def check_password(user_id, password):
"""Returns true if the submitted password's hash matches the saved hash
of the User's password."""
user = User.query.get(user_id)
if user.password == hashulate(password):
return True
return False
def login():
"""Logs the user in or creates a new user in the database."""
form = LoginForm(request.form)
validates = request.method == 'POST' and form.validate()
if validates:
username = request.form.get('username')
password = request.form.get('password')
if not User.username_taken(username):
user = User(username=username, password=hashulate(password))
db_session.add(user)
db_session.commit()
login_user(user)
return redirect(request.args.get("next") or url_for("home"))
elif User.check_password(User.id_from_name(username),
request.form.get('password')):
login_user(User(id=User.id_from_name(username)))
return redirect(request.args.get("next") or url_for("home"))
return render_template('login.html', form=form)
