def login():
form = LoginForm()
if form.validate_on_submit():
user = User.authenticate(username=form.username.data,
password=form.password.data)
if user and login_user(user):
flash("Logged in successfully.", "success")
return redirect(request.args.get("next") or url_for(".home"))
else:
flash("Login failed.", "danger")
return render_template("login.html", form=form)
def change_password():
form = ChangePasswordForm()
if request.method == "GET":
return render_template("change_password.html", form=form)
# Re-validate old password
if form.validate_on_submit() and User.authenticate(
current_user.username, form.current_password.data):
current_user.update_password(form.password.data)
current_user.save()
flash("Password change successfully.", "success")
return redirect(url_for(".home"))
else:
flash("Password change failed.", "danger")
return render_template("change_password.html", form=form)
