Untitled

# roughly based on the logic shown at:
# https://pythonspot.com/en/login-authentication-with-flask/

from flask import Flask, redirect, render_template, request, session
from functools import wraps
import os

app = Flask(__name__)

def widoLoginRequired(f):
#this is the decorator for a route that is to be protected
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if not session.get('logged_in'):
            session['next'] = request.endpoint
            return render_template('login.html')
        return f(*args, **kwargs)
    return decorated_function

@app.route('/login', methods=['POST'])
#if this route is called as POST, it means that a password was submitted. Login and forward, or show error+ login screen
def do_admin_login():
    # this should be replaced by hashed values, and/or a database function:
    passwords = {
        "admin": "enter passwords here",
        "user1": "then remove the the next line which says <passwords = {} > ",
    };
    passwords = {}
    if app.debug:
        passwords = {
            "user1": "pass1",
            "user2": "pass2",
        };

    # validation of password:
    rightPassword = passwords.get(request.form['username']) # this is the password which the user *should* enter
    try:
        givenPassword = request.form['password'] # this is the password which the user *did* enter
    except:
        givenPassword = ""
    if (rightPassword is None):
        valid = False
    elif (rightPassword == givenPassword):
        valid = True
    else:
        valid = False

    # act upon right or wrong user/pass combination:
    session.pop('wrong_password', None) # clear this flag
    if valid:
        session['logged_in'] = True
        session['user'] = request.form['username']
    else:
        session['wrong_password'] = "Password wrong...." # the value of this is irrelevant actually
        return render_template('login.html')
    return redirect (session.get('next'), code=302)    # after successful login, make sure the browser shows the right URL

@app.route('/login', methods=['GET'])
# direct call of this route - just displays the login form, will then forward to index, and automatically logs out if there was already a login
def show_login_page():
    session['next']="/"
    session['logged_in'] = False
    return render_template('login.html')


@app.route("/logout")
def logout():
    session['logged_in'] = False
    return "Logged out!"


#######################################################################


@app.route('/')
def home():
    return "This is the index page, unprotected"


@app.route("/status")
def showstatus():
    return """
        <h3>Status:</h3>
        <p>Logged in: %s</p>
        <p>User: %s</p>
        <p>Next: %s</p>

    """ % (session.get('logged_in'), session.get('user'), session.get('next'))

@app.route("/protect1")
@widoLoginRequired
def protect1():
    return "This is the first protected page protect1"

@app.route("/protect2")
@widoLoginRequired
def protect2():
    return "This is the second protected page protect2"


@app.route("/protect3")
@widoLoginRequired
def protect3():
    return "This is the third protected page protect3"


if __name__ == "__main__":
    app.secret_key = os.urandom(24)
    app.run(debug=True)

<link rel="stylesheet" href="/static/loginstyle.css" type="text/css">

{% block body %}

{% if session['wrong_password'] %}
    <div class="login-screen">
        <p>Wrong password!</p>
    </div>
{% endif %}

{% if session['logged_in'] %}
    <div class="login-screen">
        <p>You're logged in already!</p>
    </div>
{% endif %}

<form action="/login" method="POST">
<input type="text" name="next" value="12341234" hidden>

    <div class="login">
        <div class="login-screen">
            <div class="app-title">
                <h1>Login</h1>
            </div>

            <div class="login-form">
                <div class="control-group">
                <input type="text" class="login-field" value="" placeholder="username" name="username">
                <label class="login-field-icon fui-user" for="login-name"></label>
                </div>

                <div class="control-group">
                <input type="password" class="login-field" value="" placeholder="password" name="password">
                <label class="login-field-icon fui-lock" for="login-pass"></label>
                </div>

                <input type="submit" value="Log in" class="btn btn-primary btn-large btn-block" >
                <br>
            </div>
        </div>
    </div>
</form>

{% endblock %}

* {
box-sizing: border-box;
}

*:focus {
    outline: none;
}
body {
font-family: Arial;
background-color: #3498DB;
padding: 50px;
}
.login {
margin: 20px auto;
width: 300px;
}
.login-screen {
background-color: #FFF;
padding: 20px;
border-radius: 5px
}

.app-title {
text-align: center;
color: #777;
}

.login-form {
text-align: center;
}
.control-group {
margin-bottom: 10px;
}

input {
text-align: center;
background-color: #ECF0F1;
border: 2px solid transparent;
border-radius: 3px;
font-size: 16px;
font-weight: 200;
padding: 10px 0;
width: 250px;
transition: border .5s;
}

input:focus {
border: 2px solid #3498DB;
box-shadow: none;
}

.btn {
  border: 2px solid transparent;
  background: #3498DB;
  color: #ffffff;
  font-size: 16px;
  line-height: 25px;
  padding: 10px 0;
  text-decoration: none;
  text-shadow: none;
  border-radius: 3px;
  box-shadow: none;
  transition: 0.25s;
  display: block;
  width: 250px;
  margin: 0 auto;
}

.btn:hover {
  background-color: #2980B9;
}

.login-link {
  font-size: 12px;
  color: #444;
  display: block;
    margin-top: 12px;
}