def sign_up():
errors = []
form = SignUpForm(request.form)
if request.method == 'POST' and form.validate():
# looks like everything ok, check db
username = form.username.data
password = form.password.data
user = list(User.view('users/by_username', key=username))
if user:
errors.append('User already exists')
else:
new_user = make_user_from_request(request)
g.db.save_doc(new_user)
flash('You have successfully registered')
return redirect(url_for('show_posts'))
elif request.method == 'POST' and not form.validate():
errors.extend(format_form_errors(form.errors.items()))
return render_template('sign_up.html', form = form, errors = errors)
def login():
errors = []
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
username = form.username.data
password = form.password.data
user = list(User.view('users/by_username', key=username))
if not user:
errors.append('Invalid username')
elif make_password_hash(user[0].salt, password) != user[0].password:
errors.append('Invalid password')
else:
session['logged_in'] = True
session['uid'] = user[0]._id
session['privileged'] = user[0].privileged
flash('You were logged in')
return redirect(url_for('show_posts'))
elif request.method == 'POST' and not form.validate():
errors.extend(format_form_errors(form.errors.items()))
return render_template('login.html', form = form, errors = errors)
