def logout(): logout_user() next = flask.request.args.get('next') if not is_safe_url(next): return flask.abort(400) return flask.redirect(next or flask.url_for('index'))
def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.get(form.username.data) if user: if bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=True) next = request.args.get('next') # is_safe_url should check if the url is safe for redirects. # See http://flask.pocoo.org/snippets/62/ for an example. if not is_safe_url(next): return abort(400) return redirect(next or url_for('homepage')) return render_template('login.html', form=form)
def login(): # Protect with csrf csrf.protect() # Here we use a class of some kind to represent and validate our # client-side form data. For example, WTForms is a library that will # handle this for us. form = LoginForm() if form.validate_on_submit(): # Login and validate the user. login_user(form.user) flask.flash('Logged in successfully.') next = flask.request.args.get('next') if not is_safe_url(next): return flask.abort(400) return flask.redirect(next or flask.url_for('index')) return flask.render_template('login.html', form=form)