Untitled


# cat user.rb

require 'digest/sha1'
class User < ActiveRecord::Base
  #
  # Ads.
  #
  # Virtual attribute for the unencrypted password.
  #
  attr_accessor :password
  validates_presence_of :email
  validates_presence_of :password, :if => :password_required?
  validates_presence_of :password_confirmation, :if => :password_required?
  validates_length_of :password, :within => 4..40, :if => :password_required?
  validates_confirmation_of :password, :if => :password_required?
  validates_length_of :email, :within => 3..100
  validates_uniqueness_of :email, :case_sensitive => false
  before_save :encrypt_password
  #
  # Authenticate user by her e-mail and unencrypted password.
  #
  def self.authenticate(email, password)
    u = find_by_email(email) # Salt.
    u && u.authenticated?(password) ? u : nil
  end
  #
  # Encrypt data with the salt.
  #
  def self.encrypt(password, salt)
    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
  end
  #
  # Encrypt password with the user salt.
  #
  def encrypt(password)
    self.class.encrypt(password, salt)
  end
  def authenticated?(password)
    crypted_password == encrypt(password)
  end
  def remember_token?
    remember_token_expires_at && Time.now.utc < remember_token_expires_at
  end
  #
  # Create and unset fields to remember users between browser closes.
  #
  def remember_me
    self.remember_token_expires_at = 2.weeks.from_now.utc
    self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
    save(false)
  end
  def forget_me
    self.remember_token_expires_at = nil
    self.remember_token = nil
    save(false)
  end
  #
  # Forums.
  #
  concerned_with :validation, :states, :activation, :posting
  formats_attributes :bio
  belongs_to :site, :counter_cache => true
  validates_presence_of :site_id
  has_many :posts, :order => "#{Post.table_name}.created_at desc"
  has_many :topics, :order => "#{Topic.table_name}.created_at desc"
  has_many :moderatorships, :dependent => :delete_all
  has_many :forums, :through => :moderatorships, :source => :forum
  has_many :monitorships, :dependent => :delete_all
  has_many :monitored_topics, :through => :monitorships, :source => :topic, :conditions => {"#{Monitorship.table_name}.active" => true}
  has_permalink :login
  attr_readonly :posts_count, :last_seen_at
  def self.prefetch_from(records)
    find(:all, :select => 'distinct *', :conditions => ['id in (?)', records.collect(&:user_id).uniq])
  end
  def self.index_from(records)
    prefetch_from(records).index_by(&:id)
  end
  def available_forums
    @available_forums ||= site.ordered_forums - forums
  end
  def moderator_of?(forum)
    admin? || Moderatorship.exists?(:user_id => id, :forum_id => forum.id)
  end
  def display_name
    n = read_attribute(:display_name)
    n.blank? ? login : n
  end
  #
  # Keep track of when a user was last seen.
  #
  def seen!
    now = Time.now.utc
    self.class.update_all ['last_seen_at = ?', now], ['id = ?', id]
    write_attribute :last_seen_at, now
  end
  def to_param
    permalink
  end
protected
  #
  # Before filter.
  #
  def encrypt_password
    return if password.blank?
    self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{email}--") if new_record?
    self.crypted_password = encrypt(password)
  end
  def password_required?
    crypted_password.blank? || !password.blank?
  end
  def first_record_is_admin
    if User.count == 0
      self.isAdmin = true
    end
  end
end

# cat users_controller.rb

class UsersController < ApplicationController
  before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge, :edit]
  before_filter :find_user, :only => [:update, :show, :edit, :suspend, :unsuspend, :destroy, :purge]
  before_filter :login_required, :only => [:settings, :update]
  def index
    @users = current_site.users.paginate :all, :page => current_page
  end
  #
  # Render new.rhtml.
  #
  def new
  end
  def create
    cookies.delete :auth_token
    @user = current_site.users.build(params[:user])
    @user.register! if @user.valid?
    unless @user.new_record?
      self.current_user = @user
      redirect_back_or_default('/')
      flash[:notice] = "thank you for joining"
    else
      render :action => 'new'
    end
  end
  def settings
    @user = current_user
    render :action => "edit"
  end
  def edit
    @user = find_user
  end
  def update
    @user = admin? ? find_user : current_user
    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = 'account updated'
        format.html { redirect_to(settings_path) }
        format.xml { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end
  def activate
    self.current_user = params[:forum_activation_code].blank? ? :false : current_site.all_users.find_in_state(:first, :pending, :conditions => {:forum_activation_code => params[:forum_activation_code]})
    if logged_in?
      current_user.activate!
      flash[:notice] = "signup complete"
    end
    redirect_back_or_default('/')
  end
  def suspend
    @user.suspend!
    flash[:notice] = "user suspended"
    redirect_to users_path
  end
  def unsuspend
    @user.unsuspend!
    flash[:notice] = "user unsuspended"
    redirect_to users_path
  end
  def destroy
    @user.delete!
    redirect_to users_path
  end
  def purge
    @user.destroy
    redirect_to users_path
  end
protected
  def find_user
    @user = if admin?
      current_site.all_users.find_by_permalink(params[:id])
    else
      current_site.users.find_by_permalink(params[:id])
    end or raise ActiveRecord::RecordNotFound
  end
  def authorized?
    admin? || params[:id].blank? || @user == current_user
  end
end