Update app.py

app.py

@@ -1,5 +1,6 @@
+# --- START OF FILE app.py ---
 
-from flask import Flask, render_template_string, request, redirect, url_for, session, send_file, flash
+from flask import Flask, render_template_string, request, redirect, url_for, session, send_file, flash, jsonify
 import json
 import os
 import logging
@@ -11,6 +12,7 @@ from huggingface_hub.utils import RepositoryNotFoundError, HfHubHTTPError
 from werkzeug.utils import secure_filename
 from dotenv import load_dotenv
 import requests # Added for more specific network error handling
+import uuid # For unique order IDs
 
 load_dotenv()
 
@@ -21,7 +23,7 @@ USERS_FILE = 'users_soola.json'
 
 SYNC_FILES = [DATA_FILE, USERS_FILE]
 
-REPO_ID = "Kgshop/Soola"
+REPO_ID = "Kgshop/Soola" # Replace with your actual repo ID if different
 HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
 HF_TOKEN_READ = os.getenv("HF_TOKEN_READ")
 
@@ -35,6 +37,8 @@ DOWNLOAD_DELAY = 5 # seconds
 
 logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
 
+# --- Hugging Face Sync Functions ---
+
 def download_db_from_hf(specific_file=None, retries=DOWNLOAD_RETRIES, delay=DOWNLOAD_DELAY):
     if not HF_TOKEN_READ and not HF_TOKEN_WRITE: # Allow read with write token too
         logging.warning("HF_TOKEN_READ/HF_TOKEN_WRITE not set. Download might fail for private repos.")
@@ -70,6 +74,19 @@ def download_db_from_hf(specific_file=None, retries=DOWNLOAD_RETRIES, delay=DOWN
             except HfHubHTTPError as e:
                 if e.response.status_code == 404:
                     logging.warning(f"File {file_name} not found in repo {REPO_ID} (404). Skipping this file.")
+                    # Check if it's the first attempt; if so, create an empty default file locally
+                    if attempt == 0 and not os.path.exists(file_name):
+                        try:
+                            if file_name == DATA_FILE:
+                                with open(file_name, 'w', encoding='utf-8') as f:
+                                    json.dump({'products': [], 'categories': [], 'orders': {}}, f)
+                                logging.info(f"Created empty local file {file_name} because it was not found on HF.")
+                            elif file_name == USERS_FILE:
+                                with open(file_name, 'w', encoding='utf-8') as f:
+                                    json.dump({}, f)
+                                logging.info(f"Created empty local file {file_name} because it was not found on HF.")
+                        except Exception as create_e:
+                            logging.error(f"Failed to create empty local file {file_name}: {create_e}")
                     success = False # Mark as failed for this specific file, but don't stop others
                     break # No point retrying a 404
                 else:
@@ -89,8 +106,48 @@ def download_db_from_hf(specific_file=None, retries=DOWNLOAD_RETRIES, delay=DOWN
     logging.info(f"Download process finished. Overall success: {all_successful}")
     return all_successful
 
+def upload_db_to_hf(specific_file=None):
+    if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN (for writing) not set. Skipping upload to Hugging Face.")
+        return
+    try:
+        api = HfApi()
+        files_to_upload = [specific_file] if specific_file else SYNC_FILES
+        logging.info(f"Starting upload of {files_to_upload} to HF repo {REPO_ID}...")
+
+        for file_name in files_to_upload:
+            if os.path.exists(file_name):
+                try:
+                    api.upload_file(
+                        path_or_fileobj=file_name,
+                        path_in_repo=file_name,
+                        repo_id=REPO_ID,
+                        repo_type="dataset",
+                        token=HF_TOKEN_WRITE,
+                        commit_message=f"Sync {file_name} {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
+                    )
+                    logging.info(f"File {file_name} successfully uploaded to Hugging Face.")
+                except Exception as e:
+                     logging.error(f"Error uploading file {file_name} to Hugging Face: {e}")
+            else:
+                logging.warning(f"File {file_name} not found locally, skipping upload.")
+        logging.info("Finished uploading files to HF.")
+    except Exception as e:
+        logging.error(f"General error during Hugging Face upload initialization or process: {e}", exc_info=True)
+
+def periodic_backup():
+    backup_interval = 1800
+    logging.info(f"Setting up periodic backup every {backup_interval} seconds.")
+    while True:
+        time.sleep(backup_interval)
+        logging.info("Starting periodic backup...")
+        upload_db_to_hf()
+        logging.info("Periodic backup finished.")
+
+# --- Data Loading and Saving Functions ---
+
 def load_data():
-    default_data = {'products': [], 'categories': []}
+    default_data = {'products': [], 'categories': [], 'orders': {}}
     try:
         with open(DATA_FILE, 'r', encoding='utf-8') as file:
             data = json.load(file)
@@ -100,6 +157,7 @@ def load_data():
              raise FileNotFoundError # Treat as missing to trigger download
         if 'products' not in data: data['products'] = []
         if 'categories' not in data: data['categories'] = []
+        if 'orders' not in data: data['orders'] = {} # Initialize orders if missing
         return data
     except FileNotFoundError:
         logging.warning(f"Local file {DATA_FILE} not found. Attempting download from HF.")
@@ -118,6 +176,7 @@ def load_data():
                  return default_data
             if 'products' not in data: data['products'] = []
             if 'categories' not in data: data['categories'] = []
+            if 'orders' not in data: data['orders'] = {} # Initialize orders if missing
             return data
         except FileNotFoundError:
              logging.error(f"File {DATA_FILE} still not found even after download reported success. Using default.")
@@ -130,6 +189,14 @@ def load_data():
             return default_data
     else:
         logging.error(f"Failed to download {DATA_FILE} from HF after retries. Using empty default data structure.")
+        # Create empty file locally if download failed and file doesn't exist
+        if not os.path.exists(DATA_FILE):
+            try:
+                with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                    json.dump(default_data, f)
+                logging.info(f"Created empty local file {DATA_FILE} after failed download.")
+            except Exception as create_e:
+                logging.error(f"Failed to create empty local file {DATA_FILE}: {create_e}")
         return default_data # Return empty structure in memory
 
 def save_data(data):
@@ -140,6 +207,7 @@ def save_data(data):
             return
         if 'products' not in data: data['products'] = []
         if 'categories' not in data: data['categories'] = []
+        if 'orders' not in data: data['orders'] = {} # Ensure orders key exists
 
         with open(DATA_FILE, 'w', encoding='utf-8') as file:
             json.dump(data, file, ensure_ascii=False, indent=4)
@@ -179,6 +247,14 @@ def load_users():
             return default_users
     else:
         logging.error(f"Failed to download {USERS_FILE} from HF after retries. Using empty default user structure.")
+         # Create empty file locally if download failed and file doesn't exist
+        if not os.path.exists(USERS_FILE):
+            try:
+                with open(USERS_FILE, 'w', encoding='utf-8') as f:
+                    json.dump(default_users, f)
+                logging.info(f"Created empty local file {USERS_FILE} after failed download.")
+            except Exception as create_e:
+                 logging.error(f"Failed to create empty local file {USERS_FILE}: {create_e}")
         return default_users # Return empty structure in memory
 
 def save_users(users):
@@ -193,55 +269,9 @@ def save_users(users):
     except Exception as e:
         logging.error(f"Error saving user data to {USERS_FILE}: {e}", exc_info=True)
 
