logging.error(f"JSON decode error in {file_path}. File might be corrupted. Returning default structure.", exc_info=True)
+        return default_structure
     except Exception as e:
-        logging.error(f"Неизвестная ошибка при загрузке пользователей ({USERS_FILE}): {e}", exc_info=True)
-        return {}
+        logging.error(f"Unknown error loading users from {file_path}: {e}", exc_info=True)
+        return default_structure
 
 def save_users(users):
-    try:
-        with open(USERS_FILE, 'w', encoding='utf-8') as file:
-            json.dump(users, file, ensure_ascii=False, indent=4)
-        logging.info(f"Данные пользователей успешно сохранены в {USERS_FILE}")
+    if save_data_atomic(users, USERS_FILE):
         upload_db_to_hf(specific_file=USERS_FILE)
-    except Exception as e:
-        logging.error(f"Ошибка при сохранении данных пользователей в {USERS_FILE}: {e}", exc_info=True)
-
 
 def upload_db_to_hf(specific_file=None):
     if not HF_TOKEN_WRITE:
-        logging.warning("Переменная окружения HF_TOKEN (для записи) не установлена. Загрузка на Hugging Face пропущена.")
+        logging.warning("HF_TOKEN (for writing) not set. Skipping upload to Hugging Face.")
         return
     try:
         api = HfApi()
         files_to_upload = [specific_file] if specific_file else SYNC_FILES
-        logging.info(f"Начало загрузки файлов {files_to_upload} на HF репозиторий {REPO_ID}...")
+        logging.info(f"Starting upload of {files_to_upload} to HF repo {REPO_ID}...")
 
         for file_name in files_to_upload:
             if os.path.exists(file_name):
@@ -150,66 +181,29 @@ def upload_db_to_hf(specific_file=None):
                         token=HF_TOKEN_WRITE,
                         commit_message=f"Sync {file_name} {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
                     )
-                    logging.info(f"Файл {file_name} успешно загружен на Hugging Face.")
+                    logging.info(f"File {file_name} successfully uploaded to Hugging Face.")
                 except Exception as e:
-                     logging.error(f"Ошибка при загрузке файла {file_name} на Hugging Face: {e}")
+                     logging.error(f"Error uploading file {file_name} to Hugging Face: {e}")
             else:
-                logging.warning(f"Файл {file_name} не найден локально, пропуск загрузки.")
-        logging.info("Загрузка файлов на HF завершена.")
-    except Exception as e:
-        logging.error(f"Общая ошибка при инициализации или загрузке на Hugging Face: {e}", exc_info=True)
-
-def download_db_from_hf(specific_file=None):
-    if not HF_TOKEN_READ:
-        logging.warning("Переменная окружения HF_TOKEN_READ не установлена. Попытка скачивания с Hugging Face без токена (может не сработать для приватных репо).")
-
-    files_to_download = [specific_file] if specific_file else SYNC_FILES
-    logging.info(f"Начало скачивания файлов {files_to_download} с HF репозитория {REPO_ID}...")
-    downloaded_files_count = 0
-    try:
-        for file_name in files_to_download:
-            try:
-                local_path = hf_hub_download(
-                    repo_id=REPO_ID,
-                    filename=file_name,
-                    repo_type="dataset",
-                    token=HF_TOKEN_READ,
-                    local_dir=".",
-                    local_dir_use_symlinks=False,
-                    force_download=True
-                )
-                logging.info(f"Файл {file_name} успешно скачан из Hugging Face в {local_path}.")
-                downloaded_files_count += 1
-            except RepositoryNotFoundError:
-                 logging.error(f"Репозиторий {REPO_ID} не найден на Hugging Face. Скачивание прервано.")
-                 break
-            except Exception as e:
-                if "404" in str(e) or isinstance(e, FileNotFoundError):
-                     logging.warning(f"Файл {file_name} не найден в репозитории {REPO_ID} или ошибка доступа. Пропуск скачивания этого файла.")
-                else:
-                    logging.error(f"Ошибка при скачивании файла {file_name} с Hugging Face: {e}", exc_info=True)
-        logging.info(f"Скачивание файлов с HF завершено. Скачано файлов: {downloaded_files_count}/{len(files_to_download)}.")
-    except RepositoryNotFoundError:
-        logging.error(f"Репозиторий {REPO_ID} не найден на Hugging Face. Скачивание не выполнено.")
+                logging.warning(f"File {file_name} not found locally, skipping upload.")
+        logging.info("HF upload process finished.")
     except Exception as e:
-        logging.error(f"Общая ошибка при попытке скачивания с Hugging Face: {e}", exc_info=True)
-
+        logging.error(f"General error during Hugging Face upload initialization or process: {e}", exc_info=True)
 
 def periodic_backup():
-    backup_interval = 1800
-    logging.info(f"Настройка периодического резервного копирования каждые {backup_interval} секунд.")
+    backup_interval = 1800 # 30 minutes
+    logging.info(f"Setting up periodic backup every {backup_interval} seconds.")
     while True:
         time.sleep(backup_interval)
-        logging.info("Запуск периодического резервного копирования...")
+        logging.info("Starting periodic backup...")
         upload_db_to_hf()
-        logging.info("Периодическое резервное копирование завершено.")
-
+        logging.info("Periodic backup finished.")
 
 @app.route('/')
 def catalog():
     data = load_data()
     all_products = data.get('products', [])
-    categories = data.get('categories', [])
+    categories = sorted(data.get('categories', []))
     is_authenticated = 'user' in session
 
