Update app.py

app.py

@@ -4,7 +4,8 @@ import json
 from flask import Flask, render_template, request, redirect, url_for, abort, flash, jsonify
 from flask_httpauth import HTTPBasicAuth
 from werkzeug.security import generate_password_hash, check_password_hash
-from huggingface_hub import hf_hub_download, upload_file, HfApi
+from werkzeug.utils import secure_filename
+from huggingface_hub import hf_hub_download, upload_file
 import logging
 import tempfile
 import fcntl
@@ -12,12 +13,16 @@ from datetime import datetime
 
 app = Flask(__name__)
 app.config['SECRET_KEY'] = os.getenv("FLASK_SECRET_KEY", "your-secret-key-here")
+app.config['UPLOAD_FOLDER'] = 'static/uploads'
 auth = HTTPBasicAuth()
 
 # Thiết lập logging
 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)
 
+# Đảm bảo thư mục upload tồn tại
+os.makedirs(app.config['UPLOAD_FOLDER'], exist_ok=True)
+
 # Cấu hình người dùng
 ADMIN_USERNAME = os.getenv("ADMIN_USERNAME", "admin")
 ADMIN_PASSWORD_HASH = generate_password_hash(os.getenv("ADMIN_PASSWORD", "password"))
@@ -115,7 +120,7 @@ def init_db():
         CREATE TABLE IF NOT EXISTS case_studies (
             id INTEGER PRIMARY KEY AUTOINCREMENT,
             title TEXT NOT NULL,
-            treatment TEXT,
+            treatment TEXT NOT NULL,
             description TEXT,
             before_image TEXT,
             after_image TEXT,
@@ -124,10 +129,10 @@ def init_db():
             patient_rating TEXT DEFAULT '5',
             patient_avatar TEXT,
             status TEXT DEFAULT 'draft',
-            date TEXT,
+            date TEXT NOT NULL,
             duration TEXT,
             visits TEXT,
-            case_id TEXT,
+            case_id TEXT NOT NULL UNIQUE,
             seo_title TEXT,
             seo_description TEXT,
             seo_keywords TEXT,
@@ -150,7 +155,7 @@ def init_db():
         CREATE TABLE IF NOT EXISTS pages (
             id INTEGER PRIMARY KEY AUTOINCREMENT,
             title TEXT NOT NULL,
-            slug TEXT NOT NULL,
+            slug TEXT NOT NULL UNIQUE,
             content TEXT,
             status TEXT DEFAULT 'draft',
             template TEXT DEFAULT 'default',
@@ -177,7 +182,7 @@ def init_db():
         CREATE TABLE IF NOT EXISTS posts (
             id INTEGER PRIMARY KEY AUTOINCREMENT,
             title TEXT NOT NULL,
-            slug TEXT NOT NULL,
+            slug TEXT NOT NULL UNIQUE,
             content TEXT,
             status TEXT DEFAULT 'draft',
             categories TEXT,
@@ -199,7 +204,7 @@ def init_db():
             ('10 Dental Care Tips', 'dental-care-tips', '<p>Learn how to maintain a healthy smile with these tips...</p>', 'published', 'Dental Care', 'teeth,care', 'Top 10 dental care tips for a healthy smile.', 'Dental Care Tips', 'Learn dental care tips.', 'dental,care,tips', 'https://images.unsplash.com/photo-1588776814546-1ffcf47267a5', '2025-04-28')
         ''')
 
-    # Các bảng khác (giữ nguyên từ mã hiện tại)
+    # Tạo các bảng khác
     cursor.execute('''
         CREATE TABLE IF NOT EXISTS our_story (
             id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -294,6 +299,17 @@ def init_db():
             FOREIGN KEY (case_id) REFERENCES case_studies(id)
         )
     ''')
+    cursor.execute('''
+        CREATE TABLE IF NOT EXISTS comments (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            post_id INTEGER NOT NULL,
+            author_name TEXT NOT NULL,
+            author_email TEXT NOT NULL,
+            content TEXT NOT NULL,
+            created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+            FOREIGN KEY (post_id) REFERENCES posts(id)
+        )
+    ''')
     cursor.execute('CREATE INDEX IF NOT EXISTS idx_pjm_case_id ON patient_journey_milestones(case_id)')
 
