Example #1
0
def sign_up():
  errors = []
  form = SignUpForm(request.form)
  if request.method == 'POST' and form.validate():
    # looks like everything ok, check db
    username = form.username.data
    password = form.password.data
    user = list(User.view('users/by_username', key=username))
    if user:
      errors.append('User already exists')
    else:
      new_user = make_user_from_request(request)
      g.db.save_doc(new_user)
      flash('You have successfully registered')
      return redirect(url_for('show_posts'))
  elif request.method == 'POST' and not form.validate():
    errors.extend(format_form_errors(form.errors.items()))

  return render_template('sign_up.html', form = form, errors = errors)
Example #2
0
def login():
  errors = []
  form = LoginForm(request.form)
  if request.method == 'POST' and form.validate():
    username = form.username.data
    password = form.password.data
    user = list(User.view('users/by_username', key=username))
    if not user:
      errors.append('Invalid username')
    elif make_password_hash(user[0].salt, password) != user[0].password:
      errors.append('Invalid password')
    else:
      session['logged_in'] = True
      session['uid'] = user[0]._id
      session['privileged'] = user[0].privileged

      flash('You were logged in')
      return redirect(url_for('show_posts'))
  elif request.method == 'POST' and not form.validate():
    errors.extend(format_form_errors(form.errors.items()))

  return render_template('login.html', form = form, errors = errors)