Our login view is actually going to be a lot like a registration view.

We'll show a form, and process it on submission.

We'll need to check the password though, so that adds a new step.

Let's get to it.

All right. So, we need to build a login view.

As you can probably guess, our login view actually also needs to have a login form.

The nice thing is our login form isn't gonna be all that crazy, and

it's going to be pretty much the stuff we used in our registration form.

So, let's go ahead and make this real quick.

Class Loginform is a form, and it's going to have two fields.

So, we're just gonna do email.

And, we'll do a string field.

And, we'll say Email.

And, our validators for

this will be Datarequired and Email.

Now, I'd like you to notice I'm not validating here

that their email address and password is right.

We'll do that in the view.

And, then we're gonna have a Ppasswordfield, which will say Password.

And validators for that will just be that data is required,

they have to type in a password.

Okay, that's our form, pretty simple form.

Our view is going to be similar to our other view

let's see I'm gonna scroll that down, just so we can see a little more.

I'll have to go up here, and we need to add two imports.

So, we have our LoginManager and we need to bring in login_user which is

a function that will check to or that will actually login our user.

And, then we need to bring in our bcrypt library.

So, from flask.ext.bcrypt import check_password_hash.

All right.

So, now let's go make our login route.

I'll put it down here, app.route and we'll say, login.

And again our methods are GET and POST.

And we're going to call this login.

And, the reason we're going to call it login is because you remember, up here,

when we specified our login_view, we said it would be named login.

So, if you want to change the name, and

you don't want to call it login, you want to call it sign in, or, authenticate,

or something like that, you'll need to change that up there as well.

So, our form is going to be forms.Loginform.

And, we're going to say, if form.validate_on_submit just like before.

So, now we've got to try and look up the user.

So, let's do a try.

And, we're going to say user equals models.User.get,

and models.User.email is equal to form.email.data.

Okay? So, we're going to try and get this user.

But, if we get a models.Doesnotexist exception,

then we want to flash Your email or password doesn't match.

And, we want this to have a category of error.

Now, why did I say email or

password, when we know that it's the email that doesn't exist?

By doing it with email, we make it fairly easy for an attacker,

someone who maybe wants to take over someone else's account, to figure out,

okay, that's the right email, that's not the right email, whatever.

Like this, they don't know if they got the email wrong, or the password wrong, so

it makes it a bit more ambiguous.

Okay, but if that accept doesn't fire, so we did get our user,

then we want to do if check_password_hash.

And, we want the password of the user, cuz that's our hash, remember.

And, the form.password.data, which is the data they submitted.

So, if that comes back as true, then we're going to run login_user with the user.

So, that user is now gonna be logged in.

And, we're going to flash, You've been logged in.

And, we'll give this a category of success.

And, then we want to return a redirect to index.

Go back to the home page.

If that doesn't happen though, if our password check is incorrect,

then I actually want to do this all over again.

So right there, same message.

All right, and then if all of that stuff fails,

then we're going to render our template,

and we'll render login.html, and form is equal to form, okay.

So, it's not valid, whatever.

So, let's go build our register, or, sorry, our login form.

So, new file, login.html, all right, template, sorry.

So, this one is going to be almost identical to register.

So, let's actually just copy that, and past it in here.

The one thing we want to change is where it says Register,

we want that to say Login.

And, we probably want to put some links on here,

maybe to let people jump from Login to Register, and back and forth.

But, for right now, let's not worry about that too much.

So, if we come over here and we go to Login, there's our stuff.

It's gotta be filled in.

So, let's use an email address that we know is not in the account, or

not an account.

Login, you get this field is required.

Let's do, password doesn't even matter.

And, we get back to here.

Now, we don't see the flash messages,

cuz we haven't added those to our template yet.

But, you see it's not actually letting me login.

But, if I put in one that I know does exist.

[BLANK_AUDIO]

Then, now I went to the front page, and it asked me if, I want Google to save it.

I don't, but it's great to know that that does work.

Now, that user's can log in, we should let them log out.

Let's wrap up this stage with a simple view, just for that.