def login(): if current_user.is_active: return redirect(url_for("logout")) form = LoginForm() if form.register.data: return redirect(url_for("register")) if form.validate_on_submit(): #check if form is filled out and submited # Login and validate the user. # user should be an instance of your `User` class username = form.username.data # get username from form if Userdb.todouserdb.find({ "username": username }).count() == 1: #check if the usermane in the db dbuser = Userdb.todouserdb.find_one({"username": username}) if verify_password(form.password.data, dbuser['password']): #check agianst hashed pass user = User(username, dbuser['id']) login_user(user, form.remember_me.data) token = generate_auth_token() Userdb.todouserdb.update_one(dbuser, {'$set': { 'token': token }}) #flash('Logged in successfully.') return redirect('/') else: flash('Incorrect Password.') else: flash('Unregistered user') return render_template('login.html', title='Sign In', form=form, loggedIn=logInOut())
def useraccount(): form = LoginForm(request.form) correct = False errorResponse='' if request.method == 'POST': errorResponse='User does not exist' if form.validate(): correct = False id = 0 usersDict = {} db = shelve.open('storage.db', 'r') try: usersDict = db['Users'] for key in usersDict: user = usersDict[key] if user.get_username()==form.username.data: id = user.get_userID() correct = user.get_password()==form.password.data; if not correct: errorResponse='Invalid password' except: print("Error in retrieving Users from storage.db.") if correct: return render_template("Retrieveaccount.html",name=form.username.data,id=id) return render_template("useraccount.html",form=form,errorResponse=errorResponse)
def signin(): login_form = LoginForm() if request.method == 'GET': return render_template('login.html', form=login_form) # login form elif request.method == 'POST': if login_form.validate_on_submit(): user = Models.User.query.filter_by( username=login_form.username.data).first() if user: if user.password == login_form.password.data: login_user(user) session['username'] = user.username return redirect('userHome.html') else: return "Incorrect Password or Username" else: return "User doesn't exist" else: return "form not validated"
def login(): form = LoginForm() if form.validate_on_submit(): flash('Login requested for user="******", with password = "******" and remember_me=%s' % (form.login.data, form.password.data, str(form.remember_me.data))) # return redirect('/index') return render_template('Login.html', title='Вход', form=form)
def login(): form = LoginForm(request.form) if form.validate_on_submit(): db_session = DB_Session() loginUser = db_session.query(User).filter_by( username=form.username.data).first() db_session.close() if loginUser is not None: if pbkdf2_sha256.verify(form.password.data, loginUser.password): session['username'] = loginUser.username userJson = json.loads(jsonpickle.encode(loginUser)) # app.logger.info('%s logged in and created session' % loginUser.username) # TODO Add logging if loginUser.twoFactorAuthEnabled: totp.SetAuthenticator(loginUser.twoFactorAuthKey) return redirect(url_for("twoFactorAuth")) return render_template("profile.html", user=userJson) return render_template("login.html", form=form, loginError="Wrong username or password") return render_template('login.html', form=form)
def login(): """Defines Login Page Functionality""" if current_user.is_authenticated: return redirect(url_for('profile')) login_form = LoginForm() # The method validate_on_submit checks if the data was sent by POST method. # Besides, it validates the data by using validators in Forms class if login_form.validate_on_submit(): user = dbase.get_user_by_username(login_form.username.data) if user and check_password_hash(user['password'], login_form.password.data): # After logging-in we have to create an instance of UserLogin class to store user's info user_login = UserLogin().create(user) is_remember = login_form.remember_me_button.data login_user(user_login, remember=is_remember) # To start from a page we wanted to access instead of profile page use the parameter next # If param next exists we will access next page otherwise the profile page will be accessed return redirect(request.args.get('next') or url_for('profile')) flash('The User Name/Password Is Incorrect', category='error') return render_template('login.html', title='Login', site_menu=dbase.get_menu(), form=login_form)
def login(): form = LoginForm() #로그인폼 if form.validate_on_submit(): #유효성 검사 print('{}가 로그인 했습니다'.format(form.data.get('userid'))) session['userid'] = form.data.get('userid') #form에서 가져온 userid를 세션에 저장 return redirect('/') #성공하면 main.html로 return render_template('login.html', form=form)