     products_in_stock = [p for p in all_products if p.get('in_stock', True)]
@@ -245,7 +239,6 @@ def catalog():
             body.dark-mode .theme-toggle:hover { color: #55a683; }
             .store-address { padding: 15px; text-align: center; background-color: #ffffff; margin: 20px 0; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.05); font-size: 1rem; color: #44524c; }
             body.dark-mode .store-address { background-color: #253f37; color: #b0c8c1; }
-
             .filters-container { margin: 20px 0; display: flex; flex-wrap: wrap; gap: 10px; justify-content: center; }
             .search-container { margin: 20px 0; text-align: center; }
             #search-input { width: 90%; max-width: 600px; padding: 12px 18px; font-size: 1rem; border: 1px solid #d1e7dd; border-radius: 25px; outline: none; box-shadow: 0 2px 5px rgba(0,0,0,0.05); transition: all 0.3s ease; }
@@ -256,9 +249,11 @@ def catalog():
             body.dark-mode .category-filter { background-color: #253f37; border-color: #2c4a41; color: #97b7ae; }
             .category-filter.active, .category-filter:hover { background-color: #1C6758; color: white; border-color: #1C6758; box-shadow: 0 2px 10px rgba(28, 103, 88, 0.3); }
             body.dark-mode .category-filter.active, body.dark-mode .category-filter:hover { background-color: #3D8361; border-color: #3D8361; color: #1a2b26; box-shadow: 0 2px 10px rgba(61, 131, 97, 0.4); }
-
             .products-grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 20px; padding: 10px; }
-            .product { background: #fff; border-radius: 15px; padding: 0; box-shadow: 0 4px 15px rgba(0, 0, 0, 0.08); transition: transform 0.3s cubic-bezier(0.4, 0, 0.2, 1), box-shadow 0.3s ease; overflow: hidden; display: flex; flex-direction: column; justify-content: space-between; height: 100%; border: 1px solid #e1f0e9;}
+            @media (min-width: 600px) { .products-grid { grid-template-columns: repeat(3, 1fr); } }
+            @media (min-width: 900px) { .products-grid { grid-template-columns: repeat(4, 1fr); } }
+            @media (min-width: 1200px) { .products-grid { grid-template-columns: repeat(5, 1fr); } }
+            .product { background: #fff; border-radius: 15px; padding: 0; box-shadow: 0 4px 15px rgba(0, 0, 0, 0.08); transition: transform 0.3s cubic-bezier(0.4, 0, 0.2, 1), box-shadow 0.3s ease; overflow: hidden; display: flex; flex-direction: column; justify-content: space-between; height: 100%; border: 1px solid #e1f0e9; position: relative;}
             body.dark-mode .product { background: #253f37; box-shadow: 0 4px 15px rgba(0, 0, 0, 0.2); border-color: #2c4a41; }
             .product:hover { transform: translateY(-5px) scale(1.02); box-shadow: 0 6px 20px rgba(0, 0, 0, 0.12); }
             body.dark-mode .product:hover { box-shadow: 0 6px 20px rgba(0, 0, 0, 0.3); }
@@ -276,13 +271,11 @@ def catalog():
             .product-button { display: block; width: 100%; padding: 10px; border: none; border-radius: 8px; background-color: #1C6758; color: white; font-size: 0.9rem; font-weight: 500; cursor: pointer; transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1); text-align: center; text-decoration: none; }
             .product-button:hover { background-color: #164B41; box-shadow: 0 4px 15px rgba(22, 75, 65, 0.4); transform: translateY(-2px); }
             .product-button i { margin-right: 5px; }
-
             .add-to-cart { background-color: #38a169; }
             .add-to-cart:hover { background-color: #2f855a; box-shadow: 0 4px 15px rgba(47, 133, 90, 0.4); }
             #cart-button { position: fixed; bottom: 25px; right: 25px; background-color: #1C6758; color: white; border: none; border-radius: 50%; width: 55px; height: 55px; font-size: 1.5rem; cursor: pointer; display: none; align-items: center; justify-content: center; box-shadow: 0 4px 15px rgba(28, 103, 88, 0.4); transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1); z-index: 1000; }
              #cart-button .fa-shopping-cart { margin-right: 0; }
              #cart-button span { position: absolute; top: -5px; right: -5px; background-color: #38a169; color: white; border-radius: 50%; padding: 2px 6px; font-size: 0.7rem; font-weight: bold; }
-
             .modal { display: none; position: fixed; z-index: 1001; left: 0; top: 0; width: 100%; height: 100%; background-color: rgba(0,0,0,0.6); backdrop-filter: blur(5px); overflow-y: auto; }
             .modal-content { background: #f8fcfb; margin: 5% auto; padding: 25px; border-radius: 15px; width: 90%; max-width: 700px; box-shadow: 0 10px 30px rgba(0,0,0,0.2); animation: slideIn 0.3s ease-out; position: relative; }
             body.dark-mode .modal-content { background: #253f37; color: #c8d8d3; }
@@ -315,13 +308,11 @@ def catalog():
             .clear-cart:hover { background-color: #5e6e68; box-shadow: 0 4px 15px rgba(94, 110, 104, 0.4); }
             .order-button { background-color: #38a169; }
             .order-button:hover { background-color: #2f855a; box-shadow: 0 4px 15px rgba(47, 133, 90, 0.4); }
-
             .notification { position: fixed; bottom: 80px; left: 50%; transform: translateX(-50%); background-color: #38a169; color: white; padding: 10px 20px; border-radius: 20px; box-shadow: 0 4px 10px rgba(0,0,0,0.2); z-index: 1002; opacity: 0; transition: opacity 0.5s ease; font-size: 0.9rem;}
             .notification.show { opacity: 1;}
             .no-results-message { grid-column: 1 / -1; text-align: center; padding: 40px; font-size: 1.1rem; color: #5e6e68; }
             body.dark-mode .no-results-message { color: #8aa39a; }
             .top-product-indicator { position: absolute; top: 8px; right: 8px; background-color: rgba(255, 215, 0, 0.8); color: #333; padding: 2px 6px; font-size: 0.7rem; border-radius: 4px; font-weight: bold; z-index: 10; backdrop-filter: blur(2px); }
-            .product { position: relative; }
 
         </style>
     </head>
@@ -358,6 +349,7 @@ def catalog():
             <div class="products-grid" id="products-grid">
                 {% for product in products %}
                 <div class="product"
+                     data-id="{{ loop.index0 }}"
                      data-name="{{ product['name']|lower }}"
                      data-description="{{ product.get('description', '')|lower }}"
                      data-category="{{ product.get('category', 'Без категории') }}">
@@ -445,7 +437,7 @@ def catalog():
 
         <script src="https://cdnjs.cloudflare.com/ajax/libs/Swiper/10.2.0/swiper-bundle.min.js"></script>
         <script>
-            const products = {{ products|tojson }};
+            let products = {{ products|tojson }};
             const repoId = '{{ repo_id }}';
             const currencyCode = '{{ currency_code }}';
             const isAuthenticated = {{ is_authenticated|tojson }};
@@ -468,6 +460,10 @@ def catalog():
                     document.body.classList.add('dark-mode');
                     const icon = document.querySelector('.theme-toggle i');
                     if (icon) icon.classList.replace('fa-moon', 'fa-sun');
+                } else {
+                    document.body.classList.remove('dark-mode');
+                    const icon = document.querySelector('.theme-toggle i');
+                    if (icon) icon.classList.replace('fa-sun', 'fa-moon');
                 }
             }
 
@@ -569,13 +565,13 @@ def catalog():
                 const colorLabel = document.querySelector('label[for="colorSelect"]');
                 colorSelect.innerHTML = '';
 
-                const validColors = product.colors ? product.colors.filter(c => c && c.trim() !== "") : [];
+                const validColors = product.colors ? product.colors.filter(c => c && String(c).trim() !== "") : [];
 
                 if (validColors.length > 0) {
                     validColors.forEach(color => {
                          const option = document.createElement('option');
-                         option.value = color.trim();
-                         option.text = color.trim();
+                         option.value = String(color).trim();
+                         option.text = String(color).trim();
                          colorSelect.appendChild(option);
                     });
                     colorSelect.style.display = 'block';
@@ -594,7 +590,11 @@ def catalog():
             }
 
             function confirmAddToCart() {
-                if (selectedProductIndex === null) return;
+                if (selectedProductIndex === null || selectedProductIndex >= products.length) {
+                    console.error("Invalid selectedProductIndex:", selectedProductIndex);
+                    alert("Ошибка выбора товара.");
+                    return;
+                }
 
