def verify_password(email_or_token, password):
user_id = User.verify_auth_token(email_or_token)
if user_id:
user = session.query(User).filter_by(id=user_id).one()
else:
user = session.query(User).filter_by(email=email_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