-def upload_db_to_hf(specific_file=None):
-    if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN (for writing) not set. Skipping upload to Hugging Face.")
-        return
-    try:
-        api = HfApi()
-        files_to_upload = [specific_file] if specific_file else SYNC_FILES
-        logging.info(f"Starting upload of {files_to_upload} to HF repo {REPO_ID}...")
-
-        for file_name in files_to_upload:
-            if os.path.exists(file_name):
-                try:
-                    api.upload_file(
-                        path_or_fileobj=file_name,
-                        path_in_repo=file_name,
-                        repo_id=REPO_ID,
-                        repo_type="dataset",
-                        token=HF_TOKEN_WRITE,
-                        commit_message=f"Sync {file_name} {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
-                    )
-                    logging.info(f"File {file_name} successfully uploaded to Hugging Face.")
-                except Exception as e:
-                     logging.error(f"Error uploading file {file_name} to Hugging Face: {e}")
-            else:
-                logging.warning(f"File {file_name} not found locally, skipping upload.")
-        logging.info("Finished uploading files to HF.")
-    except Exception as e:
-        logging.error(f"General error during Hugging Face upload initialization or process: {e}", exc_info=True)
-
-def periodic_backup():
-    backup_interval = 1800
-    logging.info(f"Setting up periodic backup every {backup_interval} seconds.")
-    while True:
-        time.sleep(backup_interval)
-        logging.info("Starting periodic backup...")
-        upload_db_to_hf()
-        logging.info("Periodic backup finished.")
-
-@app.route('/')
-def catalog():
-    data = load_data()
-    all_products = data.get('products', [])
-    categories = data.get('categories', [])
-    is_authenticated = 'user' in session
-
-    products_in_stock = [p for p in all_products if p.get('in_stock', True)]
-    products_sorted = sorted(products_in_stock, key=lambda p: (not p.get('is_top', False), p.get('name', '').lower()))
+# --- Templates ---
 
-    catalog_html = '''
+CATALOG_TEMPLATE = '''
     <!DOCTYPE html>
     <html lang="ru">
     <head>
@@ -281,14 +311,17 @@ def catalog():
             body.dark-mode .category-filter { background-color: #253f37; border-color: #2c4a41; color: #97b7ae; }
             .category-filter.active, .category-filter:hover { background-color: #1C6758; color: white; border-color: #1C6758; box-shadow: 0 2px 10px rgba(28, 103, 88, 0.3); }
             body.dark-mode .category-filter.active, body.dark-mode .category-filter:hover { background-color: #3D8361; border-color: #3D8361; color: #1a2b26; box-shadow: 0 2px 10px rgba(61, 131, 97, 0.4); }
-            .products-grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 20px; padding: 10px; }
+            .products-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(150px, 1fr)); gap: 20px; padding: 10px; }
+            @media (min-width: 600px) { .products-grid { grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); } }
+            @media (min-width: 900px) { .products-grid { grid-template-columns: repeat(auto-fill, minmax(250px, 1fr)); } }
+
             .product { background: #fff; border-radius: 15px; padding: 0; box-shadow: 0 4px 15px rgba(0, 0, 0, 0.08); transition: transform 0.3s cubic-bezier(0.4, 0, 0.2, 1), box-shadow 0.3s ease; overflow: hidden; display: flex; flex-direction: column; justify-content: space-between; height: 100%; border: 1px solid #e1f0e9;}
             body.dark-mode .product { background: #253f37; box-shadow: 0 4px 15px rgba(0, 0, 0, 0.2); border-color: #2c4a41; }
             .product:hover { transform: translateY(-5px) scale(1.02); box-shadow: 0 6px 20px rgba(0, 0, 0, 0.12); }
             body.dark-mode .product:hover { box-shadow: 0 6px 20px rgba(0, 0, 0, 0.3); }
             .product-image { width: 100%; aspect-ratio: 1 / 1; background-color: #fff; border-radius: 10px 10px 0 0; overflow: hidden; display: flex; justify-content: center; align-items: center; margin-bottom: 0; }
             .product-image img { max-width: 100%; max-height: 100%; object-fit: contain; transition: transform 0.3s ease; }
-            .product-image img:hover { transform: scale(1.08); }
+            /* Removed hover effect from image itself to avoid double scaling */
             .product-info { padding: 15px; flex-grow: 1; display: flex; flex-direction: column; justify-content: center; }
             .product h2 { font-size: 1.1rem; font-weight: 600; margin: 0 0 8px 0; text-align: center; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; color: #2d332f; }
             body.dark-mode .product h2 { color: #c8d8d3; }
@@ -320,10 +353,10 @@ def catalog():
             .cart-item:last-child { border-bottom: none; }
             .cart-item img { width: 60px; height: 60px; object-fit: contain; border-radius: 8px; background-color: #fff; padding: 5px; grid-column: 1; }
             .cart-item-details { grid-column: 2; }
-            .cart-item-details strong { display: block; margin-bottom: 5px; }
+            .cart-item-details strong { display: block; margin-bottom: 5px; font-size: 1rem; }
             .cart-item-price { font-size: 0.9rem; color: #44524c; }
             body.dark-mode .cart-item-price { color: #8aa39a; }
-            .cart-item-total { font-weight: bold; text-align: right; grid-column: 3; }
+            .cart-item-total { font-weight: bold; text-align: right; grid-column: 3; font-size: 1rem;}
             .cart-item-remove { grid-column: 4; background:none; border:none; color:#f56565; cursor:pointer; font-size: 1.3em; padding: 5px; line-height: 1; }
             .cart-item-remove:hover { color: #c53030; }
             .quantity-input, .color-select { width: 100%; max-width: 180px; padding: 10px; border: 1px solid #d1e7dd; border-radius: 8px; font-size: 1rem; margin: 10px 0; box-sizing: border-box; }
@@ -335,8 +368,8 @@ def catalog():
             .cart-actions .product-button { width: auto; flex-grow: 1; }
             .clear-cart { background-color: #7a8d85; }
             .clear-cart:hover { background-color: #5e6e68; box-shadow: 0 4px 15px rgba(94, 110, 104, 0.4); }
-            .order-button { background-color: #38a169; }
-            .order-button:hover { background-color: #2f855a; box-shadow: 0 4px 15px rgba(47, 133, 90, 0.4); }
+            .formulate-order-button { background-color: #38a169; }
+            .formulate-order-button:hover { background-color: #2f855a; box-shadow: 0 4px 15px rgba(47, 133, 90, 0.4); }
             .notification { position: fixed; bottom: 80px; left: 50%; transform: translateX(-50%); background-color: #38a169; color: white; padding: 10px 20px; border-radius: 20px; box-shadow: 0 4px 10px rgba(0,0,0,0.2); z-index: 1002; opacity: 0; transition: opacity 0.5s ease; font-size: 0.9rem;}
             .notification.show { opacity: 1;}
             .no-results-message { grid-column: 1 / -1; text-align: center; padding: 40px; font-size: 1.1rem; color: #5e6e68; }
@@ -449,8 +482,8 @@ def catalog():
                     <button class="product-button clear-cart" onclick="clearCart()">
                        <i class="fas fa-trash"></i> Очистить корзину
                     </button>
-                    <button class="product-button order-button" onclick="orderViaWhatsApp()">
-                       <i class="fab fa-whatsapp"></i> Заказать через WhatsApp
+                    <button class="product-button formulate-order-button" onclick="formulateOrder()">
+                       <i class="fas fa-file-alt"></i> Сформировать заказ
                     </button>
                 </div>
             </div>
@@ -574,7 +607,7 @@ def catalog():
             function openQuantityModal(index) {
                 if (!isAuthenticated) {
                     alert('Пожалуйста, войдите в систему, чтобы добавить товар в корзину.');
-                    window.location.href = '/login';
+                    window.location.href = '{{ url_for("login") }}';
                     return;
                 }
                 selectedProductIndex = index;
@@ -633,14 +666,14 @@ def catalog():
                     return;
                  }
 
