def login():
if current_user.is_authenticated():
return redirect(url_for('about'))
if 'next_url' not in session:
session['next_url'] = urlparse(request.referrer).path
form = LoginForm()
if request.method == 'POST' and form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user and user.is_correct_password(form.password.data):
login_user(user)
flash(MSG_LOGIN_SUCCESS, 'success')
session.pop('next_url', None)
return form.redirect(url_for('about'))
else:
flash(MSG_INVALID_USER, 'error')
return redirect(url_for('login'))
return render_template('login.html', form=form)
def logout():
form = LoginForm()
logout_user()
flash(MSG_LOGOUT_SUCCESS, 'success')
return form.redirect(url_for('about'))
