class ApplicationController < ActionController::Base protected def authe

1. class ApplicationController < ActionController::Base
2. protected
3. def authenticate
4. unless session["User"]
5. redirect_to :controller => "login"
6. return false
7. end
8. end
9. end
10.  
11.  
12.  
13. class LoginController < ActionController::Base
14.  
15. #before_filter :authorize, :except => :index
16. #before_filter :authorize, :except => :index
17. before_filter :authorize, :except => :index
18. def index
19.  
20. end
21.  
22. def authorize
23. session[:user_id] = nil
24. user = User.authenticate(@params["name"], @params["password"])
25. if user
26. session[:user_id] = user.id
27.  
28. redirect_to :controller => "Questions"
29.  
30. else
31. flash[:error] = 'Invalid user name and/or password.'
32. redirect_to :action => "index"
33. end
34. end
35.  
36. def new
37.  
38. end
39.  
40. def register
41. if (@params["name"]!='' && @params["password"]!='')
42. if session[:user_id] = !User.checkAvailability(@params["name"])
43.  
44. @user = User.new
45. @user.user_name = @params["name"]
46. @user.password = @params["password"]
47. @user.admin_role= 0
48. if @user.save
49. session[:user_id] = user.id
50. redirect_to :controller => "Questions"
51. else
52. flash[:error] = 'Problem creating user, please try again'
53. redirect_to :action => "new"
54. end
55. else
56. flash[:error] = 'User name already exists.'
57. redirect_to :action => "new"
58. end
59. else
60. flash[:error] = 'Please make sure you have entered all parameters.'
61. redirect_to :action => "new"
62. end
63. end
64.  
65.  
66. def logout
67. reset_session
68. flash["alert"] = "Logged out"
69. redirect_to :action => "index"
70. end
71. end
72.  
73.  
74.  
75. class QuestionsController < ActionController::Base
76.  
77. def index
78. # show the secret stuff
79. end
80.  
81. def back
82. redirect_to :action => "index"
83. end
84. def edit
85. u = User.find_by_id(session[:user_id])
86.  
87. if u.admin_role
88. flash[:error] = " 'The question ID does not exist. '"+ @current_user.author
89. redirect_to :action => "index"
90. else
91. flash[:error] = " 'It works?????. '"+ @current_user.author
92. redirect_to :action => "index"
93. end
94.  
95. @question = Question.find(@params["id"])
96.  
97. rescue Exception => exc
98. flash[:error] = 'The question ID does not exist.'
99. redirect_to :action => "index"
100. end
101.  
102.  
103. def find
104. redirect_to :action => "index"
105. end
106.  
107. def make
108.  
109. end
110.  
111. def update
112. @question = Question.find(@params["id"])
113. @question.question = @params["question"]
114. @question.answer = @params["answer"]
115.  
116. if @question.save
117. flash[:error] = 'Update Successful'
118. redirect_to :action => "index"
119. else
120. flash[:error] = 'Problem updating question, please try again'
121. redirect_to :action => "index"
122. end
123.  
124. rescue Exception => exc
125. flash[:error] = 'The question ID does not exist.'
126. redirect_to :action => "index"
127. end
128.  
129. end
130.  
131.  
132.  
133. class User < ActiveRecord::Base
134. def self.authenticate(name, password)
135. find(:first,
136. :conditions => [ "user_name = '%s' AND password = '%s'", name, password ]
137. )
138. end
139.  
140. def self.checkAvailability(name)
141. find(:first,
142. :conditions => [ "user_name = '%s'", name ]
143. )
144. end
145. end