def login(): # sets up flask login form login_form = LoginForm() if request.method == 'GET': return render_template('login.html', form=login_form) # login form elif request.method == 'POST': if login_form.validate_on_submit(): user = Models.User.query.filter_by( user_name=login_form.username.data).first() if user: if user.password == login_form.password.data: login_user(user) session['username'] = user.user_name logState = True return render_template('index.html', logState=logState) else: return "Incorrect Password or Username" else: return "User doesn't exist" else: return "form not validated" # redirects to dashboard route return render_template('login.html')
def login(): form = LoginForm(request.form) cur = mysql.connection.cursor() #app.jinja_env.globals.update(trans=Language.translate) if request.method == 'POST' and form.validate_on_submit(): #print(form.username.data) #print(form.password.data) if (form.username.data == "admin" and form.password.data == "admin"): session['user'] = "******" return render_template('AdminPortal.html') cur.execute("select * from farmer where username= %s and pass= %s ", (form.username.data, form.password.data)) account = cur.fetchone() if account: """print(account[0]) print(account[1]) print(account[2]) print(account[3])""" session['user'] = account[1] return redirect( url_for('portal', id=account[0], n=account[1], e=account[2], m=account[3], l=account[4])) else: flash("Credentials Invalid!") #print("HERE") print(form.errors) mysql.connection.commit() cur.close() return render_template('Login.html', title='Login', form=form)
def login(): form = LoginForm() if 'email' in session: return redirect(url_for('profile')) if form.validate_on_submit(): vid, vendor = VendorManager.get_vendor(email=form.email.data) # First check that a vendor with this email address exists in database if vendor is None: flash('No vendor in database with this email address') form.email.errors.append("Unknown email address") flash('Login failed because no vendor found') # Since vendor exists in database, check that the correct password was supplied if vendor is not None and VendorManager.check_password(vendor.pwdhash, form.password.data): flash('Login successful') print "Logged in successfully" session['email'] = form.email.data return redirect(url_for('profile')) else: form.password.errors.append("Incorrect password") flash('Login failed because incorrect password') return render_template('login.html', form=form)
def Login(): # If user is already signed in, redirect to Accounts page if (current_user.is_authenticated): return redirect(url_for('account')) else: form = LoginForm() if form.validate_on_submit(): cursor.execute('SELECT * FROM VOLUNTEERS WHERE NAME = \'%s\'' % form.Name.data) row = cursor.fetchone() if row: # User Exists # Retrieves the User's hashed password from DB password = row.get('PASSWORD') if check_password_hash(password, form.Password.data): # Creates a new User object and assigns the name as it's ID user = User() user.id = row.get('NAME') # Logs the user object in. login_user(user) flash("You've Successfully Logged In Into Your Account.", 'success') return redirect(url_for('Homepage')) else: flash(f'Incorrect Password Entry.', 'danger') return redirect(url_for('Login')) else: flash(f'The Name is Not Registered.', 'danger') return redirect(url_for('Login')) return render_template('Login.html', form=form)
def login(): form = LoginForm(request.form) errorResponse='' if request.method == 'POST': errorResponse='Invalid Credentials' correct = False if form.validate(): if form.username.data=='staff': if form.password.data=='staff890': return redirect(url_for('retrieveUsers')) return render_template("login2.html",form=form,errorResponse=errorResponse)
def login(): form = LoginForm() print(form.errors) print("1") cur = mysql.connection.cursor() print("2") if form.validate_on_submit(): print("3") print("COMING HERE") print("4") return render_template("loginold.html", form=form)
def authenticate_student(request): form = LoginForm(request.POST) if (form.is_valid()): username = form.cleaned_data["username"] password = form.cleaned_data["password"] user = authenticate(username=username, password=password, token="student") #token is the additional option if (user is not None): user.backend = "djangoSRV.login.student_auth.StudentBackend" login(request, user) return HttpResponseRedirect("/student-view/") request.session["error"] = 'Wrong username/password' return HttpResponseRedirect("/student-login/")
def login(): form = LoginForm() if form.is_submitted(): user = User.query.filter_by(username=form.username.data).first() if user: if check_password_hash(user.password, form.password.data): login_user(user) return "Login successful!" else: return "Incorrect password!" else: return "Invalid username or password!" return render_template('login.html', form=form)
