This change turns /login/ from a static page into a GET/POST login handler that checks submitted credentials against a hardcoded username/password pair and redirects successful logins back to the app. The login template now renders an inline warning when authentication fails, making the flow easier to test and understand. It’s still clearly a placeholder implementation, but it establishes the request handling and UX needed for a real login flow later.