def login(): if request.method == 'GET': state = ''.join( random.choice(string.ascii_uppercase + string.digits) for x in xrange(32)) status = request.args.get('status', '') login_session['state'] = state return render_template('login.html', STATE=state, status=status) elif request.method == 'POST': username = request.form['username'] password = request.form['password'] if session.query(User).filter_by(name=username).first() is None: user = User(name=username) user.hash_password(password) session.add(user) session.commit() user = session.query(User)\ .filter_by(name=username).first() if not user.verify_password(password): return redirect(url_for('login', status='fail')) login_session['provider'] = 'itemcatalog' login_session['username'] = username login_session['user_id'] = user.id return redirect(url_for('home', status='success'))