fixed some bugs and added login and shit

src/main.py

@@ -18,7 +18,7 @@ class User(db.Model):
     id = db.Column(db.Integer, primary_key=True)
 
     username = db.Column(db.String(128), unique=True, nullable=False)
-    pgp = db.Column(db.String(4096), nullable=False)
+    pgp = db.Column(db.String(8128), nullable=False)
 
     firstname = db.Column(db.String(128), nullable=False)
     lastname = db.Column(db.String(128), nullable=False)
@@ -156,24 +156,19 @@ def register():
 
 @app.route("/verify", methods=["POST"])
 def verify():
-
     expected_phrase = session.get("pgp_expected_phrase")
     data = session.get("pending_user")
 
-    if not expected_phrase or not data:
+    if not data or not expected_phrase:
-        flash("Verification session expired.")
+        flash("Session expired.")
         return redirect(url_for("register"))
 
     submitted = request.form.get("decrypted_message")
-
     if not submitted:
         flash("You must paste the decrypted message.")
         return redirect(url_for("register"))
 
-    if submitted.strip() != expected_phrase:
+    if submitted.strip() == expected_phrase:
-        flash("Verification failed.")
-        return redirect(url_for("register"))
-
         dob = date.fromisoformat(data["date_of_birth"])
 
         new_user = User(
@@ -193,26 +188,96 @@ def verify():
             weight=int(data["weight"]) if data["weight"] else None,
             race=data["race"] or None,
             prefered_age_range=data["prefered_age_range"] or None,
-        is_verified=True
+            is_verified=False
         )
 
         db.session.add(new_user)
         db.session.commit()
 
-    # Clear session
+        session['user_id'] = new_user.id
+        session['username'] = new_user.username
+
         session.pop("pending_user", None)
         session.pop("pgp_expected_phrase", None)
 
         flash("PGP verification successful!")
+        return redirect(url_for("home"))
 
+    else:
+        flash("Verification failed. Account not created.")
+        return redirect(url_for("register"))
+
+@app.route("/login", methods=["GET", "POST"])
+def login():
+    if request.method == "POST":
+        username = request.form.get("username")
+        pgp = request.form.get("pgp")
+
+        if not username or not pgp:
+            flash("Please enter both username and PGP key.")
+            return redirect(url_for("login"))
+
+        user = User.query.filter_by(username=username).first()
+        if not user:
+            flash("User not found.")
+            return redirect(url_for("login"))
+
+        import_result = gpg.import_keys(pgp)
+        if not import_result.fingerprints:
+            flash("Invalid PGP key.")
+            return redirect(url_for("login"))
+
+        fingerprint = import_result.fingerprints[0]
+
+        random_string = secrets.token_hex(16)
+        challenge_phrase = f"this is the unencrypted string: {random_string}"
+
+        encrypted_data = gpg.encrypt(
+            challenge_phrase,
+            recipients=[fingerprint]
+        )
+
+        if not encrypted_data.ok:
+            flash("Failed to encrypt challenge.")
+            return redirect(url_for("login"))
+
+        session["login_user_id"] = user.id
+        session["login_expected_phrase"] = challenge_phrase
+
+        return render_template(
+            "login_verify.html",
+            encrypted_message=str(encrypted_data)
+        )
+
+    return render_template("login.html")
+
+@app.route("/login_verify", methods=["POST"])
+def login_verify():
+    user_id = session.get("login_user_id")
+    expected_phrase = session.get("login_expected_phrase")
+
+    if not user_id or not expected_phrase:
+        flash("Login session expired")
+        return redirect(url_for("login"))
+
+    submitted = request.form.get("decrypted_message")
+    if not submitted:
+        flash("You must paste the decrypted message")
+        return redirect(url_for("login"))
+
+    if submitted.strip() == expected_phrase:
+        user = User.query.get(user_id)
         session['user_id'] = user.id
         session['username'] = user.username
 
-    return redirect(url_for("login"))
+        session.pop("login_user_id", None)
+        session.pop("login_expected_phrase", None)
 
-@app.route("/login")
+        flash("Logged in successfully")
-def login():
+        return redirect(url_for("home"))
-    return render_template("login.html")
+    else:
+        flash("Verification failed")
+        return redirect(url_for("login"))
 
 @app.route("/logout")
 def logout():

src/templates/login.html

@@ -1,15 +1,16 @@
 {% extends "page.html" %}
 
 {% block content %}
-    <h2>Login</h2>
+<h2>Login</h2>
-    <p>Page text</p>
+<p>Enter your username and PGP public key to receive a challenge.</p>
-    <p>Page text</p>
+
-    <p>Page text</p>
+<form method="POST" action="{{ url_for('login') }}">
-    <p>Page text</p>
+    <label>Username:</label><br>
-    <p>Page text</p>
+    <input type="text" name="username" required><br><br>
-    <p>Page text</p>
+
-    <p>Page text</p>
+    <label>PGP Public Key:</label><br>
-    <p>Page text</p>
+    <textarea name="pgp" rows="8" cols="60" required></textarea><br><br>
-    <p>Page text</p>
+
-    <p>Page text</p>
+    <button type="submit">Send Challenge</button>
+</form>
 {% endblock %}

src/templates/login_verify.html

@@ -0,0 +1,14 @@
+{% extends "page.html" %}
+
+{% block content %}
+<h2>Decrypt Challenge</h2>
+<p>Copy the message below, decrypt it with your PGP private key, and paste the decrypted message into the box.</p>
+
+<textarea rows="10" cols="60" readonly>{{ encrypted_message }}</textarea>
+
+<form method="POST" action="{{ url_for('login_verify') }}">
+    <label>Decrypted Message:</label><br>
+    <textarea name="decrypted_message" rows="4" cols="60" required></textarea><br><br>
+    <button type="submit">Verify</button>
+</form>
+{% endblock %}