57 lines
2.3 KiB
Python
57 lines
2.3 KiB
Python
from flask import Blueprint, render_template, request, redirect, url_for, session
|
|
from werkzeug.security import check_password_hash
|
|
from models import db, User
|
|
|
|
login_bp = Blueprint('login', __name__, url_prefix='/login')
|
|
|
|
@login_bp.route('/', methods=['GET', 'POST'])
|
|
def login():
|
|
if session.get('loggedin'):
|
|
return redirect(url_for('index.index'))
|
|
|
|
username = ""
|
|
username_err = ""
|
|
password_err = ""
|
|
login_err = ""
|
|
|
|
if request.method == 'POST':
|
|
username = request.form.get('username', '').strip()
|
|
password = request.form.get('password', '').strip()
|
|
|
|
if not username:
|
|
username_err = "Please enter username."
|
|
if not password:
|
|
password_err = "Please enter your password."
|
|
|
|
if not username_err and not password_err:
|
|
# Admin bypass (same as before) but don't do this in production!
|
|
if False: # username == "adm" and password == "dont add this in please":
|
|
session['loggedin'] = True
|
|
session['id'] = -1
|
|
session['username'] = "Admin"
|
|
return redirect(url_for('index.index'))
|
|
|
|
# Query User via SQLAlchemy
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if user:
|
|
# Here you need to store hashed passwords somewhere
|
|
# Your User model doesn't have a password field yet, so let's assume:
|
|
# You should add it like: password = db.Column(db.String(128), nullable=False)
|
|
# For now, assuming you have a password attribute
|
|
if hasattr(user, 'password') and check_password_hash(user.password, password):
|
|
session['loggedin'] = True
|
|
session['id'] = user.id
|
|
session['username'] = user.username
|
|
return redirect(url_for('index.index'))
|
|
else:
|
|
login_err = "Invalid username or password."
|
|
else:
|
|
login_err = "Invalid username or password."
|
|
|
|
return render_template('login.html',
|
|
username=username,
|
|
username_err=username_err,
|
|
password_err=password_err,
|
|
login_err=login_err)
|