def post(self): username = self.request.get('username') password = self.request.get('password') error = '' url = self.request.url url = url[:url.rfind('/login')] url = url[url.rfind('/') + 1:] if not validUser(username): error = 'Invalid user name or password.' else: q = db.GqlQuery('select * from User where name = :1', username) user = q.get() if not user: error = 'Invalid user name or password.' if not validPassword(password): error = 'Invalid user name or password.' if error: self.render_login(username, error, url) else: pwHasher = PasswordHash() if pwHasher.valid_pw(username, password, user.pwHash): cookieHasher = CookieHash() cookieHash = cookieHasher.make_secure_val(str(user.key().id())) self.response.set_cookie('user_id', cookieHash) self.redirect('/%s/' % url) else: error = 'Invalid user name or password.' self.render_login(username, error, url)