-                const cartItemId = `${product.name}-${color}`;
+                const cartItemId = `${product.name}-${color}`; // Use name + color as ID
                 const existingItemIndex = cart.findIndex(item => item.id === cartItemId);
 
                 if (existingItemIndex > -1) {
                     cart[existingItemIndex].quantity += quantity;
                 } else {
                     cart.push({
-                        id: cartItemId,
+                        id: cartItemId, // Unique ID for the item *variant* in the cart
                         name: product.name,
                         price: product.price,
                         photo: product.photos && product.photos.length > 0 ? product.photos[0] : null,
@@ -715,7 +748,7 @@ def catalog():
              function removeFromCart(itemId) {
                 cart = cart.filter(item => item.id !== itemId);
                 localStorage.setItem('soolaCart', JSON.stringify(cart));
-                openCartModal();
+                openCartModal(); // Refresh cart modal view
                 updateCartButton();
              }
 
@@ -723,56 +756,55 @@ def catalog():
                 if (confirm("Вы уверены, что хотите очистить корзину?")) {
                     cart = [];
                     localStorage.removeItem('soolaCart');
-                    openCartModal();
+                    openCartModal(); // Refresh cart modal view
                     updateCartButton();
                 }
             }
 
-            function orderViaWhatsApp() {
+            function formulateOrder() {
                 if (cart.length === 0) {
-                    alert("Корзина пуста! Добавьте товары перед заказом.");
+                    alert("Корзина пуста! Добавьте товары перед формированием заказа.");
                     return;
                 }
-                let total = 0;
-                let orderText = "🛍️ *Новый Заказ от Soola Cosmetics* 🛍️%0A";
-                orderText += "----------------------------------------%0A";
-                orderText += "*Детали заказа:*%0A";
-                orderText += "----------------------------------------%0A";
-                cart.forEach((item, index) => {
-                    const itemTotal = item.price * item.quantity;
-                    total += itemTotal;
-                    const colorText = item.color !== 'N/A' ? ` (${item.color})` : '';
-                    orderText += `${index + 1}. *${item.name}*${colorText}%0A`;
-                    orderText += `   Кол-во: ${item.quantity}%0A`;
-                    orderText += `   Цена: ${item.price.toFixed(2)} ${currencyCode}%0A`;
-                    orderText += `   *Сумма: ${itemTotal.toFixed(2)} ${currencyCode}*%0A%0A`;
-                });
-                orderText += "----------------------------------------%0A";
-                orderText += `*ИТОГО: ${total.toFixed(2)} ${currencyCode}*%0A`;
-                orderText += "----------------------------------------%0A";
-
-                if (userInfo && userInfo.login) {
-                     orderText += "*Данные клиента:*%0A";
-                     orderText += `Имя: ${userInfo.first_name || ''} ${userInfo.last_name || ''}%0A`;
-                     orderText += `Логин: ${userInfo.login}%0A`;
-                     if (userInfo.phone) {
-                         orderText += `Телефон: ${userInfo.phone}%0A`;
-                     }
-                     orderText += `Страна: ${userInfo.country || 'Не указана'}%0A`;
-                     orderText += `Город: ${userInfo.city || 'Не указан'}%0A`;
-                } else {
-                     orderText += "*Клиент не авторизован*%0A";
-                }
-                orderText += "----------------------------------------%0A";
-
-                const now = new Date();
-                const dateTimeString = now.toLocaleString('ru-RU', { dateStyle: 'short', timeStyle: 'short' });
-                orderText += `Дата заказа: ${dateTimeString}%0A`;
-                orderText += `_Сформировано автоматически_`;
 
-                const whatsappNumber = "996997703090";
-                const whatsappUrl = `https://api.whatsapp.com/send?phone=${whatsappNumber}&text=${orderText}`; // No need to encodeURIComponent here if already done piece by piece
-                window.open(whatsappUrl, '_blank');
+                const orderData = {
+                    cart: cart,
+                    userInfo: isAuthenticated ? userInfo : null // Include user info if logged in
+                };
+
+                // Disable button to prevent multiple clicks
+                const formulateButton = document.querySelector('.formulate-order-button');
+                if (formulateButton) formulateButton.disabled = true;
+
+                showNotification("Формируем заказ...", 5000);
+
+                fetch('/create_order', {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify(orderData)
+                })
+                .then(response => {
+                    if (!response.ok) {
+                        return response.json().then(err => { throw new Error(err.error || 'Не удалось создать заказ'); });
+                    }
+                    return response.json();
+                })
+                .then(data => {
+                    if (data.order_id) {
+                        localStorage.removeItem('soolaCart'); // Clear cart on success
+                        cart = []; // Clear local cart variable
+                        updateCartButton(); // Update button display
+                        closeModal('cartModal'); // Close cart modal
+                        window.location.href = `/order/${data.order_id}`; // Redirect to order page
+                    } else {
+                        throw new Error('Не получен ID заказа от сервера.');
+                    }
+                })
+                .catch(error => {
+                    console.error('Ошибка при формировании заказа:', error);
+                    alert(`Ошибка: ${error.message}`);
+                     if (formulateButton) formulateButton.disabled = false; // Re-enable button on error
+                });
             }
 
 
@@ -828,23 +860,39 @@ def catalog():
                          filterProducts();
                      });
                  });
-                 filterProducts();
+                 filterProducts(); // Initial filter application
              }
 
              function showNotification(message, duration = 3000) {
                 const placeholder = document.getElementById('notification-placeholder');
-                if (!placeholder) return;
+                if (!placeholder) {
+                    // Create placeholder if it doesn't exist
+                    const newPlaceholder = document.createElement('div');
+                    newPlaceholder.id = 'notification-placeholder';
+                    newPlaceholder.style.position = 'fixed';
+                    newPlaceholder.style.bottom = '80px'; // Adjust position as needed
+                    newPlaceholder.style.left = '50%';
+                    newPlaceholder.style.transform = 'translateX(-50%)';
+                    newPlaceholder.style.zIndex = '1002';
+                    document.body.appendChild(newPlaceholder);
+                    placeholder = newPlaceholder;
+                 }
+
 
                 const notification = document.createElement('div');
                 notification.className = 'notification';
                 notification.textContent = message;
                 placeholder.appendChild(notification);
 
