class AccountController < ApplicationController def index unless logged_

1. class AccountController < ApplicationController
2. def index
3. unless logged_in?
4. redirect_to :controller => :splash, :action => :index
5. end
6. @user = User.find(self.current_user.id)
7. end
8.  
9. def edit
10. @user = User.find(self.current_user.id)
11. end
12.  
13. def update
14. @user = User.find(self.current_user.id)
15. if @user.update_attributes(params[:user])
16. flash[:notice] = 'User was successfully updated.'
17. redirect_to :action => 'index'
18. else
19. render :action => 'index'
20. end
21. end
22. end
23.  
24.  
25.  
26. <p>Edit your details</p>
27. <%= start_form_tag :action => 'update' %>
28. <%= render :partial => 'userForm' %>
29. <%= submit_tag 'Edit' %>
30. <%= end_form_tag %>
31.  
32.  
33. _userForm.rhtml
34.  
35. <%= error_messages_for 'user' %>
36. <!--[form:user]-->
37. <!-- all custom fields here -->
38. <p><label for="user_login">Username</label><br/>
39. <%= text_field 'user', 'login' %></p>
40.  
41. <p><label for="user_password">Password</label><br/>
42. <%= password_field 'user', 'password' %></p>
43.  
44. <p><label for="user_password_confirmation">Password Confirmation</label><br/>
45. <%= password_field 'user', 'password_confirmation' %></p>
46.  
47. <p><label for="user_email">Email Address</label><br/>
48. <%= text_field 'user', 'email' %></p>
49. <!--[eoform:user]-->
50.  
51.  
52.  
53.  
54. require 'digest/sha1'
55. class User < ActiveRecord::Base
56. # Virtual attribute for the unencrypted password
57. attr_accessor :password
58.  
59. validates_presence_of :login, :email
60. validates_presence_of :password, :if => :password_required?
61. validates_presence_of :password_confirmation, :if => :password_required?
62. validates_length_of :password, :within => 4..40, :if => :password_required?
63. validates_confirmation_of :password, :if => :password_required?
64. validates_length_of :login, :within => 3..40
65. validates_length_of :email, :within => 3..100
66. validates_uniqueness_of :login, :email, :case_sensitive => false
67. before_save :encrypt_password
68.  
69. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
70. def self.authenticate(login, password)
71. u = find_by_login(login) # need to get the salt
72. u && u.authenticated?(password) ? u : nil
73. end
74.  
75. # Encrypts some data with the salt.
76. def self.encrypt(password, salt)
77. Digest::SHA1.hexdigest("--#{salt}--#{password}--")
78. end
79.  
80. # Encrypts the password with the user salt
81. def encrypt(password)
82. self.class.encrypt(password, salt)
83. end
84.  
85. def authenticated?(password)
86. crypted_password == encrypt(password)
87. end
88.  
89. def remember_token?
90. remember_token_expires_at && Time.now.utc < remember_token_expires_at
91. end
92.  
93. # These create and unset the fields required for remembering users between browser closes
94. def remember_me
95. self.remember_token_expires_at = 2.weeks.from_now.utc
96. self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
97. save(false)
98. end
99.  
100. def forget_me
101. self.remember_token_expires_at = nil
102. self.remember_token = nil
103. save(false)
104. end
105.  
106. protected
107. # before filter
108. def encrypt_password
109. return if password.blank?
110. self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
111. self.crypted_password = encrypt(password)
112. end
113.  
114. def password_required?
115. crypted_password.blank? || !password.blank?
116. end
117. end