     conn.commit()
@@ -329,38 +345,77 @@ def add_case():
     posts = [dict(row) for row in cursor.fetchall()]
 
     if request.method == 'POST':
+        # Lấy dữ liệu từ form
+        title = request.form.get('case-title')
+        treatment = request.form.get('case-treatment')
+        description = request.form.get('case-description')
+        status = request.form.get('case-status', 'draft')
+        date = request.form.get('case-date')
+        category = request.form.get('case-category')
+        patient_name = request.form.get('case-patient-name', '')
+        patient_age = request.form.get('case-patient-age', '')
+        patient_rating = request.form.get('case-patient-rating', '5')
+        duration = request.form.get('case-duration', '')
+        visits = request.form.get('case-visits', '')
+        case_id = request.form.get('case-id')
+        seo_title = request.form.get('case-seo-title', '')
+        seo_description = request.form.get('case-seo-description', '')
+        seo_keywords = request.form.get('case-seo-keywords', '')
+
+        # Kiểm tra các trường bắt buộc
+        if not all([title, treatment, case_id, date]):
+            flash('Vui lòng điền đầy đủ các trường bắt buộc.', 'error')
+            conn.close()
+            return render_template('cms.html', section='case-editor-section', case=None, cases=cases, pages=pages, posts=posts)
+
+        # Kiểm tra case_id duy nhất
+        cursor.execute('SELECT id FROM case_studies WHERE case_id = ?', (case_id,))
+        if cursor.fetchone():
+            flash('Case ID đã tồn tại. Vui lòng chọn ID khác.', 'error')
+            conn.close()
+            return render_template('cms.html', section='case-editor-section', case=None, cases=cases, pages=pages, posts=posts)
+
+        # Xử lý upload hình ảnh
+        before_image_path = ''
+        if 'case-before-image' in request.files and request.files['case-before-image'].filename:
+            before_image = request.files['case-before-image']
+            filename = secure_filename(before_image.filename)
+            before_image.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            before_image_path = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        after_image_path = ''
+        if 'case-after-image' in request.files and request.files['case-after-image'].filename:
+            after_image = request.files['case-after-image']
+            filename = secure_filename(after_image.filename)
+            after_image.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            after_image_path = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        patient_avatar_path = ''
+        if 'case-patient-avatar' in request.files and request.files['case-patient-avatar'].filename:
+            patient_avatar = request.files['case-patient-avatar']
+            filename = secure_filename(patient_avatar.filename)
+            patient_avatar.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            patient_avatar_path = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        # Chèn dữ liệu vào database
         cursor.execute('''
             INSERT INTO case_studies (
                 title, treatment, description, before_image, after_image,
                 patient_name, patient_age, patient_rating, patient_avatar,
                 status, date, duration, visits, case_id,
-                seo_title, seo_description, seo_keywords, category, tag
-            ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+                seo_title, seo_description, seo_keywords, category
+            ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
         ''', (
-            request.form['case-title'],
-            request.form['case-treatment'],
-            request.form['case-description'],
-            request.form.get('case-before-image', ''),
-            request.form.get('case-after-image', ''),
-            request.form.get('case-patient-name', ''),
-            request.form.get('case-patient-age', ''),
-            request.form.get('case-patient-rating', '5'),
-            request.form.get('case-patient-avatar', ''),
-            request.form.get('case-status', 'draft'),
-            request.form.get('case-date', ''),
-            request.form.get('case-duration', ''),
-            request.form.get('case-visits', ''),
-            request.form.get('case-id', ''),
-            request.form.get('case-seo-title', ''),
-            request.form.get('case-seo-description', ''),
-            request.form.get('case-seo-keywords', ''),
-            request.form.get('case-category', ''),
-            request.form.get('case-tag', '')
+            title, treatment, description, before_image_path, after_image_path,
+            patient_name, patient_age, patient_rating, patient_avatar_path,
+            status, date, duration, visits, case_id,
+            seo_title, seo_description, seo_keywords, category
         ))
         conn.commit()
         update_db_to_huggingface()
         conn.close()
-        return redirect(url_for('cms'))
+        flash('Case study đã được thêm thành công!', 'success')
+        return redirect(url_for('cms', section='cases-section'))
 