-                setTimeout(() => { notification.classList.add('show'); }, 10);
+                // Force reflow before adding class for transition
+                void notification.offsetWidth;
+
+                notification.classList.add('show');
 
                 setTimeout(() => {
                     notification.classList.remove('show');
-                    setTimeout(() => { notification.remove(); }, 500);
+                    // Remove element after transition finishes
+                    notification.addEventListener('transitionend', () => notification.remove());
                 }, duration);
              }
 
@@ -854,12 +902,14 @@ def catalog():
                 updateCartButton();
                 setupFilters();
 
+                // Close modal on background click
                 window.addEventListener('click', function(event) {
                     if (event.target.classList.contains('modal')) {
                         closeModal(event.target.id);
                     }
                 });
 
+                // Close modal on Escape key press
                 window.addEventListener('keydown', function(event) {
                     if (event.key === 'Escape') {
                          document.querySelectorAll('.modal[style*="display: block"]').forEach(modal => {
@@ -872,35 +922,9 @@ def catalog():
         </script>
     </body>
     </html>
-    '''
-    return render_template_string(
-        catalog_html,
-        products=products_sorted,
-        categories=categories,
-        repo_id=REPO_ID,
-        is_authenticated=is_authenticated,
-        store_address=STORE_ADDRESS,
-        session=session,
-        currency_code=CURRENCY_CODE
-    )
-
-@app.route('/product/<int:index>')
-def product_detail(index):
-    data = load_data()
-    all_products = data.get('products', [])
-    products_in_stock = [p for p in all_products if p.get('in_stock', True)]
-    products_sorted = sorted(products_in_stock, key=lambda p: (not p.get('is_top', False), p.get('name', '').lower()))
-
-    is_authenticated = 'user' in session
-    try:
-        product = products_sorted[index]
-        if not product.get('in_stock', True):
-            raise IndexError("Товар не в наличии")
-    except IndexError:
-        logging.warning(f"Attempted access to non-existent or out-of-stock product with index {index}")
-        return "Товар не найден или отсутствует в наличии.", 404
+'''
 
-    detail_html = '''
+PRODUCT_DETAIL_TEMPLATE = '''
     <div style="padding: 10px;">
         <h2 style="font-size: 1.6rem; font-weight: 600; margin-bottom: 15px; text-align: center; color: #1C6758;">{{ product['name'] }}</h2>
         <div class="swiper-container" style="max-width: 450px; margin: 0 auto 20px; border-radius: 10px; overflow: hidden; background-color: #fff;">
@@ -942,14 +966,7 @@ def product_detail(index):
             {% endif %}
         </div>
     </div>
-    '''
-    return render_template_string(
-        detail_html,
-        product=product,
-        repo_id=REPO_ID,
-        is_authenticated=is_authenticated,
-        currency_code=CURRENCY_CODE
-    )
+'''
 
 LOGIN_TEMPLATE = '''
 <!DOCTYPE html>
@@ -992,83 +1009,7 @@ LOGIN_TEMPLATE = '''
 </html>
 '''
 