def loginMenu(): login_form = LoginForm(request.form) # login if user already logged in before temp_exist = main.db.check_exist('TEMP') if temp_exist == True: session = main.db.get_storage('TEMP') s_keys = session.keys() if "username" in s_keys: username = session['username'] return redirect(url_for('users', choice=1, username=username)) # When a button is clicked if request.method == 'POST': btn_pressed = request.form['submit'] # Login clicked # Validate only on a POST request if login_form.validate() and btn_pressed == "Login": login_name = login_form.username.data.lower() admin_acc = main.db.get_storage("ADMIN") temp = main.db.return_keys("Users") if admin_acc.get_username() == login_name: print("Admin Login") return redirect(url_for('admin')) elif temp != None and login_name in temp: temp2 = main.db.get_storage("Users") user = temp2[login_name] # create temporary storage main.db.get_storage("TEMP", True, True) main.db.add_item('TEMP', "username", user.get_username()) return redirect( url_for('users', choice=1, username=user.get_username())) else: print("ERRORRRRRR") # Sign up clicked elif btn_pressed == "Sign Up": return redirect(url_for('sign_up')) # Get request will be skipped to this return render_template('userLogin.html', form=login_form)
def login(): form = LoginForm() if request.method == 'POST': if form.validate() == False: return render_template('login.html', form=form, session=False) else: session['email'] = form.email.data # session['username'] = db.session.username; session['logged_in'] =True return redirect(url_for('profile', success=True, session=True)) elif request.method == 'GET': return render_template('login.html', form=form, session=False)
def login_page(): form = LoginForm() form.departName.choices = [(org.id, org.name) for org in OrgStructure.query.filter_by(type=1).all()] if form.is_submitted(): externalsID = get_externals() hirurgList = get_hirurg_list(form.departName.data) anesteziologList = get_anesteziolog_list() importData = get_oper_list(form.operDate.data, form.departName.data) depNameTitle = {index: value for index, value in form.departName.choices}.get(int(form.departName.data)) return render_template('add_client.html', departName=depNameTitle, operDate=form.operDate.data.strftime('%d.%m.%Y'), externals=externalsID, hirurgs=hirurgList, anesteziologList=anesteziologList, dataSet=importData, depID=form.departName.data, opDate=form.operDate.data) return render_template('login.html', logForm=form)
def login(): form = LoginForm(request.form) msg = '' if request.method == "POST" and form.validate(): session.pop('user', None) email= request.form['email'] password = request.form['password'] print(email) print(password) # fix #1st method for login statement = text('SELECT * FROM users WHERE email = :a AND password = :b') result = db.engine.execute(statement,a=str(email),b=str(password)).fetchone() #2nd method # blacklist=[',','<','>','"',"'",'='] # for i in email: # if i in blacklist: # msg = 'Error: invalid email/password' # return render_template("login.html", form=form, msg=msg),401 # for o in password: # if o in blacklist: # msg = 'Error: invalid email/password' # return render_template("login.html", form=form, msg=msg),401 # statement = text('SELECT * FROM users WHERE email ="' + email + '" AND password ="******"') # result = db.engine.execute(statement).fetchone() # endfix if result == None: msg = 'Error: Email/Password does not exist!' return render_template("login.html", form=form, msg=msg),401 else: session['id'] = result[0] session['user']= result[3] session['name'] = result[1] session['is_authenticated'] = result[5] #if result[3] == "*****@*****.**": if result[5] == "True": #blah blah blah whatever admin needs to be diff resp = make_response(redirect('/admin')) else: resp = make_response(redirect('/')) name = result[1]+result[2] resp.set_cookie('username', name, httponly=False, secure=False) print(session['id']) print(session['is_authenticated']) return resp return render_template("login.html", form=form, msg=msg)