     conn.close()
     return render_template('cms.html', section='case-editor-section', case=None, cases=cases, pages=pages, posts=posts)
@@ -387,39 +442,78 @@ def edit_case(id):
     case = dict(case)
 
     if request.method == 'POST':
+        # Lấy dữ liệu từ form
+        title = request.form.get('case-title')
+        treatment = request.form.get('case-treatment')
+        description = request.form.get('case-description')
+        status = request.form.get('case-status', 'draft')
+        date = request.form.get('case-date')
+        category = request.form.get('case-category')
+        patient_name = request.form.get('case-patient-name', '')
+        patient_age = request.form.get('case-patient-age', '')
+        patient_rating = request.form.get('case-patient-rating', '5')
+        duration = request.form.get('case-duration', '')
+        visits = request.form.get('case-visits', '')
+        case_id = request.form.get('case-id')
+        seo_title = request.form.get('case-seo-title', '')
+        seo_description = request.form.get('case-seo-description', '')
+        seo_keywords = request.form.get('case-seo-keywords', '')
+
+        # Kiểm tra các trường bắt buộc
+        if not all([title, treatment, case_id, date]):
+            flash('Vui lòng điền đầy đủ các trường bắt buộc.', 'error')
+            conn.close()
+            return render_template('cms.html', section='case-editor-section', case=case, cases=cases, pages=pages, posts=posts)
+
+        # Kiểm tra case_id duy nhất (ngoại trừ case hiện tại)
+        cursor.execute('SELECT id FROM case_studies WHERE case_id = ? AND id != ?', (case_id, id))
+        if cursor.fetchone():
+            flash('Case ID đã tồn tại. Vui lòng chọn ID khác.', 'error')
+            conn.close()
+            return render_template('cms.html', section='case-editor-section', case=case, cases=cases, pages=pages, posts=posts)
+
+        # Xử lý upload hình ảnh
+        before_image_path = case['before_image']
+        if 'case-before-image' in request.files and request.files['case-before-image'].filename:
+            before_image = request.files['case-before-image']
+            filename = secure_filename(before_image.filename)
+            before_image.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            before_image_path = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        after_image_path = case['after_image']
+        if 'case-after-image' in request.files and request.files['case-after-image'].filename:
+            after_image = request.files['case-after-image']
+            filename = secure_filename(after_image.filename)
+            after_image.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            after_image_path = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        patient_avatar_path = case['patient_avatar']
+        if 'case-patient-avatar' in request.files and request.files['case-patient-avatar'].filename:
+            patient_avatar = request.files['case-patient-avatar']
+            filename = secure_filename(patient_avatar.filename)
+            patient_avatar.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            patient_avatar_path = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        # Cập nhật dữ liệu trong database
         cursor.execute('''
             UPDATE case_studies
             SET title = ?, treatment = ?, description = ?, before_image = ?, after_image = ?,
                 patient_name = ?, patient_age = ?, patient_rating = ?, patient_avatar = ?,
                 status = ?, date = ?, duration = ?, visits = ?, case_id = ?,
-                seo_title = ?, seo_description = ?, seo_keywords = ?, category = ?, tag = ?
+                seo_title = ?, seo_description = ?, seo_keywords = ?, category = ?
             WHERE id = ?
         ''', (
-            request.form['case-title'],
-            request.form['case-treatment'],
-            request.form['case-description'],
-            request.form.get('case-before-image', ''),
-            request.form.get('case-after-image', ''),
-            request.form.get('case-patient-name', ''),
-            request.form.get('case-patient-age', ''),
-            request.form.get('case-patient-rating', '5'),
-            request.form.get('case-patient-avatar', ''),
-            request.form.get('case-status', 'draft'),
-            request.form.get('case-date', ''),
-            request.form.get('case-duration', ''),
-            request.form.get('case-visits', ''),
-            request.form.get('case-id', ''),
-            request.form.get('case-seo-title', ''),
-            request.form.get('case-seo-description', ''),
-            request.form.get('case-seo-keywords', ''),
-            request.form.get('case-category', ''),
-            request.form.get('case-tag', ''),
+            title, treatment, description, before_image_path, after_image_path,
+            patient_name, patient_age, patient_rating, patient_avatar_path,
+            status, date, duration, visits, case_id,
+            seo_title, seo_description, seo_keywords, category,
             id
         ))
         conn.commit()
         update_db_to_huggingface()
         conn.close()
-        return redirect(url_for('cms'))
+        flash('Case study đã được cập nhật thành công!', 'success')
+        return redirect(url_for('cms', section='cases-section'))
 