-@app.route('/login', methods=['GET', 'POST'])
-def login():
-    if request.method == 'POST':
-        login = request.form.get('login')
-        password = request.form.get('password')
-        if not login or not password:
-             return render_template_string(LOGIN_TEMPLATE, error="Логин и пароль не могут быть пустыми."), 400
-
-        users = load_users()
-
-        if login in users and users[login].get('password') == password:
-            user_info = users[login]
-            session['user'] = login
-            session['user_info'] = {
-                'login': login,
-                'first_name': user_info.get('first_name', ''),
-                'last_name': user_info.get('last_name', ''),
-                'country': user_info.get('country', ''),
-                'city': user_info.get('city', ''),
-                'phone': user_info.get('phone', '')
-            }
-            logging.info(f"User {login} logged in successfully.")
-            login_response_html = f'''
-             <!DOCTYPE html><html><head><title>Перенаправление...</title></head><body>
-             <script>
-                try {{ localStorage.setItem('soolaUser', '{login}'); }} catch (e) {{ console.error("Error saving to localStorage:", e); }}
-                window.location.href = "{url_for('catalog')}";
-             </script>
-             <p>Вход выполнен успешно. Перенаправление в <a href="{url_for('catalog')}">каталог</a>...</p>
-             </body></html>
-             '''
-            return login_response_html
-        else:
-            logging.warning(f"Failed login attempt for user {login}.")
-            error_message = "Неверный логин или пароль."
-            return render_template_string(LOGIN_TEMPLATE, error=error_message), 401
-
-    return render_template_string(LOGIN_TEMPLATE, error=None)
-
-@app.route('/auto_login', methods=['POST'])
-def auto_login():
-    data = request.get_json()
-    if not data or 'login' not in data:
-         logging.warning("Auto_login request missing data or login.")
-         return "Invalid request", 400
-
-    login = data.get('login')
-    if not login:
-        logging.warning("Attempted auto_login with empty login.")
-        return "Login not provided", 400
-
-    users = load_users()
-    if login in users:
-        user_info = users[login]
-        session['user'] = login
-        session['user_info'] = {
-                'login': login,
-                'first_name': user_info.get('first_name', ''),
-                'last_name': user_info.get('last_name', ''),
-                'country': user_info.get('country', ''),
-                'city': user_info.get('city', ''),
-                'phone': user_info.get('phone', '')
-            }
-        logging.info(f"Auto-login successful for user {login}.")
-        return "OK", 200
-    else:
-        logging.warning(f"Failed auto-login attempt for non-existent user {login}.")
-        return "Auto-login failed", 400
-
-@app.route('/logout')
-def logout():
-    logged_out_user = session.get('user')
-    session.pop('user', None)
-    session.pop('user_info', None)
-    if logged_out_user:
-        logging.info(f"User {logged_out_user} logged out.")
-    logout_response_html = '''
+LOGOUT_REDIRECT_TEMPLATE = '''
      <!DOCTYPE html><html><head><title>Выход...</title></head><body>
      <script>
          try { localStorage.removeItem('soolaUser'); } catch (e) { console.error("Error removing from localStorage:", e); }
@@ -1077,7 +1018,129 @@ def logout():
       <p>Выход выполнен. Перенаправление на <a href="/">главную страницу</a>...</p>
      </body></html>
     '''
-    return logout_response_html
+
+LOGIN_REDIRECT_TEMPLATE = '''
+     <!DOCTYPE html><html><head><title>Перенаправление...</title></head><body>
+     <script>
+        try {{ localStorage.setItem('soolaUser', '{login}'); }} catch (e) {{ console.error("Error saving to localStorage:", e); }}
+        window.location.href = "{catalog_url}";
+     </script>
+     <p>Вход выполнен успешно. Перенаправление в <a href="{catalog_url}">каталог</a>...</p>
+     </body></html>
+     '''
+
+ORDER_TEMPLATE = '''
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Заказ №{{ order.id }} - Soola Cosmetics</title>
+    <link href="https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
+    <style>
+        body { font-family: 'Poppins', sans-serif; background: #f0f9f4; color: #2d332f; line-height: 1.6; padding: 20px; }
+        .container { max-width: 800px; margin: 20px auto; padding: 30px; background: #fff; border-radius: 15px; box-shadow: 0 4px 15px rgba(0, 0, 0, 0.1); border: 1px solid #d1e7dd; }
+        h1 { text-align: center; color: #1C6758; margin-bottom: 25px; font-size: 1.8rem; font-weight: 600; }
+        h2 { color: #164B41; margin-top: 30px; margin-bottom: 15px; font-size: 1.4rem; border-bottom: 1px solid #d1e7dd; padding-bottom: 8px;}
+        .order-meta { font-size: 0.9rem; color: #5e6e68; margin-bottom: 20px; text-align: center; }
+        .order-item { display: grid; grid-template-columns: 60px 1fr auto; gap: 15px; align-items: center; padding: 15px 0; border-bottom: 1px solid #e1f0e9; }
+        .order-item:last-child { border-bottom: none; }
+        .order-item img { width: 60px; height: 60px; object-fit: contain; border-radius: 8px; background-color: #fff; padding: 5px; border: 1px solid #e1f0e9;}
+        .item-details strong { display: block; margin-bottom: 5px; font-size: 1.05rem; color: #2d332f;}
+        .item-details span { font-size: 0.9rem; color: #44524c; display: block;}
+        .item-total { font-weight: bold; text-align: right; font-size: 1rem; color: #1C6758;}
+        .order-summary { margin-top: 30px; padding-top: 20px; border-top: 2px solid #1C6758; text-align: right; }
+        .order-summary p { margin-bottom: 10px; font-size: 1.1rem; }
+        .order-summary strong { font-size: 1.3rem; color: #1C6758; }
+        .customer-info { margin-top: 30px; background-color: #f8fcfb; padding: 20px; border-radius: 8px; border: 1px solid #e1f0e9;}
+        .customer-info p { margin-bottom: 8px; font-size: 0.95rem; }
+        .customer-info strong { color: #164B41; }
+        .actions { margin-top: 30px; text-align: center; }
+        .button { padding: 12px 25px; border: none; border-radius: 8px; background-color: #25D366; /* WhatsApp Green */ color: white; font-weight: 600; cursor: pointer; transition: background-color 0.3s ease, transform 0.1s ease; font-size: 1rem; display: inline-flex; align-items: center; gap: 8px; text-decoration: none; }
+        .button:hover { background-color: #128C7E; }
+        .button:active { transform: scale(0.98); }
+        .button i { font-size: 1.2rem; }
+        .catalog-link { display: block; text-align: center; margin-top: 25px; color: #3D8361; text-decoration: none; font-size: 0.9rem; }
+        .catalog-link:hover { text-decoration: underline; }
+        .not-found { text-align: center; color: #c53030; font-size: 1.2rem; padding: 40px 0;}
+    </style>
+</head>
+<body>
+    <div class="container">
+        {% if order %}
+            <h1><i class="fas fa-receipt"></i> Ваш Заказ №{{ order.id }}</h1>
+            <p class="order-meta">Дата создания: {{ order.created_at }}</p>
+
+            <h2><i class="fas fa-shopping-bag"></i> Товары в заказе</h2>
+            <div id="orderItems">
+                {% for item in order.cart %}
+                    <div class="order-item">
+                        <img src="{{ item.photo_url }}" alt="{{ item.name }}">
+                        <div class="item-details">
+                            <strong>{{ item.name }} {% if item.color != 'N/A' %}({{ item.color }}){% endif %}</strong>
+                            <span>{{ "%.2f"|format(item.price) }} {{ currency_code }} × {{ item.quantity }}</span>
+                        </div>
+                        <div class="item-total">
+                            {{ "%.2f"|format(item.price * item.quantity) }} {{ currency_code }}
+                        </div>
+                    </div>
+                {% endfor %}
+            </div>
+
+            <div class="order-summary">
+                <p>Общая сумма товаров: <strong>{{ "%.2f"|format(order.total_price) }} {{ currency_code }}</strong></p>
+                {# Add shipping/discount info here if applicable in the future #}
+                <p><strong>ИТОГО К ОПЛАТЕ: {{ "%.2f"|format(order.total_price) }} {{ currency_code }}</strong></p>
+            </div>
+
+            {% if order.user_info %}
+            <div class="customer-info">
+                <h2><i class="fas fa-user"></i> Информация о клиенте</h2>
+                <p><strong>Логин:</strong> {{ order.user_info.login }}</p>
+                <p><strong>Имя:</strong> {{ order.user_info.get('first_name', '') }} {{ order.user_info.get('last_name', '') }}</p>
+                <p><strong>Телефон:</strong> {{ order.user_info.get('phone', 'Не указан') }}</p>
+                <p><strong>Страна:</strong> {{ order.user_info.get('country', 'Не указана') }}</p>
+                <p><strong>Город:</strong> {{ order.user_info.get('city', 'Не указан') }}</p>
+            </div>
+            {% else %}
+            <div class="customer-info">
+                 <h2><i class="fas fa-user-slash"></i> Информация о клиенте</h2>
+                 <p>Клиент не был авторизован при создании заказа.</p>
+            </div>
+            {% endif %}
+
+            <div class="actions">
+                 <button class="button" onclick="sendOrderViaWhatsApp()"><i class="fab fa-whatsapp"></i> Отправить заказ</button>
+            </div>
+
+            <a href="{{ url_for('catalog') }}" class="catalog-link">← Вернуться в каталог</a>
+
+            <script>
+                function sendOrderViaWhatsApp() {
+                    const orderId = '{{ order.id }}';
+                    const orderUrl = `{{ request.url }}`; // Gets the current page URL
+                    const whatsappNumber = "996997703090"; // Replace with your number
+
+                    let message = `Здравствуйте! Хочу подтвердить свой заказ на Soola Cosmetics:%0A%0A`;
+                    message += `*Номер заказа:* ${orderId}%0A`;
+                    message += `*Ссылка на заказ:* ${encodeURIComponent(orderUrl)}%0A%0A`;
+                    message += `Пожалуйста, свяжитесь со мной для уточнения деталей оплаты и доставки.`;
+
+                    const whatsappUrl = `https://api.whatsapp.com/send?phone=${whatsappNumber}&text=${message}`;
+                    window.open(whatsappUrl, '_blank');
+                }
+            </script>
+
+        {% else %}
+            <h1 style="color: #c53030;"><i class="fas fa-exclamation-triangle"></i> Ошибка</h1>
+            <p class="not-found">Заказ с таким ID не найден.</p>
+            <a href="{{ url_for('catalog') }}" class="catalog-link">← Вернуться в каталог</a>
+        {% endif %}
+    </div>
+</body>
+</html>
+'''
 
 ADMIN_TEMPLATE = '''
     <!DOCTYPE html>
@@ -1464,6 +1527,7 @@ ADMIN_TEMPLATE = '''
                 if (group) {
                     const container = group.parentNode;
                     group.remove();
+                    // Add a placeholder input if the container becomes empty
                     if (container && container.children.length === 0) {
                          const placeholderGroup = document.createElement('div');
                          placeholderGroup.className = 'color-input-group';
@@ -1482,14 +1546,231 @@ ADMIN_TEMPLATE = '''
     </html>
 '''
 
