def login(): if current_user.is_authenticated: return redirect(url_for('main')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) next_page = request.args.get('next') flash(f'Welcome back, {form.username.data}!', 'success') return redirect(next_page) if next_page else redirect(url_for('lobby')) else: flash(f'Login unsuccessful. Please check username and password', 'danger') return render_template('login.html', form=form)
def login(): error = None # Imports the login form from the file forms.py form = LoginForm(request.form) # When the form is submitted: if request.method == 'POST': if form.validate_on_submit(): # Input that needs to be validated name = request.form['username'] passwd = request.form['password'] # Check that the username is a alphanumeric string # between 4 and 25 characters long (whitelist) if not re.search("^[0-9a-zA-Z]{4,25}$", name): flash('Invalid credentials. Please try again.') return redirect(url_for('auth.login')) # Check that the password is a alphanumeric string # between 6 and 40 characters long (whitelist) if not re.search("^[0-9a-zA-Z]{6,40}$", passwd): flash('Invalid credentials. Please try again.') return redirect(url_for('auth.login')) # Introduced user is searched in the DB user = User.query.filter_by(username=name).first() # Check if username and password are correct if user is not None and bcrypt.check_password_hash( user.password, passwd): # Login user (with login extension) login_user(user) # Redirect to home flash('You were just logged in!') return redirect(url_for('info.home')) else: error = 'Invalid credentials. Please try again.' return render_template('auth/login.html', form=form, error=error)