diff --git a/blog/routes.py b/blog/routes.py index 049ba45f16916b4b618618a2d31b41b990fc5d2b..4ed01a323080404bd627c16c6cd8de6c496fbb7c 100644 --- a/blog/routes.py +++ b/blog/routes.py @@ -1,6 +1,6 @@ -from flask import render_template, url_for, request, redirect, flash, Response, send_file, abort -from blog import app, db import os +from flask import render_template, url_for, request, redirect, flash, Response, send_file, abort +from blog import app, db, bcrypt from blog.models import User, Post, Portfolio from blog.forms import RegistrationForm, LoginForm, UpdateAccountForm, PostForm from flask_login import login_user, logout_user, current_user @@ -89,23 +89,20 @@ def account(): def register(): form = RegistrationForm() if form.validate_on_submit(): - user = User(username=form.username.data, email=form.email.data, password=form.password.data) + hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8') + user = User(username=form.username.data, email=form.email.data, password=hashed_password) db.session.add(user) db.session.commit() flash('Registration successful!') return redirect(url_for('login')) return render_template('register.html',title='Register',form=form) -@app.route("/registered") -def registered(): - return render_template('registered.html', title='Thanks!') - @app.route("/login",methods=['GET','POST']) def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() - if user and (user.password, form.password.data): + if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user) flash('You\'ve successfully logged in,'+' '+ current_user.username +'!') return redirect(url_for('home'))