+# --- Flask Routes ---
+
+@app.route('/')
+def catalog():
+    data = load_data()
+    all_products = data.get('products', [])
+    categories = sorted(data.get('categories', [])) # Sort categories alphabetically
+    is_authenticated = 'user' in session
+
+    # Filter out-of-stock and sort: top first, then by name
+    products_in_stock = [p for p in all_products if p.get('in_stock', True)]
+    products_sorted = sorted(products_in_stock, key=lambda p: (not p.get('is_top', False), p.get('name', '').lower()))
+
+    return render_template_string(
+        CATALOG_TEMPLATE,
+        products=products_sorted,
+        categories=categories,
+        repo_id=REPO_ID,
+        is_authenticated=is_authenticated,
+        store_address=STORE_ADDRESS,
+        session=session,
+        currency_code=CURRENCY_CODE
+    )
+
+@app.route('/product/<int:index>')
+def product_detail(index):
+    data = load_data()
+    all_products = data.get('products', [])
+    # We need the same filtering and sorting logic as in catalog to match the index
+    products_in_stock = [p for p in all_products if p.get('in_stock', True)]
+    products_sorted = sorted(products_in_stock, key=lambda p: (not p.get('is_top', False), p.get('name', '').lower()))
+
+    is_authenticated = 'user' in session
+    try:
+        product = products_sorted[index]
+        # No need to check in_stock again, already filtered
+    except IndexError:
+        logging.warning(f"Attempted access to non-existent or out-of-stock product with index {index}")
+        return "Товар не найден или отсутствует в наличии.", 404
+
+    return render_template_string(
+        PRODUCT_DETAIL_TEMPLATE,
+        product=product,
+        repo_id=REPO_ID,
+        is_authenticated=is_authenticated,
+        currency_code=CURRENCY_CODE
+    )
+
+@app.route('/login', methods=['GET', 'POST'])
+def login():
+    if request.method == 'POST':
+        login_attempt = request.form.get('login')
+        password = request.form.get('password')
+        if not login_attempt or not password:
+             return render_template_string(LOGIN_TEMPLATE, error="Логин и пароль не могут быть пустыми."), 400
+
+        users = load_users()
+
+        if login_attempt in users and users[login_attempt].get('password') == password:
+            user_info = users[login_attempt]
+            session['user'] = login_attempt
+            session['user_info'] = {
+                'login': login_attempt,
+                'first_name': user_info.get('first_name', ''),
+                'last_name': user_info.get('last_name', ''),
+                'country': user_info.get('country', ''),
+                'city': user_info.get('city', ''),
+                'phone': user_info.get('phone', '')
+            }
+            logging.info(f"User {login_attempt} logged in successfully.")
+            # Use template for redirect script
+            return render_template_string(LOGIN_REDIRECT_TEMPLATE,
+                                          login=login_attempt,
+                                          catalog_url=url_for('catalog'))
+        else:
+            logging.warning(f"Failed login attempt for user {login_attempt}.")
+            error_message = "Неверный логин или пароль."
+            return render_template_string(LOGIN_TEMPLATE, error=error_message), 401
+
+    # GET request
+    return render_template_string(LOGIN_TEMPLATE, error=None)
+
+@app.route('/auto_login', methods=['POST'])
+def auto_login():
+    data = request.get_json()
+    if not data or 'login' not in data:
+         logging.warning("Auto_login request missing data or login.")
+         return jsonify({"error": "Invalid request"}), 400
+
+    login_attempt = data.get('login')
+    if not login_attempt:
+        logging.warning("Attempted auto_login with empty login.")
+        return jsonify({"error": "Login not provided"}), 400
+
+    users = load_users()
+    if login_attempt in users:
+        user_info = users[login_attempt]
+        session['user'] = login_attempt
+        session['user_info'] = {
+                'login': login_attempt,
+                'first_name': user_info.get('first_name', ''),
+                'last_name': user_info.get('last_name', ''),
+                'country': user_info.get('country', ''),
+                'city': user_info.get('city', ''),
+                'phone': user_info.get('phone', '')
+            }
+        logging.info(f"Auto-login successful for user {login_attempt}.")
+        return jsonify({"message": "OK"}), 200
+    else:
+        logging.warning(f"Failed auto-login attempt for non-existent user {login_attempt}.")
+        # Don't reveal user existence, just fail generically
+        return jsonify({"error": "Auto-login failed"}), 401 # Use 401 Unauthorized
+
+@app.route('/logout')
+def logout():
+    logged_out_user = session.get('user')
+    session.pop('user', None)
+    session.pop('user_info', None)
+    if logged_out_user:
+        logging.info(f"User {logged_out_user} logged out.")
+    # Use template for redirect script
+    return render_template_string(LOGOUT_REDIRECT_TEMPLATE)
+
+@app.route('/create_order', methods=['POST'])
+def create_order():
+    order_data = request.get_json()
+
+    if not order_data or 'cart' not in order_data or not order_data['cart']:
+        logging.warning("Create order request missing cart data or cart is empty.")
+        return jsonify({"error": "Корзина пуста или не передана."}), 400
+
+    cart_items = order_data['cart']
+    user_info = order_data.get('userInfo', None) # User info might be null if not logged in
+
+    # Recalculate total server-side for security/consistency
+    total_price = 0
+    processed_cart = []
+    for item in cart_items:
+        # Basic validation (can be expanded)
+        if not all(k in item for k in ('name', 'price', 'quantity')):
+            logging.error(f"Invalid cart item structure received: {item}")
+            return jsonify({"error": "Неверный формат товара в корзине."}), 400
+        try:
+            price = float(item['price'])
+            quantity = int(item['quantity'])
+            if price < 0 or quantity <= 0:
+                raise ValueError("Invalid price or quantity")
+            total_price += price * quantity
+            # Construct item data for saving
+            processed_cart.append({
+                "name": item['name'],
+                "price": price,
+                "quantity": quantity,
+                "color": item.get('color', 'N/A'),
+                "photo": item.get('photo'), # Store photo filename if available
+                # Generate photo URL here for easier display later
+                "photo_url": f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/photos/{item['photo']}" if item.get('photo') else "https://via.placeholder.com/60x60.png?text=N/A"
+            })
+        except (ValueError, TypeError) as e:
+            logging.error(f"Invalid price/quantity in cart item: {item}. Error: {e}")
+            return jsonify({"error": "Неверная цена или количество в товаре."}), 400
+
+    order_id = f"{datetime.now().strftime('%Y%m%d%H%M%S')}-{uuid.uuid4().hex[:6]}"
+    order_timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+
+    new_order = {
+        "id": order_id,
+        "created_at": order_timestamp,
+        "cart": processed_cart,
+        "total_price": round(total_price, 2),
+        "user_info": user_info, # Can be None
+        "status": "new" # Initial status
+    }
+
+    try:
+        data = load_data()
+        # Ensure 'orders' key exists and is a dictionary
+        if 'orders' not in data or not isinstance(data.get('orders'), dict):
+            data['orders'] = {}
+
+        data['orders'][order_id] = new_order
+        save_data(data)
+        logging.info(f"Order {order_id} created successfully.")
+        return jsonify({"order_id": order_id}), 201 # 201 Created status code
+
+    except Exception as e:
+        logging.error(f"Failed to save order {order_id}: {e}", exc_info=True)
+        return jsonify({"error": "Ошибка сервера при сохранении заказа."}), 500
+
+@app.route('/order/<order_id>')
+def view_order(order_id):
+    # No login required for this route
+    data = load_data()
+    order = data.get('orders', {}).get(order_id)
+
+    if order:
+        # Format timestamp for display if needed
+        # order['created_at_formatted'] = ...
+        logging.info(f"Displaying order {order_id}")
+    else:
+        logging.warning(f"Order {order_id} not found.")
+
+    return render_template_string(ORDER_TEMPLATE,
+                                  order=order,
+                                  repo_id=REPO_ID,
+                                  currency_code=CURRENCY_CODE)
+
+
 @app.route('/admin', methods=['GET', 'POST'])
 def admin():
+    # Simple admin check (replace with proper authentication/authorization)
+    # For now, allow anyone access for demonstration, add security later
+    # if 'user' not in session or session.get('user') != 'admin_user':
+    #     flash("Доступ запрещен.", "error")
+    #     return redirect(url_for('login'))
+
     # Load data and users *before* processing POST to have the current state
     data = load_data()
     users = load_users()
     # Ensure products and categories are lists/dicts even if load failed
     products = data.get('products', [])
     categories = data.get('categories', [])
+    # Ensure 'orders' key exists and is a dictionary
+    if 'orders' not in data or not isinstance(data.get('orders'), dict):
+            data['orders'] = {}
 