def login(): form = LoginForm(request.form) msg = '' if request.method == "POST" and form.validate(): session.pop('user', None) email = request.form['email'] password = request.form['password'] print(email) print(password) statement = text('SELECT * FROM users WHERE email ="' + email + '" AND password ="******"') result = db.engine.execute(statement).fetchone() if result == None: statement2 = text('SELECT * FROM users WHERE email ="' + email + '"') result2 = db.engine.execute(statement2).fetchone() print(result2) print("AHhhhhhhhhhhhh") print(email) if result2 == None: msg = 'Error: Email does not exist!' print('no mail') return render_template("login.html", form=form, msg=msg), 401 # abort(401) else: msg = 'Error: Password is wrong!' print('no pass') return render_template("login.html", form=form, msg=msg), 401 # abort(401) else: session['id'] = result[0] session['user'] = result[3] session['name'] = result[1] session['is_authenticated'] = result[5] #if result[3] == "*****@*****.**": if result[5] == "True": #blah blah blah whatever admin needs to be diff resp = make_response(redirect('/admin')) else: resp = make_response(redirect('/')) name = result[1] + result[2] resp.set_cookie('username', name, httponly=False, secure=False) print(session['id']) print(session['is_authenticated']) return resp return render_template("login.html", form=form, msg=msg)
def login(): form = LoginForm() if form.validate_on_submit(): exists = USERS.exists(form.username.data) if exists[0]: if exists[1][2] == form.password.data: session['username'] = form.username.data session['user_id'] = exists[1][0] session['success'] = 'Успешно' return redirect('/') else: form.password.errors = ['Неверный пароль'] else: form.username.errors = ['Пользователь не найден'] return render_template('login.html', title='Авторизация', form=form)
def register(): form = RegistrationForm(request.form) l = LoginForm() cur = mysql.connection.cursor() if request.method == 'POST' and form.validate_on_submit(): print(form.name.data) print(form.email.data) print(form.mobileno.data) print(form.confirm.data) print(form.lang.data) n = form.name.data e = form.email.data mob = form.mobileno.data password = form.confirm.data language = form.lang.data cur.execute("SELECT username from farmer") t = cur.fetchall() t1 = list(sum(t, ())) #print(t1[0]) if n not in t1: cur.execute( "INSERT INTO farmer(username,email,mobileno,lang,pass,doc) VALUES (%s, %s, %s, %s, %s,%s)", (n, e, mob, language, password, 0)) mysql.connection.commit() cur.close() #return 'success' flash("Registered Successfully") users.append(n) return render_template('Login.html', title='Login', form=l) else: flash("The username is taken!Try another username") print("HERE") print(form.errors) return render_template('Register.html', title='Register', form=form)
def login(): form = LoginForm.LoginForm() if form.validate_on_submit(): login = form.username.data password = helpers.create_md5(form.password.data) try: true_login, true_pass = db.select('users', 'user_login', 'user_password', where=f"user_login='******'")[0] except IndexError: return render_template('admin.html', title='Sign In', form=form, error=True) if login == true_login and password == true_pass: cookies = make_response(redirect(url_for('sales'))) cookies.set_cookie('login', login, max_age=60 * 60 * 24 * 7) return cookies else: return render_template('admin.html', title='Sign In', form=form, error=True) return render_template('admin.html', title='Sign In', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): email = form.email.data exists = user.exists(email) if exists[0] and check_password_hash( user.get(exists[1])[PASSWORD], form.password.data): session['email'] = email session['user_name'] = user.get(exists[1])[USERNAME] session['status'] = user.get(exists[1])[STATUS] session['user_id'] = exists[1] new_day() return redirect('/home') return render_template('login.html', title='Авторизация', form=form, message='Неверный логин или пароль') return render_template('login.html', title='Авторизация', form=form)
def login(): print current_user if request.method == "GET": form = LoginForm() return render_template('login.html', form = form) else:#form.validate_on_submit(): user = User.User() user.id = request.form['email'] login_user(user) return redirect("/index")
def login(): form = LoginForm(csrf_enabled=False) # Don't show the login page if there's an active user if current_user.get_id(): return redirect(url_for('home', user=current_user.get_id())) # Validates the LoginForm provided if form.validate_on_submit(): # Query the user table user = User.query.filter_by(username=form.username.data).first() if user: # Check the password if User exists if bcrypt.check_password_hash(user.password, form.password.data): # Login the user and redirect to the user profile login_user(user, remember=form.remember.data) return redirect(url_for('home', user=session['user_id'])) return render_template('login.html', form=form)
def userlogin_view(req): if req.method == 'POST': form = LoginForm(req.POST) if form.is_valid(): userName = form.cleaned_data['userName'] password = form.cleaned_data['password'] if User.objects.filter(userName=userName, password=password): # auth.login(req, user) conn = redis.Redis(host='127.0.0.1', port=6379) conn.hset('login', 'userName', userName) return render(req, 'first/success.html') else: return render(req, 'first/login.html', {'msg': '账号或密码错误'}) else: context = { 'form': form, } return render(req, 'first/login.html', context)
