def change_password():
form = PasswordResetForm()
if form.validate_on_submit():
# Check that the user exists, and that the password is correct
if bcrypt.check_password_hash(g.user.pwd_hash, form.current_password.data):
g.user.pwd_hash = bcrypt.generate_password_hash(form.new_password.data)
db.session.commit()
# Redirect to the URL for the profile page
flash("Password updated successfully!", "success")
return redirect(url_for("profile.settingsProfile"))
else:
flash("Invalid Password", "danger")
return render_template("settings.html", password_form=form, delete_form=DeleteProfileForm())
def login():
form = LoginForm()
# Validate the submitted data
if form.validate_on_submit():
# Get the user by email address
user = User.query.filter_by(email=form.email.data).limit(1).first()
# Check that the user exists, and that the password is correct
if user and bcrypt.check_password_hash(user.pwd_hash, form.password.data):
# Log the user in
login_user(user, remember=True)
next = request.args.get("next")
if next:
return redirect(next)
# Redirect to the URL for the profile page
return redirect(url_for("profile.profile"))
else:
flash("Invalid Username/Password", "danger")
return render_template("login.html", form=form)