     conn.close()
     return render_template('cms.html', section='case-editor-section', case=case, cases=cases, pages=pages, posts=posts)
@@ -434,7 +528,8 @@ def delete_case(id):
     conn.commit()
     update_db_to_huggingface()
     conn.close()
-    return redirect(url_for('cms'))
+    flash('Case study đã được xóa thành công!', 'success')
+    return redirect(url_for('cms', section='cases-section'))
 
 # Route để thêm page mới
 @app.route('/cms/pages/new', methods=['GET', 'POST'])
@@ -451,28 +546,49 @@ def add_page():
     posts = [dict(row) for row in cursor.fetchall()]
 
     if request.method == 'POST':
+        title = request.form.get('page-title')
+        slug = request.form.get('page-slug')
+        content = request.form.get('page-content')
+        status = request.form.get('page-status', 'draft')
+        template = request.form.get('page-template', 'default')
+        parent_id = request.form.get('page-parent', 0, type=int)
+        seo_title = request.form.get('seo-title', '')
+        seo_description = request.form.get('seo-description', '')
+        seo_keywords = request.form.get('seo-keywords', '')
+        featured_image = ''
+
+        if 'page-featured-image' in request.files and request.files['page-featured-image'].filename:
+            featured_image_file = request.files['page-featured-image']
+            filename = secure_filename(featured_image_file.filename)
+            featured_image_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            featured_image = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        if not all([title, slug]):
+            flash('Vui lòng điền đầy đủ tiêu đề và slug.', 'error')
+            conn.close()
+            return render_template('cms.html', section='page-editor-section', page=None, cases=cases, pages=pages, posts=posts)
+
+        cursor.execute('SELECT id FROM pages WHERE slug = ?', (slug,))
+        if cursor.fetchone():
+            flash('Slug đã tồn tại. Vui lòng chọn slug khác.', 'error')
+            conn.close()
+            return render_template('cms.html', section='page-editor-section', page=None, cases=cases, pages=pages, posts=posts)
+
         cursor.execute('''
             INSERT INTO pages (
                 title, slug, content, status, template, parent_id,
                 seo_title, seo_description, seo_keywords, featured_image, last_modified
             ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
         ''', (
-            request.form['page-title'],
-            request.form['page-slug'],
-            request.form['page-content'],
-            request.form.get('page-status', 'draft'),
-            request.form.get('page-template', 'default'),
-            request.form.get('page-parent', 0, type=int),
-            request.form.get('seo-title', ''),
-            request.form.get('seo-description', ''),
-            request.form.get('seo-keywords', ''),
-            request.form.get('featured-image', ''),
+            title, slug, content, status, template, parent_id,
+            seo_title, seo_description, seo_keywords, featured_image,
             datetime.now().strftime('%Y-%m-%d %H:%M:%S')
         ))
         conn.commit()
         update_db_to_huggingface()
         conn.close()
-        return redirect(url_for('cms'))
+        flash('Page đã được thêm thành công!', 'success')
+        return redirect(url_for('cms', section='pages-section'))
 
     conn.close()
     return render_template('cms.html', section='page-editor-section', page=None, cases=cases, pages=pages, posts=posts)
@@ -499,6 +615,34 @@ def edit_page(id):
     page = dict(page)
 
