def post_login( mongodb ): if helper.get_user( mongodb ): redirect( "/" ) username = request.forms.get('username') password = request.forms.get('password') errors = [] user = mongodb['users'].find_one( { 'name': username } ) #Show same error for both: username does not exist AND incorrect password if not user or user['password'] != bcrypt.hashpw( password, user['password'] ): errors.append( "badpass" ) if len( errors ) > 0: return helper.template( 'user/login', errors=errors, form=request.forms, errorMap=loginErrors ) session_key = binascii.hexlify( os.urandom( 32 ) ) mongodb['users'].update( { "name": username }, { "$set": { "session_key": session_key } } ) helper.c_set( "session_key", session_key ) redirect( "/" )
def logout(): helper.c_set( "session_key", "" ) redirect( "/" )