from flask import Blueprint, render_template, request, redirect, url_for, session from werkzeug.security import check_password_hash from models import db, User login_bp = Blueprint('login', __name__, url_prefix='/login') @login_bp.route('/', methods=['GET', 'POST']) def login(): if session.get('loggedin'): return redirect(url_for('index.index')) username = "" username_err = "" password_err = "" login_err = "" if request.method == 'POST': username = request.form.get('username', '').strip() password = request.form.get('password', '').strip() if not username: username_err = "Please enter username." if not password: password_err = "Please enter your password." if not username_err and not password_err: # Admin bypass (same as before) but don't do this in production! if False: # username == "adm" and password == "dont add this in please": session['loggedin'] = True session['id'] = -1 session['username'] = "Admin" return redirect(url_for('index.index')) # Query User via SQLAlchemy user = User.query.filter_by(username=username).first() if user: # Here you need to store hashed passwords somewhere # Your User model doesn't have a password field yet, so let's assume: # You should add it like: password = db.Column(db.String(128), nullable=False) # For now, assuming you have a password attribute if hasattr(user, 'password') and check_password_hash(user.password, password): session['loggedin'] = True session['id'] = user.id session['username'] = user.username return redirect(url_for('index.index')) else: login_err = "Invalid username or password." else: login_err = "Invalid username or password." return render_template('login.html', username=username, username_err=username_err, password_err=password_err, login_err=login_err)