def login():
if session.get('logged_in'):
return redirect(url_for('user', id=session.get('username')))
error = None
form = Login(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(username=form.username.data).first()
if not user or not user.is_active:
error = 'Invalid username'
else:
if check_password_hash(user.pw_hash, form.password.data):
auth_user(user)
next_url = request.args.get('next')
if next_url:
return redirect(url_for(next_url))
else:
return redirect(url_for('index'))
else:
error = 'Invalid password'
return render_template('login.html', form=form, error=error)
def register():
if session.get('logged_in'):
flash('You\'re already registered')
return redirect(url_for('user', id=session.get('username')))
error = None
form = Registration(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(username=form.username.data).first()
if user:
error = 'That username is already in use'
else:
user = User(
username = form.username.data.lower(),
pwhash = generate_password_hash(form.pass_one.data),
email = form.email.data,
)
db.session.add(user)
db.session.commit()
auth_user(user)
flash('You were successfully registered and are logged in')
return redirect(url_for('index'))
return render_template('register.html', form=form, error=error)