Mar-20-2023, 08:11 AM
# simple and reliable
@auth.post("/login") def auth_login(): email = request.forms.get("mail") pswd = request.forms.get("password") if auth_mail(email) is False: cur = con.cursor() sql = "SELECT id, name, mail, password FROM user_table WHERE mail=?" res = cur.execute(sql, (email,)) row = res.fetchone() row.keys() cur.close() if bcrypt.checkpw(pswd.encode(), row["password"]): payload = { "id": row["id"], "name": row["name"], "mail": row["mail"], } visited = jwt.encode(payload, key, algorithm) response.set_cookie( "visited", visited, path="/", httponly=True, ) return redirect("/") return HTTPError( 401, "Sorry.. The password doesn't match..!" ) return HTTPError(401, "Sorry.. NO user..!")