def login():
if request.method == 'GET':
state = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for x in xrange(32))
status = request.args.get('status', '')
login_session['state'] = state
return render_template('login.html', STATE=state, status=status)
elif request.method == 'POST':
username = request.form['username']
password = request.form['password']
if session.query(User).filter_by(name=username).first() is None:
user = User(name=username)
user.hash_password(password)
session.add(user)
session.commit()
user = session.query(User)\
.filter_by(name=username).first()
if not user.verify_password(password):
return redirect(url_for('login', status='fail'))
login_session['provider'] = 'itemcatalog'
login_session['username'] = username
login_session['user_id'] = user.id
return redirect(url_for('home', status='success'))
