def login(): if session.get("logged_in"): return redirect(url_for("user", id=session.get("username"))) error = None form = Login(request.form) if request.method == "POST" and form.validate(): user = User.query.filter_by(username=form.username.data).first() if not user or not user.is_active: error = "Invalid username" elif check_password_hash(user.pwhash, form.password.data): auth_user(user) return redirect(url_for("index")) else: error = "Invalid password" return render_template("login.html", form=form, error=error)
def register(): if session.get("logged_in"): flash("You're already registered") return redirect(url_for("user", id=session.get("username"))) error = None form = Registration(request.form) if request.method == "POST" and form.validate(): user = User.query.filter_by(username=form.username.data).first() if user: error = "User exists already" else: user = User( username=form.username.data.lower(), pwhash=generate_password_hash(form.pass_one.data), email=form.email.data, ) db.session.add(user) db.session.commit() auth_user(user) flash("You were successfully registered and are logged in") return redirect(url_for("index")) return render_template("register.html", form=form, error=error)