     if request.method == 'POST':
+        title = request.form.get('page-title')
+        slug = request.form.get('page-slug')
+        content = request.form.get('page-content')
+        status = request.form.get('page-status', 'draft')
+        template = request.form.get('page-template', 'default')
+        parent_id = request.form.get('page-parent', 0, type=int)
+        seo_title = request.form.get('seo-title', '')
+        seo_description = request.form.get('seo-description', '')
+        seo_keywords = request.form.get('seo-keywords', '')
+        featured_image = page['featured_image']
+
+        if 'page-featured-image' in request.files and request.files['page-featured-image'].filename:
+            featured_image_file = request.files['page-featured-image']
+            filename = secure_filename(featured_image_file.filename)
+            featured_image_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            featured_image = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        if not all([title, slug]):
+            flash('Vui lòng điền đầy đủ tiêu đề và slug.', 'error')
+            conn.close()
+            return render_template('cms.html', section='page-editor-section', page=page, cases=cases, pages=pages, posts=posts)
+
+        cursor.execute('SELECT id FROM pages WHERE slug = ? AND id != ?', (slug, id))
+        if cursor.fetchone():
+            flash('Slug đã tồn tại. Vui lòng chọn slug khác.', 'error')
+            conn.close()
+            return render_template('cms.html', section='page-editor-section', page=page, cases=cases, pages=pages, posts=posts)
+
         cursor.execute('''
             UPDATE pages
             SET title = ?, slug = ?, content = ?, status = ?, template = ?, parent_id = ?,
@@ -506,23 +650,16 @@ def edit_page(id):
                 last_modified = ?
             WHERE id = ?
         ''', (
-            request.form['page-title'],
-            request.form['page-slug'],
-            request.form['page-content'],
-            request.form.get('page-status', 'draft'),
-            request.form.get('page-template', 'default'),
-            request.form.get('page-parent', 0, type=int),
-            request.form.get('seo-title', ''),
-            request.form.get('seo-description', ''),
-            request.form.get('seo-keywords', ''),
-            request.form.get('featured-image', ''),
+            title, slug, content, status, template, parent_id,
+            seo_title, seo_description, seo_keywords, featured_image,
             datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
             id
         ))
         conn.commit()
         update_db_to_huggingface()
         conn.close()
-        return redirect(url_for('cms'))
+        flash('Page đã được cập nhật thành công!', 'success')
+        return redirect(url_for('cms', section='pages-section'))
 
     conn.close()
     return render_template('cms.html', section='page-editor-section', page=page, cases=cases, pages=pages, posts=posts)
@@ -537,7 +674,8 @@ def delete_page(id):
     conn.commit()
     update_db_to_huggingface()
     conn.close()
-    return redirect(url_for('cms'))
+    flash('Page đã được xóa thành công!', 'success')
+    return redirect(url_for('cms', section='pages-section'))
 
 # Route để thêm post mới
 @app.route('/cms/posts/new', methods=['GET', 'POST'])
@@ -554,29 +692,50 @@ def add_post():
     posts = [dict(row) for row in cursor.fetchall()]
 
