def post(self): input_username = self.request.get("username") input_password = self.request.get("password") err_username = "" err_password = "" err_signin = "" output_username = html_util.escape_html(input_username) output_password = input_password if not signuputil.is_username_valid(input_username): err_username = "******" if not signuputil.is_password_valid(input_password): err_password = "******" output_password = "" if err_username == "" and err_password == "": query = ( "SELECT * FROM User \ WHERE username = '******'" ) users = db.GqlQuery(query) err_signin = "User does not exists or password does not match. Try again." if users.count() > 0 and hashutil.valid_pw(users[0].username, output_password, users[0].password_hash): user_id = users[0].key().id() self.response.headers.add_header("Set-Cookie", "user_id=%s" % hashutil.make_secure_val(str(user_id))) self.redirect(APP_PATH + CORE_PATH) else: self.render_page(err_signin, output_username, err_username, output_password, err_password) else: self.render_page(err_signin, output_username, err_username, output_password, err_password)
def login(cls, username, pw): u = cls.by_username(username) if u and hashutil.valid_pw(username, pw, u.pw_hash): return u