     if request.method == 'POST':
         action = request.form.get('action')
@@ -1500,7 +1781,7 @@ def admin():
                 category_name = request.form.get('category_name', '').strip()
                 if category_name and category_name not in categories:
                     categories.append(category_name)
-                    categories.sort()
+                    # categories.sort() # Keep sorted list
                     data['categories'] = categories # Update the main data dict
                     save_data(data)
                     logging.info(f"Category '{category_name}' added.")
@@ -1517,15 +1798,16 @@ def admin():
                 if category_to_delete and category_to_delete in categories:
                     categories.remove(category_to_delete)
                     updated_count = 0
+                    # Update products that used this category
                     for product in products:
                         if product.get('category') == category_to_delete:
                             product['category'] = 'Без категории'
                             updated_count += 1
                     data['categories'] = categories # Update the main data dict
-                    data['products'] = products # Update the main data dict
+                    data['products'] = products # Update affected products
                     save_data(data)
                     logging.info(f"Category '{category_to_delete}' deleted. Updated products: {updated_count}.")
-                    flash(f"Категория '{category_to_delete}' удалена.", 'success')
+                    flash(f"Категория '{category_to_delete}' удалена. {updated_count} товаров обновлено.", 'success')
                 else:
                     logging.warning(f"Attempted to delete non-existent or empty category: {category_to_delete}")
                     flash(f"Не удалось удалить категорию '{category_to_delete}'.", 'error')
@@ -1566,13 +1848,14 @@ def admin():
                         if photo and photo.filename:
                             try:
                                 ext = os.path.splitext(photo.filename)[1].lower()
-                                # Basic check for common image extensions
                                 if ext not in ['.jpg', '.jpeg', '.png', '.gif', '.webp']:
                                      logging.warning(f"Skipping non-image file upload: {photo.filename}")
                                      flash(f"Файл {photo.filename} не является изображением и был пропущен.", "warning")
                                      continue
 
-                                photo_filename = secure_filename(f"{name.replace(' ','_')}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}")
+                                # Create a unique filename based on product name and time
+                                safe_name = secure_filename(name.replace(' ', '_'))[:50] # Limit length
+                                photo_filename = f"{safe_name}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}"
                                 temp_path = os.path.join(uploads_dir, photo_filename)
                                 photo.save(temp_path)
                                 logging.info(f"Uploading photo {photo_filename} to HF for product {name}...")
@@ -1586,25 +1869,28 @@ def admin():
                                 )
                                 photos_list.append(photo_filename)
                                 logging.info(f"Photo {photo_filename} uploaded successfully.")
-                                os.remove(temp_path)
+                                os.remove(temp_path) # Clean up temp file
                                 uploaded_count += 1
                             except Exception as e:
                                 logging.error(f"Error uploading photo {photo.filename} to HF: {e}", exc_info=True)
                                 flash(f"Ошибка при загрузке фото {photo.filename}.", 'error')
-                                # Optionally remove temp file if it exists after error
                                 if os.path.exists(temp_path):
                                     try: os.remove(temp_path)
-                                    except OSError: pass
+                                    except OSError: pass # Ignore error if file cannot be removed
                         elif photo and not photo.filename:
                              logging.warning("Received an empty photo file object when adding product.")
                     try:
-                         # Check if directory exists and is empty before removing
+                         # Clean up temp dir if empty
                          if os.path.exists(uploads_dir) and not os.listdir(uploads_dir):
                              os.rmdir(uploads_dir)
                     except OSError as e:
                         logging.warning(f"Could not remove temporary upload directory {uploads_dir}: {e}")
+                elif not HF_TOKEN_WRITE and photos_files and any(f.filename for f in photos_files):
+                    flash("HF_TOKEN (write) не настроен. Фотографии не были загружены.", "warning")
+
 
                 new_product = {
+                    # Consider adding a unique ID here later if needed
                     'name': name, 'price': price, 'description': description,
                     'category': category if category in categories else 'Без категории',
                     'photos': photos_list, 'colors': colors,
@@ -1635,6 +1921,7 @@ def admin():
                      logging.error(f"Invalid index '{index_str}' for editing. Product list length: {len(products)}")
                      return redirect(url_for('admin'))
 
+                # Update fields
                 product_to_edit['name'] = request.form.get('name', product_to_edit['name']).strip()
                 price_str = request.form.get('price', str(product_to_edit['price'])).replace(',', '.')
                 product_to_edit['description'] = request.form.get('description', product_to_edit.get('description', '')).strip()
@@ -1652,6 +1939,7 @@ def admin():
                      logging.warning(f"Invalid price format '{price_str}' during edit of product {original_name}. Price not changed.")
                      flash(f"Неверный формат цены для товара '{original_name}'. Цена не изменена.", 'warning')
 
+                # Handle photo replacement
                 photos_files = request.files.getlist('photos')
                 if photos_files and any(f.filename for f in photos_files) and HF_TOKEN_WRITE:
                     uploads_dir = 'uploads_temp'
@@ -1674,7 +1962,8 @@ def admin():
                                      flash(f"Файл {photo.filename} не является изображением и был пропущен.", "warning")
                                      continue
 
-                                photo_filename = secure_filename(f"{product_to_edit['name'].replace(' ','_')}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}")
+                                safe_name = secure_filename(product_to_edit['name'].replace(' ', '_'))[:50]
+                                photo_filename = f"{safe_name}_{datetime.now().strftime('%Y%m%d%H%M%S%f')}{ext}"
                                 temp_path = os.path.join(uploads_dir, photo_filename)
                                 photo.save(temp_path)
                                 logging.info(f"Uploading new photo {photo_filename} to HF...")
@@ -1698,7 +1987,8 @@ def admin():
                         logging.warning(f"Could not remove temporary upload directory {uploads_dir}: {e}")
 
                     if new_photos_list:
-                        logging.info(f"Photo list for product {product_to_edit['name']} updated.")
+                        logging.info(f"New photo list for product {product_to_edit['name']} generated.")
+                        # Delete old photos from HF *after* new ones are uploaded
                         old_photos = product_to_edit.get('photos', [])
                         if old_photos:
                             logging.info(f"Attempting to delete old photos: {old_photos}")
@@ -1712,12 +2002,17 @@ def admin():
                                 )
                                 logging.info(f"Old photos for product {product_to_edit['name']} deleted from HF.")
                             except Exception as e:
+                                # Log error but continue, new photos are already uploaded
                                 logging.error(f"Error deleting old photos {old_photos} from HF: {e}", exc_info=True)
-                                flash("Не удалось удалить старые фотографии с сервера.", "warning")
+                                flash("Не удалось удалить старые фотографии с сервера. Новые фото загружены.", "warning")
+                        # Update product data with new photo list
                         product_to_edit['photos'] = new_photos_list
                         flash("Фотографии товара успешно обновлены.", "success")
                     elif uploaded_count == 0 and any(f.filename for f in photos_files):
-                         flash("Не удалось загрузить новые фотографии.", "error")
+                         # Files were selected, but none were uploaded (e.g., wrong format)
+                         flash("Не удалось загрузить новые фотографии (возможно, неверный формат).", "error")
+                elif not HF_TOKEN_WRITE and photos_files and any(f.filename for f in photos_files):
+                    flash("HF_TOKEN (write) не настроен. Фотографии не были обновлены.", "warning")
 
