Thanks for the reply Matt!
I did something like this... I'd like to know what you and others think
of it as far as security goes. While it's not a bank or anything, I'd
like my app to be as hacker proof as possible. Any suggestions to make
it more secure are welcome!
Many thanks guys!
--
LOGIN FORM (GET LOGIN METHOD)
<form method="post" action="/login">
<p><label>Username</label><input name="post[username]" /></p>
<p><label>Password</label><input name="post[password]"
type="password"/></p>
<p><button type="submit">Login</button></p>
</form>
POST LOGIN METHOD
post '/login' do
if authenticate(params["post"]["username"],
Digest::MD5.hexdigest(params["post"]["password"]))
session[:user] = params["post"]["username"]
flash[:notice] = "Login succeeded!"
redirect '/admin'
else
flash[:error] = "Login failed!"
redirect '/login'
end
end
HELPER METHODS
# Authentication is hard-coded as there will only 1-3 users
def authenticate(username, password)
if username == 'admin' and password == '[admin_password_in_MD5]'
return true
else
return false
end
end
# Protect pages
def login_required
if session[:user]
return true
else
redirect '/login'
return false
end
end
# Get the username of the logged in user
def current_user
if session[:user]
session[:user]
end
end
# Verify if a user is logged in
def logged_in?
!!session[:user]
end
--
Anyway, I hope this helps others looking for a simple login method.
Best regards,
Tony
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
