Application security fun

Hello,

I am trying to develop an application that uses STI for People. So you
have customer < person, admin < person. I have also created a login
controller with accompanying simple login page (un & pw fields).


Login Controller

def do_login
username = params[:username]
password = params[:password]

if username.nil? || password.nil? || username==password
redirect_to :action => "login"
flash[:notice] = 'Unknown user or invalid password'

else
session[“user_id”] = username
redirect_to :controller => “customers”, :action => “index”
end

Currently it just checks if something is entered into the boxes to test
that it works. I have created a register page that adds a record to the
database table people an email address, hashed password, and salt. What
i want to do is check these when a user enters a username and password
in the login page but am not quite sure what to do.

I currently only have customer and admin controllers. Do i need to
create a people controller? or can i reference the database from the
login controller?

Any help would be great !!!

Regards,

Dave

On 11 Dec 2008, at 11:47, Dave S. wrote:

I currently only have customer and admin controllers. Do i need to
create a people controller? or can i reference the database from the
login controller?

controllers aren’t tied to models. Any controller can use any model to
do anything.

Fred

Frederick C. wrote:

On 11 Dec 2008, at 11:47, Dave S. wrote:

I currently only have customer and admin controllers. Do i need to
create a people controller? or can i reference the database from the
login controller?

controllers aren’t tied to models. Any controller can use any model to
do anything.

Fred

excellent… sorted… cheers

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs