#### View ####<%= error_messages_for :user %><% form_for :user, :url => us

1. #### View ####
2.  
3. <%= error_messages_for :user %>
4. <% form_for :user, :url => users_path do |f| -%>
5. <p><label for="login">Login</label><br/>
6. <%= f.text_field :login %></p>
7.  
8. <p><label for="email">Email</label><br/>
9. <%= f.text_field :email %></p>
10.  
11. <p><label for="password">Password</label><br/>
12. <%= f.password_field :password %></p>
13.  
14. <p><label for="password_confirmation">Confirm Password</label><br/>
15. <%= f.password_field :password_confirmation %></p>
16.  
17. <p><label for="first_name">First Name</label><br />
18. <%= f.text_field :first_name %></p>
19.  
20. <p><label for="last_name">Last Name</label><br />
21. <%= f.text_field :last_name %></p>
22.  
23. <p><label for="address_one">Address</label><br />
24. <%= f.text_field :address_one %></p>
25.  
26. <p><label for="city">City</label><br />
27. <%= f.text_field :city %></p>
28.  
29. <p><label for="state">State</label><br />
30. <%= f.text_field :state %></p>
31.  
32. <p><label for="zip_code">Zip Code</label><br />
33. <%= f.text_field :zip_code %></p>
34.  
35. <p><label for="tel_num">Primary Telephone Number</label><br />
36. <%= f.text_field :tel_num %></p>
37.  
38. <p><label for="alt_tel_num">Secondary Phone Number</label><br />
39. <%= f.text_field :alt_tel_num %></p>
40.  
41. <p><label for="fax_num">Fax Number</label><br />
42. <%= f.text_field :fax_num %></p>
43.  
44. <p><label for="title">Title</label><br />
45. <%= f.text_field :title %>
46.  
47. <p><label for="company_name">Company Name</label><br />
48. <%= f.text_field :company_name %></p>
49.  
50. <p><label for="website_address">Website URL</label><br />
51. <%= f.text_field :website_address %></p>
52.  
53. <br />
54.  
55. <p><%= submit_tag 'Sign up' %></p>
56. <% end -%>
57.  
58. #### Model ####
59.  
60. require 'digest/sha1'
61. class User < ActiveRecord::Base
62. # Virtual attribute for the unencrypted password
63. attr_accessor :password
64.  
65. validates_presence_of :login
66. validates_presence_of :email
67. validates_presence_of :password, :if => :password_required?
68. validates_presence_of :password_confirmation, :if => :password_required?
69. validates_length_of :password, :within => 4..40, :if => :password_required?
70. validates_confirmation_of :password, :if => :password_required?
71. validates_length_of :login, :within => 3..40
72. validates_length_of :email, :within => 3..100
73. validates_uniqueness_of :login, :email, :case_sensitive => false
74. validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i
75.  
76. has_many :permissions
77. has_many :roles, :through => :permissions
78.  
79. before_save :encrypt_password
80. before_create :make_activation_code
81.  
82. before_create :set_sponsor_code
83.  
84.  
85.  
86. # prevents a user from submitting a crafted form that bypasses activation
87. # anything else you want your user to change should be added here.
88. attr_accessible :login, :email, :password, :password_confirmation, :first_name, :last_name, :sponsor_code, :company_name, :title, :website_address, :address_one, :address_two, :city, :state, :zip_code, :tel_num, :alt_tel_num, :fax_num
89.  
90. class ActivationCodeNotFound < StandardError; end
91. class AlreadyActivated < StandardError
92. attr_reader :user, :message;
93. def initialize(user, message=nil)
94. @message, @user = message, user
95. end
96. end
97.  
98. # Finds the user with the corresponding activation code, activates their account and returns the user.
99. #
100. # Raises:
101. # +User::ActivationCodeNotFound+ if there is no user with the corresponding activation code
102. # +User::AlreadyActivated+ if the user with the corresponding activation code has already activated their account
103. def self.find_and_activate!(activation_code)
104. raise ArgumentError if activation_code.nil?
105. user = find_by_activation_code(activation_code)
106. raise ActivationCodeNotFound if !user
107. raise AlreadyActivated.new(user) if user.active?
108. user.send(:activate!)
109. user
110. end
111.  
112. def active?
113. # the presence of an activation date means they have activated
114. !activated_at.nil?
115. end
116.  
117. # Returns true if the user has just been activated.
118. def pending?
119. @activated
120. end
121.  
122. # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
123. # Updated 2/20/08
124. def self.authenticate(login, password)
125. u = find :first, :conditions => ['login = ?', login] # need to get the salt
126. u && u.authenticated?(password) ? u : nil
127. end
128.  
129. # Encrypts some data with the salt.
130. def self.encrypt(password, salt)
131. Digest::SHA1.hexdigest("–#{salt}–#{password}–")
132. end
133.  
134. # Encrypts the password with the user salt
135. def encrypt(password)
136. self.class.encrypt(password, salt)
137. end
138.  
