def loginPost(handler, p_username, p_password, p_verification, p_redir): def die(msg): print ErrorBox("Login Failed", msg) print LoginBox(p_redir) done() def badCredentials(): die("Invalid username/password/code combination") handler.title('Login') user = User.load(username = p_username) if not user: Event.login(handler, None, False, "Failed login for %s (bad username)" % p_username) badCredentials() if not checkPassword(user, p_password): Event.login(handler, None, False, "Failed login for %s (bad password)" % p_username) badCredentials() if user.hotpKey != '' and (p_verification == '' or p_verification not in code(user.hotpKey)): Event.login(handler, None, False, "Failed login for %s (bad code)" % p_username) badCredentials() if not user.hasPrivilege('User'): Event.login(handler, user, False, "Account disabled") die("Your account has been disabled") if user.resetkey: user.resetkey = None user.save() handler.session['user'] = user handler.session.remember('user') Event.login(handler, user, True) redirect(p_redir)