def login(): """For GET requests, display the login form. For POSTS, login the current user by processing the form.""" form = LoginForm(csrf_enabled=True) if form.is_submitted(): if form.validate(): user = User.query.get(form.username.data) if user and bcrypt.check_password_hash(user.password, form.password.data): user.authenticated = True db.session.add(user) db.session.commit() login_user(user, remember=True) return redirect("/appConfig") else: return render_template("login.html", form=form, message="Invalid Login!!!") else: return render_template("login.html", form=form, message="Invalid Login!!!") else: return render_template("login.html", form=form)
def editProfile(): if 'username' in session: loggedInUser = getUser() form = EditProfileForm(request.form, user=loggedInUser) if form.validate_on_submit(): editProfileFunc(loggedInUser, form) return render_template("profile.html") return render_template("editProfile.html", form=form) else: return render_template("login.html", form=LoginForm())
def login(): if not return_redirect(): return redirect('/') if not api.check_user(): form = LoginForm() if form.validate_on_submit(): if api.login_user(form.email.data, form.password.data): return redirect('/') else: return render_template('login.html', form=form, success=False, user=api, style=url_for('static', filename='css/style.css')) return render_template('login.html', user=api, form=form, style=url_for('static', filename='css/style.css')) return redirect("/")
def login(): if g.user is not None and g.user.is_authenticated(): return redirect('/') login_form = LoginForm() if login_form.validate_on_submit(): user_dict = users_collection.find_one({"email": login_form.email.data}) if not user_dict: flash("That email has not been registered", "error") return redirect('/signup') pwd_hash = bcrypt.hashpw(login_form.password.data, user_dict['salt']) if pwd_hash == user_dict['pwd']: user = User(user_dict['email'], user_dict['_id']) login_user(user, remember=login_form.remember_me.data) flash("Logged in succesfully", "success") #return redirect(unquote(request.args.get("next")) or url_for("index")) print_stderr(request.args.get("next")) return redirect('/') else: flash("The password you entered is incorrect", "error") return redirect('/login') return render_template('login.html', login_form=login_form)
def login(): loginForm = LoginForm(request.form) if request.method == 'POST' and loginForm.validate( ): #only runs if post button clicked usersDict = {} db = shelve.open( 'storage.db', 'c' ) #assign storage file to variable database, c stands for read and write try: usersDict = db['Users'] #assign Users storage into usersDict except: print("Error in retrieving Users from storage.db.") db.close() #always close your database for i in usersDict: if loginForm.username.data == usersDict[i].get_username(): if loginForm.password.data == usersDict[i].get_password(): session["USERID"] = usersDict[i].get_userID() return redirect(url_for('home')) return render_template('login.html', form=loginForm, invalid=True) return render_template('login.html', form=loginForm)
def on_register(self): result = self.db.insert_user(self.edit_login.text(), self.edit_password.text(), self.edit_lastname.text(), self.edit_firstname.text(), self.edit_patronymic.text(), self.get_user_type()) if result is not None: self.error_from = ErrorDialog(result) self.error_from.show() else: self.login_form = LoginForm.LoginWindow(self.db) self.login_form.show() self.close()
def admin_login(): form = LoginForm.LoginForm() if form.validate_on_submit(): login = form.username.data password = form.password.data true_login, true_pass = db.select('admins', 'login', 'password', where=f"login='******'")[0] if login == true_login and password == true_pass: cookies = make_response(redirect(url_for('admin_panel'))) cookies.set_cookie('admin', 'True', max_age=60 * 60) return cookies return render_template('admin.html', title='Sign In', form=form)