     if request.method == 'POST':
+        title = request.form.get('post-title')
+        slug = request.form.get('post-slug')
+        content = request.form.get('post-content')
+        status = request.form.get('post-status', 'draft')
+        categories = ','.join(request.form.getlist('post-categories'))
+        tags = request.form.get('post-tags', '')
+        excerpt = request.form.get('post-excerpt', '')
+        seo_title = request.form.get('post-seo-title', '')
+        seo_description = request.form.get('post-seo-description', '')
+        seo_keywords = request.form.get('post-seo-keywords', '')
+        publish_date = request.form.get('post-publish-date', '')
+        featured_image = ''
+
+        if 'post-featured-image' in request.files and request.files['post-featured-image'].filename:
+            featured_image_file = request.files['post-featured-image']
+            filename = secure_filename(featured_image_file.filename)
+            featured_image_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            featured_image = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        if not all([title, slug]):
+            flash('Vui lòng điền đầy đủ tiêu đề và slug.', 'error')
+            conn.close()
+            return render_template('cms.html', section='post-editor-section', post=None, cases=cases, pages=pages, posts=posts)
+
+        cursor.execute('SELECT id FROM posts WHERE slug = ?', (slug,))
+        if cursor.fetchone():
+            flash('Slug đã tồn tại. Vui lòng chọn slug khác.', 'error')
+            conn.close()
+            return render_template('cms.html', section='post-editor-section', post=None, cases=cases, pages=pages, posts=posts)
+
         cursor.execute('''
             INSERT INTO posts (
                 title, slug, content, status, categories, tags, excerpt,
                 seo_title, seo_description, seo_keywords, featured_image, publish_date
             ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
         ''', (
-            request.form['post-title'],
-            request.form['post-slug'],
-            request.form['post-content'],
-            request.form.get('post-status', 'draft'),
-            ','.join(request.form.getlist('post-categories')),
-            request.form.get('post-tags', ''),
-            request.form.get('post-excerpt', ''),
-            request.form.get('post-seo-title', ''),
-            request.form.get('post-seo-description', ''),
-            request.form.get('post-seo-keywords', ''),
-            request.form.get('post-featured-image', ''),
-            request.form.get('post-publish-date', '')
+            title, slug, content, status, categories, tags, excerpt,
+            seo_title, seo_description, seo_keywords, featured_image, publish_date
         ))
         conn.commit()
         update_db_to_huggingface()
         conn.close()
-        return redirect(url_for('cms'))
+        flash('Post đã được thêm thành công!', 'success')
+        return redirect(url_for('cms', section='posts-section'))
 
     conn.close()
     return render_template('cms.html', section='post-editor-section', post=None, cases=cases, pages=pages, posts=posts)
@@ -603,6 +762,36 @@ def edit_post(id):
     post = dict(post)
 
     if request.method == 'POST':
+        title = request.form.get('post-title')
+        slug = request.form.get('post-slug')
+        content = request.form.get('post-content')
+        status = request.form.get('post-status', 'draft')
+        categories = ','.join(request.form.getlist('post-categories'))
+        tags = request.form.get('post-tags', '')
+        excerpt = request.form.get('post-excerpt', '')
+        seo_title = request.form.get('post-seo-title', '')
+        seo_description = request.form.get('post-seo-description', '')
+        seo_keywords = request.form.get('post-seo-keywords', '')
+        publish_date = request.form.get('post-publish-date', '')
+        featured_image = post['featured_image']
+
+        if 'post-featured-image' in request.files and request.files['post-featured-image'].filename:
+            featured_image_file = request.files['post-featured-image']
+            filename = secure_filename(featured_image_file.filename)
+            featured_image_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            featured_image = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        if not all([title, slug]):
+            flash('Vui lòng điền đầy đủ tiêu đề và slug.', 'error')
+            conn.close()
+            return render_template('cms.html', section='post-editor-section', post=post, cases=cases, pages=pages, posts=posts)
+
+        cursor.execute('SELECT id FROM posts WHERE slug = ? AND id != ?', (slug, id))
+        if cursor.fetchone():
+            flash('Slug đã tồn tại. Vui lòng chọn slug khác.', 'error')
+            conn.close()
+            return render_template('cms.html', section='post-editor-section', post=post, cases=cases, pages=pages, posts=posts)
+
         cursor.execute('''
             UPDATE posts
             SET title = ?, slug = ?, content = ?, status = ?, categories = ?, tags = ?,
@@ -610,24 +799,15 @@ def edit_post(id):
                 featured_image = ?, publish_date = ?
             WHERE id = ?
         ''', (
-            request.form['post-title'],
-            request.form['post-slug'],
-            request.form['post-content'],
-            request.form.get('post-status', 'draft'),
-            ','.join(request.form.getlist('post-categories')),
-            request.form.get('post-tags', ''),
-            request.form.get('post-excerpt', ''),
-            request.form.get('post-seo-title', ''),
-            request.form.get('post-seo-description', ''),
-            request.form.get('post-seo-keywords', ''),
-            request.form.get('post-featured-image', ''),
-            request.form.get('post-publish-date', ''),
+            title, slug, content, status, categories, tags, excerpt,
+            seo_title, seo_description, seo_keywords, featured_image, publish_date,
             id
         ))
         conn.commit()
         update_db_to_huggingface()
         conn.close()
-        return redirect(url_for('cms'))
+        flash('Post đã được cập nhật thành công!', 'success')
+        return redirect(url_for('cms', section='posts-section'))
 
