Skip to content
Python Central Hub

User Registration Flow

A typical registration flow:

  1. User fills a registration form
  2. Backend validates fields (username/email uniqueness)
  3. Password is hashed
  4. User row is created
  5. Optionally log the user in

Model fields (example)

  • usernameusername (unique)
  • emailemail (unique)
  • password_hashpassword_hash

Example (simplified)

from flask import request, redirect, url_for, flash
from werkzeug.security import generate_password_hash
from flask_login import login_user
 
@app.route("/register", methods=["GET", "POST"])
def register():
    if request.method == "POST":
        username = request.form.get("username", "").strip()
        email = request.form.get("email", "").strip().lower()
        password = request.form.get("password", "")
 
        if not username or not email or not password:
            flash("All fields are required", "error")
            return redirect(url_for("register"))
 
        if User.query.filter_by(username=username).first():
            flash("Username already taken", "error")
            return redirect(url_for("register"))
 
        if User.query.filter_by(email=email).first():
            flash("Email already registered", "error")
            return redirect(url_for("register"))
 
        user = User(
            username=username,
            email=email,
            password_hash=generate_password_hash(password),
        )
        db.session.add(user)
        db.session.commit()
 
        login_user(user)
        flash("Welcome! Your account was created.", "success")
        return redirect(url_for("dashboard"))
 
    return "Register page"
from flask import request, redirect, url_for, flash
from werkzeug.security import generate_password_hash
from flask_login import login_user
 
@app.route("/register", methods=["GET", "POST"])
def register():
    if request.method == "POST":
        username = request.form.get("username", "").strip()
        email = request.form.get("email", "").strip().lower()
        password = request.form.get("password", "")
 
        if not username or not email or not password:
            flash("All fields are required", "error")
            return redirect(url_for("register"))
 
        if User.query.filter_by(username=username).first():
            flash("Username already taken", "error")
            return redirect(url_for("register"))
 
        if User.query.filter_by(email=email).first():
            flash("Email already registered", "error")
            return redirect(url_for("register"))
 
        user = User(
            username=username,
            email=email,
            password_hash=generate_password_hash(password),
        )
        db.session.add(user)
        db.session.commit()
 
        login_user(user)
        flash("Welcome! Your account was created.", "success")
        return redirect(url_for("dashboard"))
 
    return "Register page"

Next improvements

For production-quality registration:

  • use Flask-WTF validators
  • password policy (length/complexity)
  • email verification
  • rate limiting
  • audit logging

If this helped you, consider buying me a coffee ☕

Buy me a coffee

Was this page helpful?

Let us know how we did