##user_controller.rbclass UserController < ApplicationController before_fil

1. ##user_controller.rb
2. class UserController < ApplicationController
3. before_filter :authorize, :except => :login
4.  
5. layout "frontend"
6. def index
7. # @page_title = ""
8. end
9.  
10. def login
11. # @page_title = "Login"
12. if session[:user_id].nil?
13. if request.get?
14. @user = User.new
15. else
16. @user = User.new(params[:user])
17. authenticate, message = User.authenticate(@user.name,@user.password) # => Add Remember Me@user, message = User.authenticate(params[:user][:name],params[:user][:password]) # => Add Remember Me?
18. if authenticate.nil?
19. flash[:notice] = message
20. else
21. # => Remove for testing purposes
22. # session[:user_id] = authenticate.id
23. # session[:user_level] = authenticate.level
24. # redirect_to :action => "index"
25. flash[:notice] = authenticate.id # => Add for testing purposes
26. end
27. end
28. else
29. redirect_to :action => "index"
30. end
31. end
32.  
33. def change_prefs
34. @user = User.new
35. @user.get(session[:user_id])
36. @testes = @user.name "<<[#{session[:user_id]}]"
37. end
38.  
39. def logout
40. session[:user_id] = nil
41. session[:user_level] = nil
42. redirect_to :action => "index"
43. end
44. end
45.  
46. ##user.rb
47. require "digest/sha1"
48. class User < ActiveRecord::Base
49. # User Levels [:level]
50. # => 0 = Not loggedin
51. # => 1 = Normal USer
52. # => 90 = Admin
53. # => 99 = Super Admin
54.  
55. attr_accessor :password
56. attr_accessible :name, :password, :level, :message => 'is needed'
57. validates_uniqueness_of :name
58. validates_presence_of :name, :password
59. validates_length_of :password, :in => 6..15
60.  
61. # => Before save or update
62. def before_save
63. self.password = self.hash_password(self.password || "")
64. end
65.  
66. # => After save or update
67. def after_save
68. @password = nil
69. end
70.  
71. def self.authenticate(username, password)
72. if username.blank? || password.blank?
73. # html in models is BAD
74. return [nil, "Please input both username and password"]
75. end
76.  
77. user = self.find(:first,
78. :conditions => ['(name = ?) OR (name = ? AND password = ?)',
79. username, username, hash_password(password)])
80. if user.nil?
81. return [nil, "I can't find anybody with that username?"]
82. elsif user[:password] != hash_password(password)
83. return [nil, "That password is wrong"]
84. else
85. return [user, "Logged In"]
86. end
87. end
88.  
89. # => If the user is found, return TRUE, else FALSE
90. def self.check_is_user?(username)
91. return !User.find_by_name(username).nil?
92. end
93.  
94. def self.password_belongs_to_user?(username, password)
95. return self.find( :first,
96. :conditions => ["name = ? and password = ?",
97. username, hash_password(password)])
98. end
99.  
100. def get(id)
101. return User.find( :first,
102. :conditions => ["id = ?",
103. id])
104. end
105.  
106.  
107. def self.hash_password(password)
108. return Digest::SHA1.hexdigest(password) # => SHA1 the password
109. end
110. end
111.  
112. ## test_logout
113. def test_logout
114. assert_nil(session[:user_id])
115. assert_nil(session[:user_level])
116. assert_redirected_to :action => "index"
117. end
118.  
119.  
120. ## Errors
121. !!* UserID is appearing as 3 not 1
122. !!* test_logout won't work:
123.  
124. 1) Error:
125. test_logout(UserControllerTest):
126. TypeError: Symbol as array index
127. test/functional/user_controller_test.rb:52:in `[]'
128. test/functional/user_controller_test.rb:52:in `test_logout'