                 # Update the product in the main list
                 products[index] = product_to_edit
@@ -1738,6 +2033,7 @@ def admin():
                     deleted_product = products.pop(index)
                     product_name = deleted_product.get('name', 'N/A')
 
+                    # Attempt to delete associated photos from HF
                     photos_to_delete = deleted_product.get('photos', [])
                     if photos_to_delete and HF_TOKEN_WRITE:
                         logging.info(f"Attempting to delete photos for product '{product_name}' from HF: {photos_to_delete}")
@@ -1752,8 +2048,13 @@ def admin():
                             )
                             logging.info(f"Photos for product '{product_name}' deleted from HF.")
                         except Exception as e:
+                             # Log error but proceed with local deletion
                              logging.error(f"Error deleting photos {photos_to_delete} for product '{product_name}' from HF: {e}", exc_info=True)
-                             flash(f"Не удалось удалить фото для товара '{product_name}' с сервера.", "warning")
+                             flash(f"Не удалось удалить фото для товара '{product_name}' с сервера. Товар удален локально.", "warning")
+                    elif photos_to_delete and not HF_TOKEN_WRITE:
+                        logging.warning(f"HF_TOKEN (write) not set. Cannot delete photos {photos_to_delete} for deleted product '{product_name}'.")
+                        flash(f"Товар '{product_name}' удален локально, но фото не удалены с сервера (токен не задан).", "warning")
+
 
                     data['products'] = products # Update the main data dict
                     save_data(data)
@@ -1780,7 +2081,7 @@ def admin():
                      return redirect(url_for('admin'))
 
                  users[login] = {
-                     'password': password,
+                     'password': password, # WARNING: Storing plain text
                      'first_name': first_name, 'last_name': last_name,
                      'phone': phone,
                      'country': country, 'city': city
@@ -1792,6 +2093,10 @@ def admin():
             elif action == 'delete_user':
                  login_to_delete = request.form.get('login')
                  if login_to_delete and login_to_delete in users:
+                     # Optional: Prevent deleting the current admin user?
+                     # if login_to_delete == session.get('user'):
+                     #    flash("Нельзя удалить текущего пользователя.", 'error')
+                     #    return redirect(url_for('admin'))
                      del users[login_to_delete]
                      save_users(users)
                      logging.info(f"User '{login_to_delete}' deleted.")
@@ -1804,21 +2109,23 @@ def admin():
                  logging.warning(f"Received unknown admin action: {action}")
                  flash(f"Неизвестное действие: {action}", 'warning')
 
+            # Redirect after POST to prevent form resubmission
             return redirect(url_for('admin'))
 
         except Exception as e:
+             # Catch potential errors during file operations, HF API calls, etc.
              logging.error(f"Error processing admin action '{action}': {e}", exc_info=True)
              flash(f"Произошла внутренняя ошибка при выполнении действия '{action}'. Подробности в логе сервера.", 'error')
              return redirect(url_for('admin'))
 
-    # GET request or after POST redirect
-    # Reload data and users again in case they were modified by POST and saved
-    # This ensures the template always shows the latest state after an action
+    # --- GET request ---
+    # Reload data and users again to ensure the template shows the latest state
     current_data = load_data()
     current_users = load_users()
-    display_products = current_data.get('products', [])
+    # Sort products for consistent display in admin panel (e.g., by name)
+    display_products = sorted(current_data.get('products', []), key=lambda p: p.get('name', '').lower())
     display_categories = sorted(current_data.get('categories', []))
-    display_users = dict(sorted(current_users.items()))
+    display_users = dict(sorted(current_users.items())) # Sort users by login
 
     return render_template_string(
         ADMIN_TEMPLATE,
@@ -1831,9 +2138,10 @@ def admin():
 
 @app.route('/force_upload', methods=['POST'])
 def force_upload():
+    # Add admin check here if needed
     logging.info("Forcing upload to Hugging Face...")
     try:
-        upload_db_to_hf()
+        upload_db_to_hf() # Uploads both files by default
         flash("Данные успешно загружены на Hugging Face.", 'success')
     except Exception as e:
         logging.error(f"Error during forced upload: {e}", exc_info=True)
@@ -1842,21 +2150,32 @@ def force_upload():
 
 @app.route('/force_download', methods=['POST'])
 def force_download():
+    # Add admin check here if needed
     logging.info("Forcing download from Hugging Face...")
     try:
-        if download_db_from_hf():
+        if download_db_from_hf(): # Downloads both files by default
             flash("Данные успешно скачаны с Hugging Face. Локальные файлы обновлены.", 'success')
+            # Reload data/users in memory after download might be needed depending on app structure
+            # load_data()
+            # load_users()
         else:
-            flash("Не удалось скачать данные с Hugging Face после нескольких попыток.", 'error')
+            flash("Не удалось скачать данные с Hugging Face после нескольких попыток. Проверьте логи.", 'error')
     except Exception as e:
         logging.error(f"Error during forced download: {e}", exc_info=True)
         flash(f"Ошибка при скачивании с Hugging Face: {e}", 'error')
     return redirect(url_for('admin'))
 
+
+# --- App Initialization ---
+
 if __name__ == '__main__':
-    # Initial load on startup
-    load_data()
-    load_users()
+    # Initial download/load on startup
+    logging.info("Application starting up. Performing initial data load/download...")
+    download_db_from_hf() # Attempt to download both files first
+    load_data()           # Load data (will use downloaded or default)
+    load_users()          # Load users (will use downloaded or default)
+    logging.info("Initial data load complete.")
+
 
     if HF_TOKEN_WRITE:
         backup_thread = threading.Thread(target=periodic_backup, daemon=True)
@@ -1868,6 +2187,8 @@ if __name__ == '__main__':
     port = int(os.environ.get('PORT', 7860))
     logging.info(f"Starting Flask app on host 0.0.0.0 and port {port}")
     # Use waitress or gunicorn in production instead of development server
-    # For simplicity, using Flask's dev server here
+    # For simplicity, using Flask's dev server here (debug=False for production-like behavior)
+    # Consider using waitress: pip install waitress; waitress-serve --host=0.0.0.0 --port=7860 app:app
     app.run(debug=False, host='0.0.0.0', port=port)
 
+# --- END OF FILE app.py ---