Application security fun


#1

Hello,

I am trying to develop an application that uses STI for People. So you
have customer < person, admin < person. I have also created a login
controller with accompanying simple login page (un & pw fields).


Login Controller

def do_login
username = params[:username]
password = params[:password]

if username.nil? || password.nil? || username==password
redirect_to :action => "login"
flash[:notice] = 'Unknown user or invalid password'

else
session[“user_id”] = username
redirect_to :controller => “customers”, :action => “index”
end

Currently it just checks if something is entered into the boxes to test
that it works. I have created a register page that adds a record to the
database table people an email address, hashed password, and salt. What
i want to do is check these when a user enters a username and password
in the login page but am not quite sure what to do.

I currently only have customer and admin controllers. Do i need to
create a people controller? or can i reference the database from the
login controller?

Any help would be great !!!

Regards,

Dave


#2

On 11 Dec 2008, at 11:47, Dave S. wrote:

I currently only have customer and admin controllers. Do i need to
create a people controller? or can i reference the database from the
login controller?

controllers aren’t tied to models. Any controller can use any model to
do anything.

Fred


#3

Frederick C. wrote:

On 11 Dec 2008, at 11:47, Dave S. wrote:

I currently only have customer and admin controllers. Do i need to
create a people controller? or can i reference the database from the
login controller?

controllers aren’t tied to models. Any controller can use any model to
do anything.

Fred

excellent… sorted… cheers