====================================model: user.rb==========================

1. ====================================
2. model: user.rb
3. ====================================
4.  
5. require 'digest/sha1'
6.  
7. class User < ActiveRecord::Base
8. validates_presence_of :name
9. validates_uniqueness_of :name
10.  
11. attr_accessor :password_confirmation
12. validates_confirmation_of :password
13.  
14. def validate
15. errors.add_to_base("Missing password") if hashed_password.blank?
16. end
17.  
18. def password
19. @password
20. end
21.  
22. def password=(pwd)
23. @password = pwd
24. create_new_salt
25. self.hashed_password = User.encrypted_password(self.password, self.salt)
26. end
27.  
28. def self.authenticate(name, password)
29. user = self.find_by_name(name)
30. if user
31. expected_password = encrypted_password(password, user.salt)
32. if user.hashed_password != expected_password
33. user = nil
34. end
35. end
36. user
37. end
38.  
39. private
40. def self.encrypted_password(password, salt)
41. string_to_hash = password + "wibble" + salt
42. Digest::SHA1.hexdigest(string_to_hash)
43. end
44.  
45. def create_new_salt
46. self.salt = self.object_id.to_s + rand.to_s
47. end
48.  
49. end
50.  
51. ====================================
52. controller: login_controller.rb
53. ====================================
54.  
55. class LoginController < ApplicationController
56. def add_user
57. @user = User.new(params[:user])
58. if request.post? and @user.save
59. flash.now[:notice] = 'User #{@user.name} created'
60. @user = User.new
61. end
62. end
63.  
64. def login
65. session[:user_id] = nil
66. if request.post?
67. user = User.authenticate(params[:name], params[:password])
68. if user
69. session[:user_id] = user.id
70. flash[:notice] = 'You have been logged in.'
71. redirect_to :action => 'index'
72. else
73. flash[:notice] = 'Invalid user/password combination.'
74. end
75. end
76. end
77.  
78. def logout
79. end
80.  
81. def index
82. end
83.  
84. def delete_user
85. end
86.  
87. def list_users
88. end
89. end
90.  
91. ====================================
92. view: login.rhtml (note: this is the template for the action, not the layout for the controller, :D)
93. ====================================
94.  
95. <fieldset>
96. <form>
97. <label for="name">Name:</label><br/>
98. <%= text_field_tag :name, params[:name] %><br/>
99.  
100. <label for="password">Password:</label><br/>
101. <%= password_field_tag :password, params[:password] %><br/>
102.  
103. <%= submit_tag 'Login', :action => 'login', :method => 'post'%>
104. </form>
105. </fieldset>
106.  
107. >>>>I loaded this one down, I added the the method first, and the action last... I'm not sure if I should have added either of them :D Anyway, I just got returned to the page each time... so yeah.
108.  
109. ====================================
110. Simple little index: index.rhtml
111. ====================================
112.  
113. <% if session[:user_id] %>
114. <h3>You are logged in.</h3></br>
115. <% user_name = User.find_by_id(session[:user_id]) %>
116. In fact, you're logged in as &nbsp; <%= user_name.name %> &nbsp; .
117. <% else %>
118. <h3> You are not logged in. </h3>
119. <h4> Either that or there's an error. :D</h4>
120. <% end %>