Geekcattle Blog

To implement user login function in Flask, the following steps are usually required:

• User Authentication: Ensure that the user name and password entered by the user match the information stored in the database.
• Session Management: Use Flask’s session object to store the user’s login status.
• Security Measures: Use the password hashing and verification features provided by Werkzeug to protect user passwords.

Here is an example of a simple user login function implementation:

from flask import Flask, request, redirect, render_template, url_for, flash
from werkzeug.security import generate_password_hash, check_password_hash
from flask_session import Session

app = Flask(__name__)
app.secret_key = 'your_secret_key' # Used to sign session cookies safely

# Suppose there is a user dictionary to store username and password hash
users = {
    'admin': generate_password_hash('password')
}

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']

        user_password_hash = users.get(username)

        if user_password_hash and check_password_hash(user_password_hash, password):
            # Username and password matching
            session['username'] = username # Store username in session
            return redirect(url_for('home'))
        else:
            flash('Invalid username or password')

    return render_template('login.html')

@app.route('/home')
def home():
    if 'username' in session:
        return f'Hello, {session["username"]}!'
    return redirect(url_for('login'))

@app.route('/logout')
def logout():
    session.pop('username', None) # Remove username from session
    return redirect(url_for('login'))

if __name__ == '__main__':
    app.run(debug=True)

In this example:

• Use session to store the user’s login status.
• The login function handles login requests and checks whether the username and password match.
• The home function is a protected route that can only be accessed by logged in users.
• The logout function allows the user to log out, which is implemented by removing the username from the session.

Note that this example is very basic and does not include database operations and user registration capabilities. In actual applications, you may need to use a database to store user information and implement other functions such as user registration and password reset. At the same time, in order to improve security, you should use HTTPS to protect user data and take additional security measures, such as preventing SQL injection, XSS attacks, etc.