                 const quantityInput = document.getElementById('quantityInput');
                 const quantity = parseInt(quantityInput.value);
@@ -664,7 +664,7 @@ def catalog():
                     cartTotalElement.textContent = '0.00';
                 } else {
                     cartContent.innerHTML = cart.map(item => {
-                        const itemTotal = item.price * item.quantity;
+                        const itemTotal = (item.price || 0) * (item.quantity || 0);
                         total += itemTotal;
                         const photoUrl = item.photo
                             ? `https://huggingface.co/datasets/${repoId}/resolve/main/photos/${item.photo}`
@@ -676,7 +676,7 @@ def catalog():
                                 <img src="${photoUrl}" alt="${item.name}">
                                 <div class="cart-item-details">
                                     <strong>${item.name}${colorText}</strong>
-                                    <p class="cart-item-price">${item.price.toFixed(2)} ${currencyCode} × ${item.quantity}</p>
+                                    <p class="cart-item-price">${(item.price || 0).toFixed(2)} ${currencyCode} × ${item.quantity || 0}</p>
                                 </div>
                                 <span class="cart-item-total">${itemTotal.toFixed(2)} ${currencyCode}</span>
                                 <button class="cart-item-remove" onclick="removeFromCart('${item.id}')" title="Удалить товар">×</button>
@@ -714,40 +714,40 @@ def catalog():
                     return;
                 }
                 let total = 0;
-                let orderText = "🛍️ *Новый Заказ от Soola Cosmetics* 🛍️";
-                orderText += "----------------------------------------";
-                orderText += "*Детали заказа:*%0A";
-                orderText += "---------------------------------------- ";
+                let orderText = "🛍️ *Новый Заказ от Soola Cosmetics* 🛍️\n";
+                orderText += "----------------------------------------\n";
+                orderText += "*Детали заказа:*\n";
+                orderText += "----------------------------------------\n";
                 cart.forEach((item, index) => {
-                    const itemTotal = item.price * item.quantity;
+                    const itemTotal = (item.price || 0) * (item.quantity || 0);
                     total += itemTotal;
                     const colorText = item.color !== 'N/A' ? ` (${item.color})` : '';
-                    orderText += `${index + 1}. *${item.name}*${colorText} `;
-                    orderText += `   Кол-во: ${item.quantity} `;
-                    orderText += `   Цена: ${item.price.toFixed(2)} ${currencyCode} `;
-                    orderText += `   *Сумма: ${itemTotal.toFixed(2)} ${currencyCode}  `;
+                    orderText += `${index + 1}. *${item.name}*${colorText}\n`;
+                    orderText += `   Кол-во: ${item.quantity || 0}\n`;
+                    orderText += `   Цена: ${(item.price || 0).toFixed(2)} ${currencyCode}\n`;
+                    orderText += `   *Сумма: ${itemTotal.toFixed(2)} ${currencyCode}*\n\n`;
                 });
-                orderText += "----------------------------------------";
-                orderText += `*ИТОГО: ${total.toFixed(2)} ${currencyCode} `;
-                orderText += "---------------------------------------- ";
+                orderText += "----------------------------------------\n";
+                orderText += `*ИТОГО: ${total.toFixed(2)} ${currencyCode}*\n`;
+                orderText += "----------------------------------------\n\n";
 
                 if (userInfo && userInfo.login) {
-                     orderText += "*Данные клиента: ";
-                     orderText += `Имя: ${userInfo.first_name || ''} ${userInfo.last_name || ''} `;
-                     orderText += `Логин: ${userInfo.login} `;
+                     orderText += "*Данные клиента:*\n";
+                     orderText += `Имя: ${userInfo.first_name || ''} ${userInfo.last_name || ''}\n`;
+                     orderText += `Логин: ${userInfo.login}\n`;
                      if (userInfo.phone) {
-                         orderText += `Телефон: ${userInfo.phone}%0A`;
+                         orderText += `Телефон: ${userInfo.phone}\n`;
                      }
-                     orderText += `Страна: ${userInfo.country || 'Не указана'} `;
-                     orderText += `Город: ${userInfo.city || 'Не указан'} `;
+                     orderText += `Страна: ${userInfo.country || 'Не указана'}\n`;
+                     orderText += `Город: ${userInfo.city || 'Не указан'}\n`;
                 } else {
-                     orderText += "*Клиент не авторизован ";
+                     orderText += "*Клиент не авторизован*\n";
                 }
-                orderText += "----------------------------------------  ";
+                orderText += "----------------------------------------\n\n";
 
                 const now = new Date();
                 const dateTimeString = now.toLocaleString('ru-RU', { dateStyle: 'short', timeStyle: 'short' });
-                orderText += `Дата заказа: ${dateTimeString} `;
+                orderText += `Дата заказа: ${dateTimeString}\n`;
                 orderText += `_Сформировано автоматически_`;
 
                 const whatsappNumber = "996997703090";
@@ -766,9 +766,9 @@ def catalog():
                 if (existingNoResults) existingNoResults.remove();
 
                 document.querySelectorAll('.products-grid .product').forEach(productElement => {
-                    const name = productElement.getAttribute('data-name');
-                    const description = productElement.getAttribute('data-description');
-                    const category = productElement.getAttribute('data-category');
+                    const name = productElement.getAttribute('data-name') || '';
+                    const description = productElement.getAttribute('data-description') || '';
+                    const category = productElement.getAttribute('data-category') || '';
 
                     const matchesSearch = !searchTerm || name.includes(searchTerm) || description.includes(searchTerm);
                     const matchesCategory = activeCategory === 'all' || category === activeCategory;
@@ -781,17 +781,21 @@ def catalog():
                     }
                 });
 
-                 if (visibleProducts === 0 && products.length > 0) {
+                 const hasProductsInitially = products && products.length > 0;
+                 if (visibleProducts === 0 && hasProductsInitially) {
                     const p = document.createElement('p');
                     p.className = 'no-results-message';
                     p.textContent = 'По вашему запросу товары не найдены.';
                     grid.appendChild(p);
-                 } else if (products.length === 0 && !grid.querySelector('.no-results-message')) {
+                 } else if (!hasProductsInitially && !grid.querySelector('.no-results-message')) {
                      const p = document.createElement('p');
                      p.className = 'no-results-message';
                      p.textContent = 'Товары пока не добавлены.';
                      grid.appendChild(p);
                  }
+                 // Refresh products array from DOM in case it changed (e.g., admin edits) - less efficient but safer
+                 // Or better: ensure products array is updated via admin actions or page reload
+                 // For now, relying on initial load and page reloads after admin actions.
             }
 
              function setupFilters() {
@@ -807,12 +811,15 @@ def catalog():
                          filterProducts();
                      });
                  });
-                 filterProducts(); // Initial filter on load
+                 filterProducts();
              }
 
              function showNotification(message, duration = 3000) {
                 const placeholder = document.getElementById('notification-placeholder');
-                if (!placeholder) return;
+                if (!placeholder) {
+                    console.warn("Notification placeholder not found");
+                    return;
+                }
 
                 const notification = document.createElement('div');
                 notification.className = 'notification';
@@ -829,7 +836,7 @@ def catalog():
 
             document.addEventListener('DOMContentLoaded', () => {
                 applyInitialTheme();
-                attemptAutoLogin();
+                // attemptAutoLogin(); // Removed as it causes reload issues, rely on session
                 updateCartButton();
                 setupFilters();
 
@@ -846,6 +853,11 @@ def catalog():
                          });
                     }
                 });
+
+                 // Re-assign products if needed, especially if modified elsewhere
+                 // products = {{ products|tojson }}; // Re-fetch potentially updated list
+                 // Re-initialize filter if needed after potential updates
+                 filterProducts();
             });
 
         </script>
@@ -868,16 +880,17 @@ def catalog():
 def product_detail(index):
     data = load_data()
     all_products = data.get('products', [])
+    # Filter and sort again here to ensure consistency with the catalog view
     products_in_stock = [p for p in all_products if p.get('in_stock', True)]
     products_sorted = sorted(products_in_stock, key=lambda p: (not p.get('is_top', False), p.get('name', '').lower()))
 
     is_authenticated = 'user' in session
     try:
+        if not (0 <= index < len(products_sorted)):
+             raise IndexError("Index out of bounds for available products.")
         product = products_sorted[index]
-        if not product.get('in_stock', True):
-            raise IndexError("Товар не в наличии")
-    except IndexError:
-        logging.warning(f"Попытка доступа к несуществующему или отсутствующему продукту с индексом {index}")
+    except IndexError as e:
+        logging.warning(f"Product detail access error: {e} (Index: {index})")
         return "Товар не найден или отсутствует в наличии.", 404
 