     conn.close()
     return render_template('cms.html', section='post-editor-section', post=post, cases=cases, pages=pages, posts=posts)
@@ -642,9 +822,117 @@ def delete_post(id):
     conn.commit()
     update_db_to_huggingface()
     conn.close()
-    return redirect(url_for('cms'))
+    flash('Post đã được xóa thành công!', 'success')
+    return redirect(url_for('cms', section='posts-section'))
+
+# Route để quản lý team
+@app.route('/cms/team')
+@auth.login_required
+def cms_team():
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    cursor.execute('SELECT * FROM team')
+    team = [dict(row) for row in cursor.fetchall()]
+    conn.close()
+    return render_template('cms.html', section='team-section', team=team)
+
+@app.route('/cms/team/new', methods=['GET', 'POST'])
+@auth.login_required
+def add_team_member():
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    if request.method == 'POST':
+        name = request.form.get('name')
+        specialty = request.form.get('specialty')
+        description = request.form.get('description', '')
+        facebook_url = request.form.get('facebook_url', '#')
+        linkedin_url = request.form.get('linkedin_url', '#')
+        instagram_url = request.form.get('instagram_url', '#')
+        photo = ''
+
+        if 'photo' in request.files and request.files['photo'].filename:
+            photo_file = request.files['photo']
+            filename = secure_filename(photo_file.filename)
+            photo_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            photo = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        if not all([name, specialty]):
+            flash('Vui lòng điền đầy đủ tên và chuyên môn.', 'error')
+            conn.close()
+            return render_template('cms.html', section='team-editor-section', member=None)
+
+        cursor.execute('''
+            INSERT INTO team (name, specialty, photo, description, facebook_url, linkedin_url, instagram_url)
+            VALUES (?, ?, ?, ?, ?, ?, ?)
+        ''', (name, specialty, photo, description, facebook_url, linkedin_url, instagram_url))
+        conn.commit()
+        update_db_to_huggingface()
+        conn.close()
+        flash('Thành viên đã được thêm thành công!', 'success')
+        return redirect(url_for('cms_team'))
+
+    conn.close()
+    return render_template('cms.html', section='team-editor-section', member=None)
+
+@app.route('/cms/team/edit/<int:id>', methods=['GET', 'POST'])
+@auth.login_required
+def edit_team_member(id):
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    cursor.execute('SELECT * FROM team WHERE id = ?', (id,))
+    member = cursor.fetchone()
+    if not member:
+        conn.close()
+        return "Team member not found", 404
+    member = dict(member)
+
+    if request.method == 'POST':
+        name = request.form.get('name')
+        specialty = request.form.get('specialty')
+        description = request.form.get('description', '')
+        facebook_url = request.form.get('facebook_url', '#')
+        linkedin_url = request.form.get('linkedin_url', '#')
+        instagram_url = request.form.get('instagram_url', '#')
+        photo = member['photo']
+
+        if 'photo' in request.files and request.files['photo'].filename:
+            photo_file = request.files['photo']
+            filename = secure_filename(photo_file.filename)
+            photo_file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
+            photo = f"/{app.config['UPLOAD_FOLDER']}/{filename}"
+
+        if not all([name, specialty]):
+            flash('Vui lòng điền đầy đủ tên và chuyên môn.', 'error')
+            conn.close()
+            return render_template('cms.html', section='team-editor-section', member=member)
+
+        cursor.execute('''
+            UPDATE team
+            SET name = ?, specialty = ?, photo = ?, description = ?, facebook_url = ?, linkedin_url = ?, instagram_url = ?
+            WHERE id = ?
+        ''', (name, specialty, photo, description, facebook_url, linkedin_url, instagram_url, id))
+        conn.commit()
+        update_db_to_huggingface()
+        conn.close()
+        flash('Thành viên đã được cập nhật thành công!', 'success')
+        return redirect(url_for('cms_team'))
+
+    conn.close()
+    return render_template('cms.html', section='team-editor-section', member=member)
+
+@app.route('/cms/team/delete/<int:id>')
+@auth.login_required
+def delete_team_member(id):
+    conn = get_db_connection()
+    cursor = conn.cursor()
+    cursor.execute('DELETE FROM team WHERE id = ?', (id,))
+    conn.commit()
+    update_db_to_huggingface()
+    conn.close()
+    flash('Thành viên đã được xóa thành công!', 'success')
+    return redirect(url_for('cms_team'))
 
