diff --git a/main.py b/main.py
index 5d2ce2d..635f209 100644
--- a/main.py
+++ b/main.py
@@ -121,7 +121,7 @@ def login():
     # ldap-injecting our username, so send them back to the login page instead
     if request.method == 'POST' and re.search( r'[()\\*&!]', request.form['username']):
        print( f"WARNING: Detected special LDAP chars in username: {request.form['username']}")
-       return redirect('/login')
+       return redirect(url_for('login'))
     if form.validate_on_submit():
         # Successfully logged in, We can now access the saved user object via form.user.
         login_user(form.user, remember=True)  # Tell flask-login to log them in.
@@ -129,7 +129,7 @@ def login():
         if next:
             return redirect(next)  # Send them back where they came from
         else:
-            return redirect('/')
+            return redirect( url_for('main_page') )
 
     return render_template("login.html", form=form)