     detail_html = '''
@@ -917,8 +930,9 @@ def product_detail(index):
             {% endif %}
             <p><strong>Описание:</strong><br> {{ product.get('description', 'Описание отсутствует.')|replace('\\n', '<br>')|safe }}</p>
             {% set colors = product.get('colors', []) %}
-            {% if colors and colors|select('ne', '')|list|length > 0 %}
-                <p><strong>Доступные цвета/варианты:</strong> {{ colors|select('ne', '')|join(', ') }}</p>
+            {% set valid_colors = colors|select('string')|select('ne', '')|list %}
+            {% if valid_colors|length > 0 %}
+                <p><strong>Доступные цвета/варианты:</strong> {{ valid_colors|join(', ') }}</p>
             {% endif %}
         </div>
     </div>
@@ -993,54 +1007,17 @@ def login():
                 'city': user_info.get('city', ''),
                 'phone': user_info.get('phone', '')
             }
-            logging.info(f"Пользователь {login} успешно вошел в систему.")
-            login_response_html = f'''
-             <!DOCTYPE html><html><head><title>Перенаправление...</title></head><body>
-             <script>
-                try {{ localStorage.setItem('soolaUser', '{login}'); }} catch (e) {{ console.error("Ошибка сохранения в localStorage:", e); }}
-                window.location.href = "{url_for('catalog')}";
-             </script>
-             <p>Вход выполнен успешно. Перенаправление в <a href="{url_for('catalog')}">каталог</a>...</p>
-             </body></html>
-             '''
-            return login_response_html
+            logging.info(f"User {login} logged in successfully.")
+            # No need for localStorage auto-login here, session handles it
+            return redirect(url_for('catalog'))
         else:
-            logging.warning(f"Неудачная попытка входа для пользователя {login}.")
+            logging.warning(f"Failed login attempt for user {login}.")
             error_message = "Неверный логин или пароль."
             return render_template_string(LOGIN_TEMPLATE, error=error_message), 401
 
     return render_template_string(LOGIN_TEMPLATE, error=None)
 
-
-@app.route('/auto_login', methods=['POST'])
-def auto_login():
-    data = request.get_json()
-    if not data or 'login' not in data:
-         logging.warning("Запрос auto_login без данных или логина.")
-         return "Неверный запрос", 400
-
-    login = data.get('login')
-    if not login:
-        logging.warning("Попытка auto_login с пустым логином.")
-        return "Логин не предоставлен", 400
-
-    users = load_users()
-    if login in users:
-        user_info = users[login]
-        session['user'] = login
-        session['user_info'] = {
-                'login': login,
-                'first_name': user_info.get('first_name', ''),
-                'last_name': user_info.get('last_name', ''),
-                'country': user_info.get('country', ''),
-                'city': user_info.get('city', ''),
-                'phone': user_info.get('phone', '')
-            }
-        logging.info(f"Автоматический вход для пользователя {login} выполнен.")
-        return "OK", 200
-    else:
-        logging.warning(f"Неудачная попытка автоматического входа для несуществующего пользователя {login}.")
-        return "Ошибка авто-входа", 400
+# Removed auto_login route as it caused issues and session handles persistence
 
 @app.route('/logout')
 def logout():
@@ -1048,17 +1025,10 @@ def logout():
     session.pop('user', None)
     session.pop('user_info', None)
     if logged_out_user:
-        logging.info(f"Пользователь {logged_out_user} вышел из системы.")
-    logout_response_html = '''
-     <!DOCTYPE html><html><head><title>Выход...</title></head><body>
-     <script>
-         try { localStorage.removeItem('soolaUser'); } catch (e) { console.error("Ошибка удаления из localStorage:", e); }
-         window.location.href = "/";
-     </script>
-      <p>Выход выполнен. Перенаправление на <a href="/">главную страницу</a>...</p>
-     </body></html>
-    '''
-    return logout_response_html
+        logging.info(f"User {logged_out_user} logged out.")
+    # No need for localStorage interaction here
+    return redirect(url_for('catalog'))
+
 
 ADMIN_TEMPLATE = '''
     <!DOCTYPE html>
@@ -1097,7 +1067,7 @@ ADMIN_TEMPLATE = '''
             .add-button:hover { background-color: #2f855a; }
             .item-list { display: grid; gap: 20px; }
             .item { background: #fff; padding: 15px 20px; border-radius: 8px; box-shadow: 0 2px 5px rgba(0,0,0,0.07); border: 1px solid #e1f0e9; }
-            .item p { margin: 5px 0; font-size: 0.9rem; color: #44524c; }
+            .item p { margin: 5px 0; font-size: 0.9rem; color: #44524c; word-break: break-word; }
             .item strong { color: #2d332f; }
             .item .description { font-size: 0.85rem; color: #5e6e68; max-height: 60px; overflow: hidden; text-overflow: ellipsis; }
             .item-actions { margin-top: 15px; display: flex; gap: 10px; flex-wrap: wrap; align-items: center; }
@@ -1154,7 +1124,7 @@ ADMIN_TEMPLATE = '''
                         <button type="submit" class="button" title="Загрузить локальные файлы на Hugging Face"><i class="fas fa-upload"></i> Загрузить БД</button>
                     </form>
                     <form method="POST" action="{{ url_for('force_download') }}" style="display: inline;" onsubmit="return confirm('Вы уверены, что хотите принудительно скачать данные с сервера? Это перезапишет ваши локальные файлы.');">
-                        <button type="submit" class="button download-hf-button" title="Скачать файлы  (перезапишет локальные)"><i class="fas fa-download"></i> Скачать БД</button>
+                        <button type="submit" class="button download-hf-button" title="Скачать файлы (перезапишет локальные)"><i class="fas fa-download"></i> Скачать БД</button>
                     </form>
                 </div>
                  <p style="font-size: 0.85rem; color: #5e6e68;">Резервное копирование происходит автоматически каждые 30 минут, а также после каждого сохранения данных. Используйте эти кнопки для немедленной синхронизации.</p>
@@ -1284,11 +1254,11 @@ ADMIN_TEMPLATE = '''
                              <button type="button" class="button add-color-btn" style="margin-top: 5px;" onclick="addColorInput('add-color-inputs')"><i class="fas fa-palette"></i> Добавить поле для цвета/варианта</button>
                              <br>
                              <div style="margin-top: 15px;">
-                                 <input type="checkbox" id="add_in_stock" name="in_stock" checked>
+                                 <input type="checkbox" id="add_in_stock" name="in_stock" value="true" checked>
                                  <label for="add_in_stock" class="inline-label">В наличии</label>
                              </div>
                              <div style="margin-top: 5px;">
-                                 <input type="checkbox" id="add_is_top" name="is_top">
+                                 <input type="checkbox" id="add_is_top" name="is_top" value="true">
                                  <label for="add_is_top" class="inline-label">Топ товар (показывать наверху)</label>
                              </div>
                              <br>
@@ -1304,7 +1274,7 @@ ADMIN_TEMPLATE = '''
                     <div class="item">
                         <div style="display: flex; gap: 15px; align-items: flex-start;">
                              <div class="photo-preview" style="flex-shrink: 0;">
-                                {% if product.get('photos') %}
+                                {% if product.get('photos') and product['photos']|length > 0 %}
                                 <a href="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/photos/{{ product['photos'][0] }}" target="_blank" title="Посмотреть первое фото">
                                    <img src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/photos/{{ product['photos'][0] }}" alt="Фото">
                                 </a>
@@ -1328,7 +1298,8 @@ ADMIN_TEMPLATE = '''
                                 <p><strong>Цена:</strong> {{ "%.2f"|format(product['price']) }} {{ currency_code }}</p>
                                 <p class="description" title="{{ product.get('description', '') }}"><strong>Описание:</strong> {{ product.get('description', 'N/A')[:150] }}{% if product.get('description', '')|length > 150 %}...{% endif %}</p>
                                 {% set colors = product.get('colors', []) %}
-                                <p><strong>Цвета/Вар-ты:</strong> {{ colors|select('ne', '')|join(', ') if colors|select('ne', '')|list|length > 0 else 'Нет' }}</p>
+                                {% set valid_colors = colors|select('string')|select('ne', '')|list %}
+                                <p><strong>Цвета/Вар-ты:</strong> {{ valid_colors|join(', ') if valid_colors|length > 0 else 'Нет' }}</p>
                                 {% if product.get('photos') and product['photos']|length > 1 %}
                                     <p style="font-size: 0.8rem; color: #5e6e68;">(Всего фото: {{ product['photos']|length }})</p>
                                 {% endif %}
@@ -1374,15 +1345,13 @@ ADMIN_TEMPLATE = '''
                                 {% endif %}
                                 <label>Цвета/Варианты:</label>
                                 <div id="edit-color-inputs-{{ loop.index0 }}">
-                                    {% set current_colors = product.get('colors', []) %}
-                                    {% if current_colors and current_colors|select('ne', '')|list|length > 0 %}
+                                    {% set current_colors = product.get('colors', [])|select('string')|select('ne', '')|list %}
+                                    {% if current_colors|length > 0 %}
                                         {% for color in current_colors %}
-                                            {% if color.strip() %}
                                             <div class="color-input-group">
                                                 <input type="text" name="colors" value="{{ color }}">
                                                 <button type="button" class="remove-color-btn" onclick="removeColorInput(this)"><i class="fas fa-times"></i></button>
                                             </div>
-                                            {% endif %}
                                         {% endfor %}
                                      {% else %}
                                          <div class="color-input-group">
@@ -1394,11 +1363,11 @@ ADMIN_TEMPLATE = '''
                                 <button type="button" class="button add-color-btn" style="margin-top: 5px;" onclick="addColorInput('edit-color-inputs-{{ loop.index0 }}')"><i class="fas fa-palette"></i> Добавить поле для цвета</button>
                                 <br>
                                 <div style="margin-top: 15px;">
-                                     <input type="checkbox" id="edit_in_stock_{{ loop.index0 }}" name="in_stock" {% if product.get('in_stock', True) %}checked{% endif %}>
+                                     <input type="checkbox" id="edit_in_stock_{{ loop.index0 }}" name="in_stock" value="true" {% if product.get('in_stock', True) %}checked{% endif %}>
                                      <label for="edit_in_stock_{{ loop.index0 }}" class="inline-label">В наличии</label>
                                 </div>
                                 <div style="margin-top: 5px;">
-                                     <input type="checkbox" id="edit_is_top_{{ loop.index0 }}" name="is_top" {% if product.get('is_top', False) %}checked{% endif %}>
+                                     <input type="checkbox" id="edit_is_top_{{ loop.index0 }}" name="is_top" value="true" {% if product.get('is_top', False) %}checked{% endif %}>
                                      <label for="edit_is_top_{{ loop.index0 }}" class="inline-label">Топ товар</label>
                                 </div>
                                 <br>
@@ -1444,21 +1413,19 @@ ADMIN_TEMPLATE = '''
                 const group = button.closest('.color-input-group');
                 if (group) {
                     const container = group.parentNode;
-                     // Only remove if it's not the last one (or handle adding a placeholder if it is)
-                    // For simplicity, let's allow removing all. Add logic if needed later.
                     group.remove();
-                    // Optional: If container is now empty, add a placeholder input back
+                    // If container is now empty, add a placeholder input back
                     if (container && container.children.length === 0) {
                          const placeholderGroup = document.createElement('div');
                          placeholderGroup.className = 'color-input-group';
                          placeholderGroup.innerHTML = `
-                             <input type="text" name="colors" placeholder="Например: Цвет">
+                             <input type="text" name="colors" placeholder="Цвет/вариант">
                              <button type="button" class="remove-color-btn" onclick="removeColorInput(this)"><i class="fas fa-times"></i></button>
                          `;
                          container.appendChild(placeholderGroup);
                     }
                 } else {
-                     console.warn("Не удалось найти родительский .color-input-group для кнопки удаления");
+                     console.warn("Could not find parent .color-input-group for remove button");
                 }
             }
         </script>
@@ -1468,10 +1435,16 @@ ADMIN_TEMPLATE = '''
 
 @app.route('/admin', methods=['GET', 'POST'])
 def admin():
+    # Ensure only logged-in users (or specific admin users if implemented) can access
+    # if 'user' not in session: # Basic check, enhance if roles needed
+    #     flash("Доступ запрещен. Пожалуйста, войдите.", "error")
+    #     return redirect(url_for('login'))
+
     data = load_data()
-    products = data.get('products', [])
-    categories = data.get('categories', [])
     users = load_users()
+    # Keep original product list with original indices for editing/deleting
+    original_product_list = data.get('products', [])
+    categories = sorted(data.get('categories', [])) # Keep categories sorted for display
 
     if request.method == 'POST':
         action = request.form.get('action')
@@ -1480,36 +1453,37 @@ def admin():
         try:
             if action == 'add_category':
                 category_name = request.form.get('category_name', '').strip()
-                if category_name and category_name not in categories:
-                    categories.append(category_name)
-                    categories.sort()
+                if category_name and category_name not in data.get('categories', []):
+                    data.setdefault('categories', []).append(category_name)
+                    # No need to sort here, will be sorted on next load/display
                     save_data(data)
-                    logging.info(f"Категория '{category_name}' добавлена.")
+                    logging.info(f"Category '{category_name}' added.")
                     flash(f"Категория '{category_name}' успешно добавлена.", 'success')
                 elif not category_name:
-                     logging.warning("Попытка добавить пустую категорию.")
+                     logging.warning("Attempt to add empty category.")
                      flash("Название категории не может быть пустым.", 'error')
                 else:
-                     logging.warning(f"Категория '{category_name}' уже существует.")
+                     logging.warning(f"Category '{category_name}' already exists.")
                      flash(f"Категория '{category_name}' уже существует.", 'error')
 
             elif action == 'delete_category':
                 category_to_delete = request.form.get('category_name')
-                if category_to_delete and category_to_delete in categories:
-                    categories.remove(category_to_delete)
+                current_categories = data.get('categories', [])
+                if category_to_delete and category_to_delete in current_categories:
+                    current_categories.remove(category_to_delete)
                     updated_count = 0
-                    for product in products:
+                    current_products = data.get('products', [])
+                    for product in current_products:
                         if product.get('category') == category_to_delete:
                             product['category'] = 'Без категории'
                             updated_count += 1
                     save_data(data)
-                    logging.info(f"Категория '{category_to_delete}' удалена. Обновлено товаров: {updated_count}.")
+                    logging.info(f"Category '{category_to_delete}' deleted. Updated products: {updated_count}.")
                     flash(f"Категория '{category_to_delete}' удалена.", 'success')
                 else:
-                    logging.warning(f"Попытка удалить несуществующую или пустую категорию: {category_to_delete}")
+                    logging.warning(f"Attempt to delete non-existent or empty category: {category_to_delete}")
                     flash(f"Не удалось удалить категорию '{category_to_delete}'.", 'error')
 
-
             elif action == 'add_product':
                 name = request.form.get('name', '').strip()
                 price_str = request.form.get('price', '').replace(',', '.')
@@ -1517,9 +1491,8 @@ def admin():
                 category = request.form.get('category')
                 photos_files = request.files.getlist('photos')
                 colors = [c.strip() for c in request.form.getlist('colors') if c.strip()]
-                in_stock = 'in_stock' in request.form
-                is_top = 'is_top' in request.form
-
+                in_stock = request.form.get('in_stock') == 'true' # Checkbox value
+                is_top = request.form.get('is_top') == 'true' # Checkbox value
 
                 if not name or not price_str:
                     flash("Название и цена товара обязательны.", 'error')
@@ -1527,64 +1500,64 @@ def admin():
 
                 try:
                     price = round(float(price_str), 2)
-                    if price < 0: price = 0
+                    if price < 0: raise ValueError("Price cannot be negative")
                 except ValueError:
-                     flash("Неверный формат цены.", 'error')
+                     flash("Неверный формат цены или отрицательное значение.", 'error')
                      return redirect(url_for('admin'))
 
                 photos_list = []
-                if photos_files and HF_TOKEN_WRITE:
+                if photos_files and any(f.filename for f in photos_files) and HF_TOKEN_WRITE:
                     uploads_dir = 'uploads_temp'
                     os.makedirs(uploads_dir, exist_ok=True)
                     api = HfApi()
                     photo_limit = 10
                     uploaded_count = 0
                     for photo in photos_files:
-                        if uploaded_count >= photo_limit:
-                            logging.warning(f"Достигнут лимит фото ({photo_limit}), остальные фото проигнорированы.")
+                         if not photo or not photo.filename: continue
+                         if uploaded_count >= photo_limit:
+                            logging.warning(f"Photo limit ({photo_limit}) reached, ignoring further files.")
                             flash(f"Загружено только первые {photo_limit} фото.", "warning")
                             break
-                        if photo and photo.filename:
-                            try:
-                                ext = os.path.splitext(photo.filename)[1]
-                                photo_filename = secure_filename(f"{name.replace(' ','_')}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}")
-                                temp_path = os.path.join(uploads_dir, photo_filename)
-                                photo.save(temp_path)
-                                logging.info(f"Загрузка фото {photo_filename} на HF для товара {name}...")
-                                api.upload_file(
-                                    path_or_fileobj=temp_path,
-                                    path_in_repo=f"photos/{photo_filename}",
-                                    repo_id=REPO_ID,
-                                    repo_type="dataset",
-                                    token=HF_TOKEN_WRITE,
-                                    commit_message=f"Add photo for product {name}"
-                                )
-                                photos_list.append(photo_filename)
-                                logging.info(f"Фото {photo_filename} успешно загружено.")
-                                os.remove(temp_path)
-                                uploaded_count += 1
-                            except Exception as e:
-                                logging.error(f"Ошибка загрузки фото {photo.filename} на HF: {e}", exc_info=True)
-                                flash(f"Ошибка при загрузке фото {photo.filename}.", 'error')
-                        elif photo and not photo.filename:
-                             logging.warning("Получен пустой объект файла фото при добавлении товара.")
-                    try:
-                         if not os.listdir(uploads_dir):
-                             os.rmdir(uploads_dir)
+                         try:
+                            ext = os.path.splitext(photo.filename)[1].lower()
+                            if ext not in ['.png', '.jpg', '.jpeg', '.gif', '.webp']:
+                                logging.warning(f"Skipping non-image file: {photo.filename}")
+                                continue
+                            safe_base = secure_filename(name.replace(' ','_') or 'product')
+                            photo_filename = f"{safe_base}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}"
+                            temp_path = os.path.join(uploads_dir, photo_filename)
+                            photo.save(temp_path)
+                            logging.info(f"Uploading photo {photo_filename} to HF for product {name}...")
+                            api.upload_file(
+                                path_or_fileobj=temp_path,
+                                path_in_repo=f"photos/{photo_filename}",
+                                repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
+                                commit_message=f"Add photo for product {name}"
+                            )
+                            photos_list.append(photo_filename)
+                            logging.info(f"Photo {photo_filename} uploaded successfully.")
+                            os.remove(temp_path)
+                            uploaded_count += 1
+                         except Exception as e:
+                            logging.error(f"Error uploading photo {photo.filename} to HF: {e}", exc_info=True)
+                            flash(f"Ошибка при загрузке фото {photo.filename}.", 'error')
+                            # Optionally remove temp file if upload failed
+                            if os.path.exists(temp_path): os.remove(temp_path)
+                    try: # Cleanup temp dir
+                        if os.path.exists(uploads_dir) and not os.listdir(uploads_dir):
+                            os.rmdir(uploads_dir)
                     except OSError as e:
-                        logging.warning(f"Не удалось удалить временную папку {uploads_dir}: {e}")
-
+                        logging.warning(f"Could not remove temp upload dir {uploads_dir}: {e}")
 
                 new_product = {
                     'name': name, 'price': price, 'description': description,
-                    'category': category if category in categories else 'Без категории',
+                    'category': category if category in data.get('categories', []) else 'Без категории',
                     'photos': photos_list, 'colors': colors,
                     'in_stock': in_stock, 'is_top': is_top
                 }
-                products.append(new_product)
-
+                data.setdefault('products', []).append(new_product)
                 save_data(data)
-                logging.info(f"Товар '{name}' добавлен.")
+                logging.info(f"Product '{name}' added.")
                 flash(f"Товар '{name}' успешно добавлен.", 'success')
 
             elif action == 'edit_product':
@@ -1595,100 +1568,107 @@ def admin():
 
                 try:
                     index = int(index_str)
-
-                    # We need to find the *original* index in the unsorted/unfiltered list
-                    original_product_list = data.get('products', [])
-                    if not (0 <= index < len(original_product_list)): raise IndexError("Индекс вне диапазона")
-                    product_to_edit = original_product_list[index]
+                    # Use the original list loaded at the start of the request
+                    if not (0 <= index < len(original_product_list)): raise IndexError("Index out of bounds")
+                    product_to_edit = original_product_list[index] # Get ref to the dict in the list
                     original_name = product_to_edit.get('name', 'N/A')
-
                 except (ValueError, IndexError):
                      flash(f"Ошибка редактирования: неверный индекс товара '{index_str}'.", 'error')
                      return redirect(url_for('admin'))
 
-                product_to_edit['name'] = request.form.get('name', product_to_edit['name']).strip()
-                price_str = request.form.get('price', str(product_to_edit['price'])).replace(',', '.')
-                product_to_edit['description'] = request.form.get('description', product_to_edit['description']).strip()
+                # Update fields in the dictionary directly
+                product_to_edit['name'] = request.form.get('name', product_to_edit.get('name', '')).strip()
+                price_str = request.form.get('price', str(product_to_edit.get('price', 0))).replace(',', '.')
+                product_to_edit['description'] = request.form.get('description', product_to_edit.get('description', '')).strip()
                 category = request.form.get('category')
-                product_to_edit['category'] = category if category in categories else 'Без категории'
+                product_to_edit['category'] = category if category in data.get('categories', []) else 'Без категории'
                 product_to_edit['colors'] = [c.strip() for c in request.form.getlist('colors') if c.strip()]
-                product_to_edit['in_stock'] = 'in_stock' in request.form
-                product_to_edit['is_top'] = 'is_top' in request.form
-
+                product_to_edit['in_stock'] = request.form.get('in_stock') == 'true'
+                product_to_edit['is_top'] = request.form.get('is_top') == 'true'
 
                 try:
                     price = round(float(price_str), 2)
-                    if price < 0: price = 0
+                    if price < 0: raise ValueError("Price cannot be negative")
                     product_to_edit['price'] = price
                 except ValueError:
-                     logging.warning(f"Неверный формат цены '{price_str}' при редактировании товара {original_name}. Цена не изменена.")
-                     flash(f"Неверный формат цены для товара '{original_name}'. Цена не изменена.", 'warning')
+                     logging.warning(f"Invalid price format '{price_str}' during edit for {original_name}. Price not changed.")
+                     flash(f"Неверный формат цены для товара '{product_to_edit['name']}'. Цена не изменена.", 'warning')
 
