Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Session controller
- def log_in
- return unless request.post?
- if user = User.authenticate(params[:user][:username], params[:user][:password])
- session[:user] = user.id
- return
- end
- redirect_to login_url
- end
- def log_out
- session[:user] = nil
- end
- ## User model
- require 'digest/sha1'
- class User < ActiveRecord::Base
- attr_reader :password
- before_save :encrypt_password
- def self.authenticate(username, password)
- user = find_by_username(username)
- if user.authenticated?(password)
- return user && user.authenticated?(password) ? user : nil
- end
- def self.encrypt(password, salt="random string")
- Digest::SHA1.hexdigest("#{password}--#{salt}")
- end
- def authenticated?(password)
- self.password == encrypt(password)
- end
- def encrypt(password)
- self.class.encrypt(password)
- end
- protected
- def encrypt_password
- return if password.blank?
- self.password = encrypt(password) if new_record?
- end
- end
Add Comment
Please, Sign In to add comment