This change replaces the previous single hardcoded username/password check with a Flask-Login based flow that defines a User model, registers a user loader, and logs users in through login_user(). It also adds password-hash verification and support for multiple in-memory users, which makes the login page behavior closer to a real application and easier to extend. The main practical effect is cleaner auth logic and a more realistic foundation for protected routes going forward.