                 photos_files = request.files.getlist('photos')
-                if photos_files and any(f.filename for f in photos_files) and HF_TOKEN_WRITE:
+                # Check if any *new* files were actually selected
+                if photos_files and any(f and f.filename for f in photos_files) and HF_TOKEN_WRITE:
                     uploads_dir = 'uploads_temp'
                     os.makedirs(uploads_dir, exist_ok=True)
                     api = HfApi()
                     new_photos_list = []
                     photo_limit = 10
                     uploaded_count = 0
-                    logging.info(f"Загрузка новых фото для товара {product_to_edit['name']}...")
+                    logging.info(f"Uploading new photos for product {product_to_edit['name']}...")
                     for photo in photos_files:
-                        if uploaded_count >= photo_limit:
-                            logging.warning(f"Достигнут лимит фото ({photo_limit}), остальные фото проигнорированы.")
+                         if not photo or not photo.filename: continue
+                         if uploaded_count >= photo_limit:
+                            logging.warning(f"Photo limit ({photo_limit}) reached, ignoring further files.")
                             flash(f"Загружено только первые {photo_limit} фото.", "warning")
                             break
-                        if photo and photo.filename:
-                            try:
-                                ext = os.path.splitext(photo.filename)[1]
-                                photo_filename = secure_filename(f"{product_to_edit['name'].replace(' ','_')}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}")
-                                temp_path = os.path.join(uploads_dir, photo_filename)
-                                photo.save(temp_path)
-                                logging.info(f"Загрузка нового фото {photo_filename} на HF...")
-                                api.upload_file(path_or_fileobj=temp_path, path_in_repo=f"photos/{photo_filename}",
-                                                repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-                                                commit_message=f"Update photo for product {product_to_edit['name']}")
-                                new_photos_list.append(photo_filename)
-                                logging.info(f"Новое фото {photo_filename} успешно загружено.")
-                                os.remove(temp_path)
-                                uploaded_count += 1
-                            except Exception as e:
-                                logging.error(f"Ошибка загрузки нового фото {photo.filename}: {e}", exc_info=True)
-                                flash(f"Ошибка при загрузке нового фото {photo.filename}.", 'error')
-                    try:
-                         if not os.listdir(uploads_dir):
+                         try:
+                            ext = os.path.splitext(photo.filename)[1].lower()
+                            if ext not in ['.png', '.jpg', '.jpeg', '.gif', '.webp']:
+                                logging.warning(f"Skipping non-image file: {photo.filename}")
+                                continue
+                            safe_base = secure_filename(product_to_edit['name'].replace(' ','_') or 'product')
+                            photo_filename = f"{safe_base}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}"
+                            temp_path = os.path.join(uploads_dir, photo_filename)
+                            photo.save(temp_path)
+                            logging.info(f"Uploading new photo {photo_filename} to HF...")
+                            api.upload_file(path_or_fileobj=temp_path, path_in_repo=f"photos/{photo_filename}",
+                                            repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
+                                            commit_message=f"Update photo for product {product_to_edit['name']}")
+                            new_photos_list.append(photo_filename)
+                            logging.info(f"New photo {photo_filename} uploaded successfully.")
+                            os.remove(temp_path)
+                            uploaded_count += 1
+                         except Exception as e:
+                            logging.error(f"Error uploading new photo {photo.filename}: {e}", exc_info=True)
+                            flash(f"Ошибка при загрузке нового фото {photo.filename}.", 'error')
+                            if os.path.exists(temp_path): os.remove(temp_path)
+                    try: # Cleanup temp dir
+                         if os.path.exists(uploads_dir) and not os.listdir(uploads_dir):
                              os.rmdir(uploads_dir)
                     except OSError as e:
-                        logging.warning(f"Не удалось удалить временную папку {uploads_dir}: {e}")
+                         logging.warning(f"Could not remove temp upload dir {uploads_dir}: {e}")
 
+                    # Only replace photos if new ones were successfully uploaded
                     if new_photos_list:
-                        logging.info(f"Список фото для товара {product_to_edit['name']} обновлен.")
+                        logging.info(f"Replacing photos for product {product_to_edit['name']}.")
                         old_photos = product_to_edit.get('photos', [])
                         if old_photos:
-                            logging.info(f"Попытка удаления старых фото: {old_photos}")
+                            logging.info(f"Attempting to delete old photos from HF: {old_photos}")
                             try:
+                                # Use ignore_patterns for broader matching if needed, but paths_in_repo is safer
                                 api.delete_files(
                                     repo_id=REPO_ID,
-                                    paths_in_repo=[f"photos/{p}" for p in old_photos],
+                                    paths_in_repo=[f"photos/{p}" for p in old_photos if p], # Ensure no empty strings
                                     repo_type="dataset",
                                     token=HF_TOKEN_WRITE,
-                                    commit_message=f"Delete old photos for product {product_to_edit['name']}"
+                                    commit_message=f"Delete old photos for product {product_to_edit['name']}",
+                                    missing_ok=True # Don't fail if a photo was already deleted somehow
                                 )
-                                logging.info(f"Старые фото для товара {product_to_edit['name']} удалены с HF.")
+                                logging.info(f"Old photos deletion command sent for {product_to_edit['name']}.")
                             except Exception as e:
-                                logging.error(f"Ошибка при удалении старых фото {old_photos} с HF: {e}", exc_info=True)
+                                logging.error(f"Error deleting old photos {old_photos} from HF: {e}", exc_info=True)
                                 flash("Не удалось удалить старые фотографии с сервера.", "warning")
                         product_to_edit['photos'] = new_photos_list
                         flash("Фотографии товара успешно обновлены.", "success")
-                    elif uploaded_count == 0 and any(f.filename for f in photos_files):
-                         flash("Не удалось загрузить новые фотографии.", "error")
-
+                    elif uploaded_count == 0 and any(f and f.filename for f in photos_files):
+                         # Files were selected, but none uploaded (e.g., all invalid format or upload errors)
+                         flash("Не удалось загрузить ни одну из выбранн��х новых фотографий.", "error")
+                    # If no new files were selected, photos remain unchanged.
 
+                # Now save the entire modified data structure
                 save_data(data)
-                logging.info(f"Товар '{original_name}' (индекс {index}) обновлен на '{product_to_edit['name']}'.")
+                logging.info(f"Product '{original_name}' (index {index}) updated to '{product_to_edit['name']}'.")
                 flash(f"Товар '{product_to_edit['name']}' успешно обновлен.", 'success')
 
