def register():
if request.method == 'POST':
username = request.from['username']
password = request.from['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute(
'SELECT id FROM user WHERE username = ?', (username,)
).fetchone() is not None:
error = 'User is already registered.'
if error is None:
db.execute(
'INSERT INTO user(username, password) VALUES (?, ?)',
(username, generate_password_hash(password))
)
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def register():
if request.method == 'POST': # user submitted the form, request.method will be 'POST'. start validating the input.
username = request.form(['username']) # request.form is a special type of dict mapping submitted form keys and values
password = request.form(['password'])
db = get_db()
error = None
if not username: # Validate that username and password are not empty.
error = 'Username is required'
elif not password:
error = 'Password is required'
elif not db.execute('SELECT if FROM user WHERE username = ?', (username,)).fetchone() is not None:
# Validate that username is not already registered by querying the database and checking if a result is returned.
# db.execute takes a SQL query with ? placeholders for any user input, and a tuple of values to replace the placeholders with
# fetchone() returns one row from the query.
error = 'User {} is already registered'.format(username)
if error is None: # If validation succeeds, insert the new user data into the database.
db.execute('INSERT INTO user (username, password) VALUES (?, ?)', (username, generate_password_hash(password)))
db.commit() # Since this query modifies data, db.commit() needs to be called afterwards to save the changes.
return redirect(url_for('auth.login')) # After storing the user, they are redirected to the login page. url_for() generates the URL for the login view based on its name. redirect() generates a redirect response to the generated URL.
flash(error) # If validation fails, the error is shown to the user. flash() stores messages that can be retrieved when rendering the template.
return render_template('auth/register.html') # When the user initially navigates to auth/register, or there was a validation error, an HTML page with the registration form should be shown. render_template() will render a template containing the HTML
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?', (username,)).fetchone() # The user is queried first and stored in a variable for later use.
if user is None:
error = 'Incorrect username'
elif not check_password_hash(user['password'], password): # hashes the submitted password in the same way as the stored hash and securely compares them
error = 'Incorrect password'
if error is None:
# session is a dict that stores data across requests. When validation succeeds, the user’s id is stored in a new session.
# The data is stored in a cookie that is sent to the browser, and the browser then sends it back with subsequent requests.
# Flask securely signs the data so that it can’t be tampered with.
session.clear()
session['user_id'] = user['id'] # key 'user_id' in session dict.
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')