def login():
if current_user.is_authenticated:
return redirect(url_for('main'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
flash(f'Welcome back, {form.username.data}!', 'success')
return redirect(next_page) if next_page else redirect(url_for('lobby'))
else:
flash(f'Login unsuccessful. Please check username and password', 'danger')
return render_template('login.html', form=form)
def login():
error = None
# Imports the login form from the file forms.py
form = LoginForm(request.form)
# When the form is submitted:
if request.method == 'POST':
if form.validate_on_submit():
# Input that needs to be validated
name = request.form['username']
passwd = request.form['password']
# Check that the username is a alphanumeric string
# between 4 and 25 characters long (whitelist)
if not re.search("^[0-9a-zA-Z]{4,25}$", name):
flash('Invalid credentials. Please try again.')
return redirect(url_for('auth.login'))
# Check that the password is a alphanumeric string
# between 6 and 40 characters long (whitelist)
if not re.search("^[0-9a-zA-Z]{6,40}$", passwd):
flash('Invalid credentials. Please try again.')
return redirect(url_for('auth.login'))
# Introduced user is searched in the DB
user = User.query.filter_by(username=name).first()
# Check if username and password are correct
if user is not None and bcrypt.check_password_hash(
user.password, passwd):
# Login user (with login extension)
login_user(user)
# Redirect to home
flash('You were just logged in!')
return redirect(url_for('info.home'))
else:
error = 'Invalid credentials. Please try again.'
return render_template('auth/login.html', form=form, error=error)
