proper authentication

1 files changed, 14 insertions, 3 deletions

diff --git a/wedding.py b/wedding.py
index 483baa2..f1e99e2 100644
--- a/wedding.py
+++ b/wedding.py
@@ -3,7 +3,6 @@ import sqlite3
 #all the imports
 from flask import Flask, request, session, g, redirect, url_for, render_template
 from functools import wraps
-import hashlib
 
 app = Flask(__name__)
 app.config.from_envvar('CONF')
@@ -77,16 +76,28 @@ def main_page():
 
 @app.route('/login/', methods=['GET', 'POST'])
 def login():
-    session.clear()
     if 'user_name' in session:
         return redirect(url_for('main_page'))
 
     error = None
     if request.method == 'POST':
+        db = get_db()
+        c = db.cursor()
+        c.execute("SELECT * from guests where user_name=?",
+                  (request.form['username'],))
+        if not c.fetchone():
+            error = "User not registered"
+            c.close()
+            return
+        else:
+            c.close()
+        if request.form['password'] != app.config['PASSWORD']:
+            error = "Wrong password"
+            return
         session['user_name'] = request.form['username']
-        #password = request.form['password'].hexdigest()
         session['lang'] = request.form['language']
         return redirect(url_for('main_page'))
+
     return render_template('login.htm')
 
 if __name__=="__main__":