def post_login( mongodb ):
if helper.get_user( mongodb ):
redirect( "/" )
username = request.forms.get('username')
password = request.forms.get('password')
errors = []
user = mongodb['users'].find_one( { 'name': username } )
#Show same error for both: username does not exist AND incorrect password
if not user or user['password'] != bcrypt.hashpw( password, user['password'] ):
errors.append( "badpass" )
if len( errors ) > 0:
return helper.template( 'user/login', errors=errors, form=request.forms, errorMap=loginErrors )
session_key = binascii.hexlify( os.urandom( 32 ) )
mongodb['users'].update(
{ "name": username },
{
"$set": { "session_key": session_key }
}
)
helper.c_set( "session_key", session_key )
redirect( "/" )
def logout(): helper.c_set( "session_key", "" ) redirect( "/" )