-
             elif action == 'delete_product':
                 index_str = request.form.get('index')
                 if index_str is None:
@@ -1696,38 +1676,42 @@ def admin():
                     return redirect(url_for('admin'))
                 try:
                     index = int(index_str)
-                    original_product_list = data.get('products', [])
-                    if not (0 <= index < len(original_product_list)): raise IndexError("Индекс вне диапазона")
-                    deleted_product = original_product_list.pop(index)
+                    # Use the original list loaded at the start of the request
+                    if not (0 <= index < len(original_product_list)): raise IndexError("Index out of bounds")
+                    # Remove from the main data structure
+                    deleted_product = data.get('products', []).pop(index)
                     product_name = deleted_product.get('name', 'N/A')
 
                     photos_to_delete = deleted_product.get('photos', [])
                     if photos_to_delete and HF_TOKEN_WRITE:
-                        logging.info(f"Попытка удаления фото товара '{product_name}' с HF: {photos_to_delete}")
+                        logging.info(f"Attempting to delete photos for deleted product '{product_name}' from HF: {photos_to_delete}")
                         try:
                             api = HfApi()
                             api.delete_files(
                                 repo_id=REPO_ID,
-                                paths_in_repo=[f"photos/{p}" for p in photos_to_delete],
+                                paths_in_repo=[f"photos/{p}" for p in photos_to_delete if p],
                                 repo_type="dataset",
                                 token=HF_TOKEN_WRITE,
-                                commit_message=f"Delete photos for deleted product {product_name}"
+                                commit_message=f"Delete photos for deleted product {product_name}",
+                                missing_ok=True
                             )
-                            logging.info(f"Фото товара '{product_name}' удалены с HF.")
+                            logging.info(f"Photos deletion command sent for product '{product_name}'.")
                         except Exception as e:
-                             logging.error(f"Ошибка при удалении фото {photos_to_delete} для товара '{product_name}' с HF: {e}", exc_info=True)
+                             logging.error(f"Error deleting photos {photos_to_delete} for product '{product_name}' from HF: {e}", exc_info=True)
                              flash(f"Не удалось удалить фото для товара '{product_name}' с сервера.", "warning")
 
                     save_data(data)
-                    logging.info(f"Товар '{product_name}' (индекс {index}) удален.")
+                    logging.info(f"Product '{product_name}' (original index {index}) deleted.")
                     flash(f"Товар '{product_name}' удален.", 'success')
                 except (ValueError, IndexError):
                      flash(f"Ошибка удаления: неверный индекс товара '{index_str}'.", 'error')
-
+                except Exception as e:
+                     logging.error(f"Error during product deletion: {e}", exc_info=True)
+                     flash(f"Произошла ошибка при удалении товара.", 'error')
 
             elif action == 'add_user':
                  login = request.form.get('login', '').strip()
-                 password = request.form.get('password', '').strip()
+                 password = request.form.get('password') # Keep password as is, no stripping
                  first_name = request.form.get('first_name', '').strip()
                  last_name = request.form.get('last_name', '').strip()
                  phone = request.form.get('phone', '').strip()
@@ -1742,13 +1726,13 @@ def admin():
                      return redirect(url_for('admin'))
 
                  users[login] = {
-                     'password': password,
+                     'password': password, # Store password as provided
                      'first_name': first_name, 'last_name': last_name,
                      'phone': phone,
                      'country': country, 'city': city
                  }
                  save_users(users)
-                 logging.info(f"Пользователь '{login}' добавлен.")
+                 logging.info(f"User '{login}' added.")
                  flash(f"Пользователь '{login}' успешно добавлен.", 'success')
 
             elif action == 'delete_user':
@@ -1756,38 +1740,33 @@ def admin():
                  if login_to_delete and login_to_delete in users:
                      del users[login_to_delete]
                      save_users(users)
-                     logging.info(f"Пользователь '{login_to_delete}' удален.")
+                     logging.info(f"User '{login_to_delete}' deleted.")
                      flash(f"Пользователь '{login_to_delete}' удален.", 'success')
                  else:
-                     logging.warning(f"Попытка удалить несуществующего или пустого пользователя: {login_to_delete}")
+                     logging.warning(f"Attempt to delete non-existent or empty user: {login_to_delete}")
                      flash(f"Не удалось удалить пользователя '{login_to_delete}'.", 'error')
 
             else:
-                 logging.warning(f"Получено неизвестное действие в админ-панели: {action}")
+                 logging.warning(f"Received unknown admin action: {action}")
                  flash(f"Неизвестное действие: {action}", 'warning')
 
+            # Redirect after POST to prevent form resubmission on refresh
             return redirect(url_for('admin'))
 
         except Exception as e:
-             logging.error(f"Ошибка при обработке действия '{action}' в админ-панели: {e}", exc_info=True)
+             logging.error(f"Error processing admin action '{action}': {e}", exc_info=True)
              flash(f"Произошла внутренняя ошибка при выполнении действия '{action}'. Подробности в логе сервера.", 'error')
+             # Redirect even on error to avoid broken state
              return redirect(url_for('admin'))
 
-    # Pass the original, unsorted product list to the admin template with original indices
-    original_products_with_indices = list(enumerate(data.get('products', [])))
-    # Sort the indexed list for display purposes if needed, but keep original index
-    display_products = sorted(original_products_with_indices, key=lambda item: item[1].get('name', '').lower())
-    # Reconstruct list of products in display order for the template
-    # Need to pass the original index within the product data or handle it carefully
-    # Let's pass the original product list directly for simplicity in the template loops
-    original_product_list = data.get('products', [])
-
-    categories.sort()
+    # GET request: Render the template
+    # Pass the original list to preserve indices for edit/delete forms
+    # Pass sorted categories and users for display
     sorted_users = dict(sorted(users.items()))
 
     return render_template_string(
         ADMIN_TEMPLATE,
-        products=original_product_list, # Pass the original list to preserve indices
+        products=original_product_list,
         categories=categories,
         users=sorted_users,
         repo_id=REPO_ID,
@@ -1796,39 +1775,50 @@ def admin():
 
 @app.route('/force_upload', methods=['POST'])
 def force_upload():
-    logging.info("Запущена принудительная загрузка данных на Hugging Face...")
+    # Add access control if needed
+    logging.info("Forcing upload to Hugging Face...")
     try:
         upload_db_to_hf()
         flash("Данные успешно загружены на Hugging Face.", 'success')
     except Exception as e:
-        logging.error(f"Ошибка при принудительной загрузке: {e}", exc_info=True)
+        logging.error(f"Error during forced upload: {e}", exc_info=True)
         flash(f"Ошибка при загрузке на Hugging Face: {e}", 'error')
     return redirect(url_for('admin'))
 
 @app.route('/force_download', methods=['POST'])
 def force_download():
-    logging.info("Запущено принудительное скачивание данных с Hugging Face...")
+    # Add access control if needed
+    logging.info("Forcing download from Hugging Face...")
     try:
-        download_db_from_hf()
-        flash("Данные успешно скачаны с Hugging Face. Локальные файлы обновлены.", 'success')
+        if download_db_from_hf():
+            flash("Данные успешно скачаны с Hugging Face. Локальные файлы обновлены.", 'success')
+            # Reload data might be needed if the app holds state, but here it reloads on next request
+        else:
+             flash("Скачивание данных с Hugging Face завершилось с ошибками. Проверьте логи.", 'warning')
+
     except Exception as e:
-        logging.error(f"Ошибка при принудительном скачивании: {e}", exc_info=True)
+        logging.error(f"Error during forced download: {e}", exc_info=True)
         flash(f"Ошибка при скачивании с Hugging Face: {e}", 'error')
     return redirect(url_for('admin'))
 
 
 if __name__ == '__main__':
+    # Initial load on startup
     load_data()
     load_users()
 
+    # Start backup thread only if write token exists
     if HF_TOKEN_WRITE:
         backup_thread = threading.Thread(target=periodic_backup, daemon=True)
         backup_thread.start()
-        logging.info("Поток периодического резервного копирования запущен.")
+        logging.info("Periodic backup thread started.")
     else:
-        logging.warning("Периодическое резервное копирование НЕ будет запущено (HF_TOKEN или HF_TOKEN_WRITE не установлена).")
+        logging.warning("HF_TOKEN not set, periodic backup thread will NOT run.")
 
+    # Run the Flask app
     port = int(os.environ.get('PORT', 7860))
-    logging.info(f"Запуск Flask приложения на хосте 0.0.0.0 и порту {port}")
+    logging.info(f"Starting Flask app on host 0.0.0.0 port {port}")
+    # Use Waitress or Gunicorn in production instead of development server
     app.run(debug=False, host='0.0.0.0', port=port)
 
+