I have a model for user and login page. When I enter right username and
password, i can not login to the system altough the user exists in the
db.
here’s the model:
require ‘digest/sha2’
class User < ActiveRecord::Base
attr_accessor :password
def password=(pass)
salt = [Array.new(6){rand(256).chr}.join].pack(“m”).chomp
self.password_salt, self.password_hash = salt,
Digest::SHA256.hexdigest(pass + salt)
end
def self.authenticate(username, password)
user = User.find(:first, :conditions => [‘username = ?’, username])
if user.blank? || Digest::SHA256.hexdigest(password +
user.password_salt) != user.password_hash
raise “Username or password invalid”
end
user
end
end
when i test the authenticate method from the console, when i type the
right username and password it doesn’t raise error. but when i try to
login from the login page it raise the error.
my view is:
<%= flash[:notice] -%>
<% form_tag :controller => :user, :action => :login do %>
Username
<%= text_field 'user', 'username' %>
Password
<%= password_field 'user', 'password' %>
<%= submit_tag 'Login' -%> <% end %>
and my controller is:
class UserController < ApplicationController
def login
if request.post?
begin
session[:user] =
User.authenticate(params[:username],params[:password]).id
redirect_to :controller => session[:intended_controller],
:action => session[:intended_action]
rescue
flash[:notice] = “Username or password invalid”
end
end
end
def logout
session[:user] = nil
redirect_to :controller => :user, :action => :index
end
def register
if request.post?
@user = User.new(params[:user])
if @user.save
redirect_to :action => :account_creation_success, :id => @user
end
end
end
end
do i forget something?