139. def authenticated?(password)
140. crypted_password == encrypt(password)
141. end
142.  
143. def remember_token?
144. remember_token_expires_at && Time.now.utc < remember_token_expires_at
145. end
146.  
147. # These create and unset the fields required for remembering users between browser closes
148. def remember_me
149. remember_me_for 2.weeks
150. end
151.  
152. def remember_me_for(time)
153. remember_me_until time.from_now.utc
154. end
155.  
156. def remember_me_until(time)
157. self.remember_token_expires_at = time
158. self.remember_token = encrypt("#{email}–#{remember_token_expires_at}")
159. save(false)
160. end
161.  
162. def forget_me
163. self.remember_token_expires_at = nil
164. self.remember_token = nil
165. save(false)
166. end
167.  
168. def forgot_password
169. @forgotten_password = true
170. self.make_password_reset_code
171. end
172.  
173. def reset_password
174. # First update the password_reset_code before setting the
175. # reset_password flag to avoid duplicate email notifications.
176. update_attribute(:password_reset_code, nil)
177. @reset_password = true
178. end
179.  
180. # used in user_observer
181. def recently_forgot_password?
182. @forgotten_password
183. end
184.  
185. def recently_reset_password?
186. @reset_password
187. end
188.  
189. def self.find_for_forget(email)
190. find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email]
191. end
192.  
193. def has_role?(rolename)
194. self.roles.find_by_rolename(rolename) ? true : false
195. end
196.  
197. protected
198.  
199. # before filter
200. def encrypt_password
201. return if password.blank?
202. self.salt = Digest::SHA1.hexdigest("–#{Time.now.to_s}–#{login}–") if new_record?
203. self.crypted_password = encrypt(password)
204. end
205.  
206. def password_required?
207. crypted_password.blank? || !password.blank?
208. end
209.  
210. def make_activation_code
211. self.activation_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
212. end
213.  
214. def make_password_reset_code
215. self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
216. end
217.  
218. private
219.  
220. def activate!
221. @activated = true
222. self.update_attribute(:activated_at, Time.now.utc)
223. end
224.  
225. def set_sponsor_code
226. self.sponsor_code = generate_sponsor_code until sponsor_code_is_unique?
227. end
228.  
229. def self.generate_sponsor_code
230.  
231. serial = User.id + 1
232. letters = "ABCDEFGHJKLMNPQRSTUVWXYZ"
233. randstr = ""
234. 3.times { randstr = "#{randstr}#{letters[letters.length * rand].chr}" }
235. write_attribute :sponsor_code, "#{serial}#{randstr}"
236.  
237. end
238.  
239. def sponsor_code_is_unique?
240. self.class.count(:conditions => {:sponsor_code => self.sponsor_code}) == 0
241. end
242. end
243.  
244. #### Controller ####
245.  
246. class UsersController < ApplicationController
247. layout 'accountsportal'
248. before_filter :not_logged_in_required, :only => [:new, :create]
249. before_filter :login_required, :only => [:show, :edit, :update]
250. before_filter :check_administrator_role, :only => [:index, :destroy, :enable]
251.  
252. def index
253. @users = User.find(:all)
254. end
255.  
256. #This show action only allows users to view their own profile
257. def show
258. @user = current_user
259. end
260.  
261. # render new.rhtml
262. def new
263. @user = User.new
264. render :layout => 'signup'
265. end
266.  
267. def create
268. cookies.delete :auth_token
269. @user = User.new(params[:user])
270. @user.save!
271. #Uncomment to have the user logged in after creating an account - Not Recommended
272. #self.current_user = @user
273. flash[:notice] = "Thanks for signing up! Please check your email to activate your account before logging in."
274. redirect_to login_path
275. rescue ActiveRecord::RecordInvalid
276. flash[:error] = "There was a problem creating your account."
277. render :action => 'new'
278. end
279.  
280. def edit
281. @user = current_user
282. end
283.  
284. def update
285. @user = User.find(current_user)
286. if @user.update_attributes(params[:user])
287. flash[:notice] = "User updated"
288. redirect_to :action => 'show', :id => current_user
289. else
290. render :action => 'edit'
291. end
292. end
293.  
294. def destroy
295. @user = User.find(params[:id])
296. if @user.update_attribute(:enabled, false)
297. flash[:notice] = "User disabled"
298. else
299. flash[:error] = "There was a problem disabling this user."
300. end
301. redirect_to :action => 'index'
302. end
303.  
304. def enable
305. @user = User.find(params[:id])
306. if @user.update_attribute(:enabled, true)
307. flash[:notice] = "User enabled"
308. else
309. flash[:error] = "There was a problem enabling this user."
310. end
311. redirect_to :action => 'index'
312. end
313.  
314. def validate_sponsor_code
315. if User.find_by_sponsor_code params[:id]
316. redirect_to(signup_path) and return
317. else
318. flash[:error] = "We're Sorry, but the Sponsor Code you entered was invalid."
319. end
320. redirect_to(root_path) and return
321. end
322.  
323. end