Merge pull request #26 from shivrai/fix/login_hints

Avoid hints for an invalid password attempt
2017-06-27 19:55:50 -07:00
parent 25ef91250b 3c14805fe1
commit d520a524da
1 changed files with 2 additions and 2 deletions
--- a/flash_cards.py
+++ b/flash_cards.py
@@ -260,9 +260,9 @@ def login():
    error = None
    if request.method == 'POST':
        if request.form['username'] != app.config['USERNAME']:
-            error = 'Invalid username'
+            error = 'Invalid username or password!'
        elif request.form['password'] != app.config['PASSWORD']:
-            error = 'Invalid password'
+            error = 'Invalid username or password!'
        else:
            session['logged_in'] = True
            session.permanent = True  # stay logged in