def post(self):
username = self.request.get('username')
password = self.request.get('password')
error = ''
url = self.request.url
url = url[:url.rfind('/login')]
url = url[url.rfind('/') + 1:]
if not validUser(username): error = 'Invalid user name or password.'
else:
q = db.GqlQuery('select * from User where name = :1', username)
user = q.get()
if not user: error = 'Invalid user name or password.'
if not validPassword(password):
error = 'Invalid user name or password.'
if error: self.render_login(username, error, url)
else:
pwHasher = PasswordHash()
if pwHasher.valid_pw(username, password, user.pwHash):
cookieHasher = CookieHash()
cookieHash = cookieHasher.make_secure_val(str(user.key().id()))
self.response.set_cookie('user_id', cookieHash)
self.redirect('/%s/' % url)
else:
error = 'Invalid user name or password.'
self.render_login(username, error, url)
