diff options
| -rw-r--r-- | nfsw/auth.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/nfsw/auth.py b/nfsw/auth.py index 769a5dd..5fd46f6 100644 --- a/nfsw/auth.py +++ b/nfsw/auth.py @@ -49,3 +49,39 @@ def not_agreed(view): return wrapped_view +@bp.route('/login', methods=('GET', 'POST')) +@anon_only +def login(): + def render(e=''): + if e: + flash(e) + + return render_template('login.html') + + db = get_db() + + if request.method == 'POST': + + username = request.form['username'] + password = request.form['password'] + + # Validate + if not username: + return render('Name is required') + elif not password: + return render('Password is required') + + user = db.execute('SELECT * FROM user WHERE username=?', + (username,)).fetchone() + + if user is None: + return render('User not found') + elif not check_password_hash(user['password'], password): + return render('Password is incorrect') + + session.clear() + session['user_id'] = user['id'] + + return render() + + |