require 'rubygems'require 'bcrypt'require 'haml'require 'sinatra'enable :se

1. require 'rubygems'
2. require 'bcrypt'
3. require 'haml'
4. require 'sinatra'
5.  
6. enable :sessions
7.  
8. userTable = {}
9.  
10. helpers do
11.  
12. def login?
13. if session[:username].nil?
14. return false
15. else
16. return true
17. end
18. end
19.  
20. def username
21. return session[:username]
22. end
23.  
24. end
25.  
26. get "/" do
27. haml :index
28. end
29.  
30. get "/signup" do
31. haml :signup
32. end
33.  
34. post "/signup" do
35. password_salt = BCrypt::Engine.generate_salt
36. password_hash = BCrypt::Engine.hash_secret(params[:password], password_salt)
37.  
38. #ideally this would be saved into a database, hash used just for sample
39. userTable[params[:username]] = {
40. :salt => password_salt,
41. :passwordhash => password_hash
42. }
43.  
44. session[:username] = params[:username]
45. redirect "/"
46. end
47.  
48. post "/login" do
49. if userTable.has_key?(params[:username])
50. user = userTable[params[:username]]
51. if user[:passwordhash] == BCrypt::Engine.hash_secret(params[:password], user[:salt])
52. session[:username] = params[:username]
53. redirect "/"
54. end
55. end
56. haml :error
57. end
58.  
59. get "/logout" do
60. session[:username] = nil
61. redirect "/"
62. end
63.  
64. __END__
65. @@layout
66. !!! 5
67. %html
68. %head
69. %title Sinatra Authentication
70. %body
71. =yield
72. @@index
73. -if login?
74. %h1= "Welcome #{username}!"
75. %a{:href => "/logout"} Logout
76. -else
77. %form(action="/login" method="post")
78. %div
79. %label(for="username")Username:
80. %input#username(type="text" name="username")
81. %div
82. %label(for="password")Password:
83. %input#password(type="password" name="password")
84. %div
85. %input(type="submit" value="Login")
86. %input(type="reset" value="Clear")
87. %p
88. %a{:href => "/signup"} Signup
89. @@signup
90. %p Enter the username and password!
91. %form(action="/signup" method="post")
92. %div
93. %label(for="username")Username:
94. %input#username(type="text" name="username")
95. %div
96. %label(for="password")Password:
97. %input#password(type="password" name="password")
98. %div
99. %label(for="checkpassword")Password:
100. %input#password(type="password" name="checkpassword")
101. %div
102. %input(type="submit" value="Sign Up")
103. %input(type="reset" value="Clear")
104. @@error
105. %p Wrong username or password
106. %p Please try again!