We now need to create a login system that allows the user to login with his or her username and password. Create a Zope Page Template object named login_html. The login_html object is almost identical to the register_html object in the previous section:

<html>
   <head>
      <title>Login</title>
   </head>
   <body tal:define='logStatus container/login'>
      <span tal:condition='logStatus'>
         <span tal:replace='logStatus'></span>
      </span>
      <span tal:condition='not:logStatus'>
         <form method='POST'>
            <label>Username:</label><br />
            <input type='text' name='username'><br />
            <label>Password:</label><br />
            <input type='password' name='password'><br />
            <input type='submit' value='Login'>
         </form>
      </span>
   </body>
</html>

However, instead of calling the register object, it calls an object named login. Create a Script ( Python ) object called login:

if context.REQUEST.has_key ( 'username' ) and context.REQUEST.has_key ( 'password' ):
   if not hasattr ( container.users, context.REQUEST.username ):
      return 'No such user exists.'
   password = container.hash ( context.REQUEST.password )
   userObject = getattr ( container.users,context.REQUEST.username )
   if password != userObject.password:
      return 'You have specified an incorrect password.'
   context.REQUEST.RESPONSE.setCookie ( 'username', context.REQUEST.username )
   context.REQUEST.RESPONSE.setCookie ( 'password', password )
   return 'You have successfully logged in!'
return False

Like the register object, the login object first checks to see if the user has submitted the appropriate values. If the user hasn't, the script returns "False" and stops execution. This signals the login_html object to display the login form. If the user has supplied the appropriate values, the script checks to see if the username even exists. If the username does not exist, the script returns a message saying so. If the username does exist, the script uses the hash object to, once again, hash the user's password. It then check to see if the supplied password and the stored password match. If they do, it sets one cookie containing the user's username, and another cookie containing the user's hashed password. It then returns a success message.

The login system is now done, and it will work in conjunction with the registration system. Feel free to test both systems out.