def login(): session["login"] = True session["signup"] = False if request.method == 'POST': loginform = LoginForm(request.form, prefix='form1') if loginform.validate_on_submit(): check_login = g.database.execute("""SELECT User_id from MuShMe.entries WHERE Email_id="%s" AND Pwdhash="%s" """ % (loginform.email.data, hashlib.sha1(loginform.password.data).hexdigest())) if check_login: userid= g.database.fetchone() g.database.execute("""UPDATE MuShMe.entries SET Last_Login=CURRENT_TIMESTAMP() WHERE User_id="%s" """ % (userid)) g.conn.commit() for uid in userid: session['userid'] = uid g.database.execute("""SELECT Username from MuShMe.entries WHERE User_id="%s" """ % uid ) session['UserName']=g.database.fetchone()[0] g.database.execute("""SELECT Privilege FROM MuShMe.entries WHERE User_id="%s" """ % uid) session['privilege'] = g.database.fetchone()[0] g.database.execute("""SELECT Profile_pic FROM MuShMe.entries WHERE User_id="%s" """ % uid) session['profilepic'] = g.database.fetchone()[0] g.database.execute("""SELECT Name from MuShMe.entries WHERE User_id="%s" """ % uid ) session["Name"]=g.database.fetchone() g.database.execute("""SELECT DOB from MuShMe.entries WHERE User_id="%s" """ % uid ) session["dob"]=str(g.database.fetchone()) session['logged_in'] = True session['logged_in']=True #print uid #print userid return redirect(url_for('userProfile', userid=uid)) else: flash("Incorrect Email-Id or Password") else: flash("Incorrect Email-Id or Password") return render_template('homepage/index.html', form1=loginform, form2=ContactForm(prefix='form2')) else: return redirect(url_for(('index')))
def login(): if "logged_in" in session: flash("already logged in", "info") return redirect(url_for("home")) else: form = LoginForm() if form.validate_on_submit(): session.permanent = True email = form.email.data password = form.password.data remember = form.remember.data c.execute("""SELECT * FROM user WHERE email=?""", (email, )) val2 = c.fetchone() if val2 is not None: ap = val2[5] i = val2[0] if sha256_crypt.verify(password, ap): if val2[-2]: session["logged_in"] = True session["id"] = i session["current_user"] = val2[1] return redirect(url_for("home")) else: flash( "You didn't verified your account,Please confirm first by clicking the given link or registering again", 'warning') else: flash("wrong password!", 'warning') else: flash("No such username", "warning") return render_template("login.html", form=form)
def index(): form = SignupForm(request.form) loginform = LoginForm() if 'email' in session: # Find the vendor in database with matching email address vendor_id, vendor = VendorManager.get_vendor(email=session['email']) if vendor is not None: prod_count = str(len(vendor.product_catalog)) vendor_deal_count = str(len(vendor.deal_list)) return render_template('index.html', form='null', v=vendor, products=vendor.product_catalog, product_count=prod_count, deal_count=vendor_deal_count, email=session['email'], loginform=loginform) else: return redirect(url_for('login')) if request.method == 'POST' and request.form['submit'] == "Register" and form.validate_on_submit(): flash('Signup requested') print "Successfully validated form!!" print "name received", form.name, 'data:', form.name.data # Hash the password and save to database pwdhash = VendorManager.get_password_hash(form.password.data) coords = VendorManager.get_vendor_coordinate(form.address.data + " " + form.city.data) print coords[0] print coords[1] given_data = {} given_data['name'] = form.name.data given_data['description'] = form.description.data, given_data['email'] = form.email.data given_data['type'] = form.category.data given_data['address'] = form.address.data given_data['phoneNumber'] = form.phone.data given_data['state'] = form.state.data given_data['city'] = form.city.data given_data['password'] = pwdhash given_data['coordinates'] = [repr(coords[0]), repr(coords[1])] new_vendor = VendorManager.create_vendor(given_data) print "CHECKING IF VENDOR W/ EMAIL EXISTS" print VendorManager.get_vendor(email=form.email.data) if VendorManager.get_vendor(email=form.email.data) is None: VendorManager.post_vendor(new_vendor) # Add email to cookie session['email'] = new_vendor.email return redirect(url_for('profile')) else: form.email.errors.append("User with email: " + request.form['email'] + " already exists in the database") flash("Enrollment failed") return render_template('index.html', form=form, email='', loginform=loginform, v='') elif request.method == 'POST' and request.form['submit'] == "Login" and loginform.validate_on_submit(): vid, vendor = VendorManager.get_vendor(email=loginform.email.data) # First check that a vendor with this email address exists in database if vendor is None: flash('No vendor in database with this email address') loginform.email.errors.append("Unknown email address") flash('Login failed because no vendor found') # Since vendor exists in database, check that the correct password was supplied if vendor is not None and VendorManager.check_password(vendor.pwdhash, form.password.data): flash('Login successful') print "Logged in successfully" session['email'] = loginform.email.data return redirect(url_for('profile')) else: loginform.password.errors.append("Incorrect password") flash('Login failed because incorrect password') # print "Form errors below:" # print(form.errors) return render_template('index.html', form=form, email='', loginform=loginform, v='')