app.py

#!/usr/bin/env python3

import site
site.addsitedir("/Users/a0j0b83/.pyenv/versions/3.7.12/lib/python3.7/site-packages")
 
from flask import Flask, render_template, request, redirect, session
 
app = Flask(__name__)
 
# Set a secret key for encrypting session data
app.secret_key = 'my_secret_key'
 
# dictionary to store user and password
users = {
    'kunal': '1234',
    'user2': 'password2'
}
 
# To render a login form
@app.route('/')
def view_form():
    return render_template('login.html')
 
# For handling get request form we can get
# the form inputs value by using args attribute.
# this values after submitting you will see in the urls.
# e.g http://127.0.0.1:5000/handle_get?username=kunal&password=1234
# this exploits our credentials so that's
# why developers prefer POST request.
@app.route('/handle_get', methods=['GET'])
def handle_get():
    if request.method == 'GET':
        username = request.args['username']
        password = request.args['password']
        print(username, password)
        if username in users and users[username] == password:
            return '<h1>Welcome!!!</h1>'
        else:
            return '<h1>invalid credentials!</h1>'
    else:
        return render_template('login.html')
 
# For handling post request form we can get the form
# inputs value by using POST attribute.
# this values after submitting you will never see in the urls.
@app.route('/handle_post', methods=['POST'])
def handle_post():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        print(username, password)
        if username in users and users[username] == password:
            return '<h1>Welcome!!!</h1>'
        else:
            return '<h1>invalid credentials!</h1>'
    else:
        return render_template('login.html')
 
if __name__ == '__main__':
    app.run()