def login(request): logged_in = authenticated_userid(request) if logged_in: return HTTPFound(location=route_url("home", request)) session = DBSession() schema = schemas.Login() result = {"_csrf_": request.session.get_csrf_token()} errors = [] if request.POST: if not validate_csrf(request): return HTTPUnauthorized("Not authorized") try: form_result = schema.to_python(request.params) user = ( session.query(User) .filter(and_(User.email == form_result["email"], User.password == func.sha1(form_result["password"]))) .first() ) if user: headers = remember_me_header(request, user.email) return HTTPFound(location=route_url("home", request), headers=headers) else: errors.append("form") except validators.Invalid, e: errors = e.error_dict
def create_profile(request): logged_in = authenticated_userid(request) if not logged_in: return HTTPFound(location=route_url("login", request)) session = DBSession() form = Form(request, schema=schemas.CreateProfile, obj=User()) if request.POST and form.validate(): user = session.query(User).filter(User.email == logged_in).first() user = form.bind(user) session.merge(user) session.commit() return HTTPFound(location=route_url("home", request)) print form.errors return dict(user_email=logged_in, form=FormRenderer(form))