def login(): next = request.args.get('next', '/admin', type=str) if 'auth' in session: return redirect(next) if request.method == 'POST': try: username = request.form['username'] password = request.form['password'] except KeyError: flash(u"Invalid Username or Password", "error") return render_template("auth/login.html", next=next) profile = Profile() profile.database = db profile.load_admin() if profile.verify_login(username, password): flash(u"Welcome back %s" % profile.username, "info" ) session['auth'] = profile.userhash return redirect(next) else: flash(u"Invalid Username or Password", "error") return render_template("auth/login.html", next=next)