def signin(redirect_url=None): error = None if request.method == 'POST': error = 'email/password error' email = request.form['email'] password = request.form['password'] cur = g.db.execute('select username, salted_pwd from user where email=?', [email]) result = cur.fetchone() if result: username, salted_pwd = result salt, hashed_password = salted_pwd.split('.') if hash_password(username, password, salt) == hashed_password: session['username'] = username return redirect_back('index') return render_template('signin.html', error=error)