diff --git a/Dockerfile b/Dockerfile
index ebd77ad..5f4bf9c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,11 +5,11 @@ RUN useradd microblog
 WORKDIR /home/microblog
 
 COPY requirements.txt requirements.txt
-COPY .env .env
 RUN python -m venv venv
 RUN venv/bin/pip install -r requirements.txt
 RUN venv/bin/pip install gunicorn pymysql cryptography
 
+COPY .env .env
 COPY app app
 COPY migrations migrations
 COPY microblog.py config.py boot.sh ./
diff --git a/app/auth/forms.py b/app/auth/forms.py
index f0fbba5..7ac8730 100644
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@@ -20,12 +20,6 @@ class Enable2faForm(FlaskForm):
     verification_phone = StringField('Phone', validators=[DataRequired()])
     submit = SubmitField('Enable 2FA')
 
-    def validate_verification_phone(self, verification_phone):
-        try:
-            return
-        except:
-            print("An exception occurred")
-
 
 class Disable2faForm(FlaskForm):
     submit = SubmitField('Disable 2FA')
diff --git a/app/auth/routes.py b/app/auth/routes.py
index d3b5053..7762880 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -22,6 +22,8 @@ def login():
             flash(_('Invalid username or password'))
             return redirect(url_for('auth.login'))
         next_page = request.args.get('next')
+        if not next_page or url_parse(next_page).netloc != '':
+            next_page = url_for('main.index')
         if user.two_factor_enabled():
             request_verification_token(user.verification_phone)
             session['username'] = user.username
@@ -30,19 +32,16 @@ def login():
                 'auth.verify_2fa', next=next_page,
                 remember='1' if form.remember_me.data else '0'))
         login_user(user, remember=form.remember_me.data)
-        if not next_page or url_parse(next_page).netloc != '':
-            next_page = url_for('main.index')
         return redirect(next_page)
     return render_template('auth/login.html', title=_('Sign In'), form=form)
 
 
-@bp.route('/verify2fa', methods=['GET', 'POST'])
+@bp.route('/verify_2fa', methods=['GET', 'POST'])
 def verify_2fa():
     form = Confirm2faForm()
     if form.validate_on_submit():
         phone = session['phone']
         if check_verification_token(phone, form.token.data):
-            del session['phone']
             if current_user.is_authenticated:
                 current_user.verification_phone = phone
                 db.session.commit()
@@ -50,10 +49,11 @@ def verify_2fa():
                 return redirect(url_for('main.index'))
             else:
                 username = session['username']
-                del session['username']
                 user = User.query.filter_by(username=username).first()
                 next_page = request.args.get('next')
                 remember = request.args.get('remember', '0') == '1'
+                if not next_page or url_parse(next_page).netloc != '':
+                    next_page = url_for('main.index')
                 login_user(user, remember=remember)
                 return redirect(next_page)
         form.token.errors.append('Invalid token')