--- a/src/login.js.luan	Thu Dec 04 12:13:01 2025 -0700
+++ b/src/login.js.luan	Thu Dec 04 21:43:47 2025 -0700
@@ -1,39 +1,38 @@
 local Luan = require "luan:Luan.luan"
 local error = Luan.error
-local ipairs = Luan.ipairs or error()
-local Html = require "luan:Html.luan"
-local url_encode = Html.url_encode or error()
 local Io = require "luan:Io.luan"
 local Http = require "luan:http/Http.luan"
+local User = require "site:/lib/User.luan"
 local Shared = require "site:/lib/Shared.luan"
-local send_mail_async = Shared.send_mail_async or error()
-local Utils = require "site:/lib/Utils.luan"
-local to_list = Utils.to_list or error()
-local User = require "site:/lib/User.luan"
+local add_with = Shared.add_with or error()
 
 
 return function()
 	local email = Http.request.parameters.email or error()
-	local user = User.get_or_create_by_email(email)
-	local url = user.login_url()
-	local with = Http.request.parameters.with
-	with = to_list(with)
-	for _, email in ipairs(with) do
-		url = url.."&with="..url_encode(email)
+	local password = Http.request.parameters.password or error()
+	Io.stdout = Http.response.text_writer()
+	local user = User.get_by_email(email)
+	if user==nil or user.password ~= password then
+%>
+		document.querySelector('[failed]').textContent = 'Login failed';
+<%
+		return
 	end
-	send_mail_async {
-		To = email
-		Subject = "Login"
-		body = `%>
-Here is the link to login:
-
-<%= url %>
-
-Or login with your email and the password: <%=user.password%>
-<%		`
-	}
-	Io.stdout = Http.response.text_writer()
+	user.login()
+	local spy = Http.request.parameters.spy ~= nil
+	if spy then
+		Http.response.set_cookie("spy","yes")
+	else
+		Http.response.remove_cookie("spy")
+	end
+	local with = Http.request.parameters.with
+	local location
+	if with == nil then
+		location = "/"
+	else
+		location = add_with("/chat")
+	end
 %>
-	location = '/login_sent.html';
+	location = '<%=location%>';
 <%
 end