def post(self):
input_username = self.request.get("username")
input_password = self.request.get("password")
err_username = ""
err_password = ""
err_signin = ""
output_username = html_util.escape_html(input_username)
output_password = input_password
if not signuputil.is_username_valid(input_username):
err_username = "******"
if not signuputil.is_password_valid(input_password):
err_password = "******"
output_password = ""
if err_username == "" and err_password == "":
query = (
"SELECT * FROM User \
WHERE username = '******'"
)
users = db.GqlQuery(query)
err_signin = "User does not exists or password does not match. Try again."
if users.count() > 0 and hashutil.valid_pw(users[0].username, output_password, users[0].password_hash):
user_id = users[0].key().id()
self.response.headers.add_header("Set-Cookie", "user_id=%s" % hashutil.make_secure_val(str(user_id)))
self.redirect(APP_PATH + CORE_PATH)
else:
self.render_page(err_signin, output_username, err_username, output_password, err_password)
else:
self.render_page(err_signin, output_username, err_username, output_password, err_password)
def login(cls, username, pw):
u = cls.by_username(username)
if u and hashutil.valid_pw(username, pw, u.pw_hash):
return u
