Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## controller
- def login
- session[:user_id] = nil
- if request.post?
- user = User.authenticate(params[:login], params[:password])
- if user
- session[:user_id] = user.id
- redirect_to(:controller => "admin", :action => "index" )
- else
- flash[:login_notice] = "Zły login lub hasło"
- end
- end
- end
- def wyloguj
- session[:user_id] = nil
- redirect_to(:controller => "admin", :action => "login" )
- end
- ##model
- # WALIDACJA
- validates_presence_of :login, :message => "^brak loginu"
- validates_presence_of :password, :message => "^brak hasła"
- validates_format_of :password, :with => /^([\w.]{5,15}$)/, :message => "^Polskie litery, spacje oraz wszystkie znaki specjalne są niedozwolone. Hasło musi mieć przynajmniej 5 znaków, maksymalnie 15 znaków"
- validates_uniqueness_of :login, :message => "^ten login istnieje już w naszej bazie"
- attr_accessor :password_confirmation
- attr_accessor :email_confirmation
- validates_confirmation_of :password, :message => "^Hasła się nie zgadzają"
- def password
- @password
- end
- def password=(pwd)
- @password = pwd
- create_new_salt
- self.hashed_password = User.encrypted_password(self.password, self.salt)
- end
- def self.authenticate(login, password)
- user = self.find_by_login(login)
- if user
- expected_password = encrypted_password(password, user.salt)
- if user.hashed_password != expected_password
- user = nil
- end
- end
- user
- end
- private
- def self.encrypted_password(password, salt)
- string_to_hash = password + "83media" + salt
- Digest::SHA1.hexdigest(string_to_hash)
- end
- def create_new_salt
- self.salt = self.object_id.to_s + rand.to_s
- end
Add Comment
Please, Sign In to add comment