def login(): if g.user: return redirect(url_for('.index')) form = forms.LoginForm(request.form) if request.method == 'POST' and form.validate(): user = users.get_user_by_email(form.username.data) if user is None or not check_password_hash(user.password_hash, form.password.data): flash(u'Неверный e-mail или пароль', 'error') else: session['user_id'] = user.id session.permanent = form.remember.data return redirect(request.args.get('back', None) or url_for('cabinet.index')) return render_template('site/login.html', form=form)
def check_password(form, field): if not hasattr(field, 'user') or not check_password_hash(field.user.password_hash, field.data): raise ValidationError(u'Неверный пароль')