-# Các route khác giữ nguyên từ mã hiện tại
+# Các route công khai
 @app.route('/test')
 def test():
     return "Server is running!"
@@ -825,85 +1113,6 @@ def hanhtrinhkh(case_id):
     conn.close()
     return render_template('hanhtrinhkh.html', case=case, milestones=milestones, doctor=doctor)
 
-@app.route('/cms/team')
-@auth.login_required
-def cms_team():
-    conn = get_db_connection()
-    cursor = conn.cursor()
-    cursor.execute('SELECT * FROM team')
-    team = [dict(row) for row in cursor.fetchall()]
-    conn.close()
-    return render_template('cms.html', section='team-section', team=team)
-
-@app.route('/cms/team/new', methods=['GET', 'POST'])
-@auth.login_required
-def add_team_member():
-    conn = get_db_connection()
-    cursor = conn.cursor()
-    if request.method == 'POST':
-        cursor.execute('''
-            INSERT INTO team (name, specialty, photo, description, facebook_url, linkedin_url, instagram_url)
-            VALUES (?, ?, ?, ?, ?, ?, ?)
-        ''', (
-            request.form['name'],
-            request.form['specialty'],
-            request.form.get('photo', ''),
-            request.form.get('description', ''),
-            request.form.get('facebook_url', '#'),
-            request.form.get('linkedin_url', '#'),
-            request.form.get('instagram_url', '#')
-        ))
-        conn.commit()
-        update_db_to_huggingface()
-        conn.close()
-        return redirect(url_for('cms_team'))
-    conn.close()
-    return render_template('cms.html', section='team-editor-section', member=None)
-
-@app.route('/cms/team/edit/<int:id>', methods=['GET', 'POST'])
-@auth.login_required
-def edit_team_member(id):
-    conn = get_db_connection()
-    cursor = conn.cursor()
-    cursor.execute('SELECT * FROM team WHERE id = ?', (id,))
-    member = cursor.fetchone()
-    if not member:
-        conn.close()
-        return "Team member not found", 404
-    member = dict(member)
-    if request.method == 'POST':
-        cursor.execute('''
-            UPDATE team
-            SET name = ?, specialty = ?, photo = ?, description = ?, facebook_url = ?, linkedin_url = ?, instagram_url = ?
-            WHERE id = ?
-        ''', (
-            request.form['name'],
-            request.form['specialty'],
-            request.form.get('photo', ''),
-            request.form.get('description', ''),
-            request.form.get('facebook_url', '#'),
-            request.form.get('linkedin_url', '#'),
-            request.form.get('instagram_url', '#'),
-            id
-        ))
-        conn.commit()
-        update_db_to_huggingface()
-        conn.close()
-        return redirect(url_for('cms_team'))
-    conn.close()
-    return render_template('cms.html', section='team-editor-section', member=member)
-
-@app.route('/cms/team/delete/<int:id>')
-@auth.login_required
-def delete_team_member(id):
-    conn = get_db_connection()
-    cursor = conn.cursor()
-    cursor.execute('DELETE FROM team WHERE id = ?', (id,))
-    conn.commit()
-    update_db_to_huggingface()
-    conn.close()
-    return redirect(url_for('cms_team'))
-
 @app.errorhandler(401)
 def unauthorized(e):
     return "Unauthorized - Vui lòng đăng nhập", 401