Hey all,
When someone is on my login page, I have this:
<% form_for :user, :url => { :action => “login” } do |f| %>
<%= f.label(:user_email, “User Email”)%>
<%= f.text_field(:email) %>
<%= f.label(:user_password, “User Password”)%>
<%= f.password_field(:password) %>
<%= f.submit(“Login”) %>
<%= link_to ‘Register’, :action => ‘signup’ %> |
<%= link_to ‘Forgot my password’, :action => ‘forgot_password’ %>
<% end %>
<%= flash_helper %>
Note that flash_helper method calls this method in ApplicationHelper
module:
def flash_helper
f_names = [:notice, :warning, :message]
fl = ''
for name in f_names
if flash[name]
fl = fl + "<div class=\"notice\">#{flash[name]}</div>"
end
flash[name] = nil;
end
return fl
end
During a post request to server, I call the authenticate class method on
User class, passing in two parameters, an email string and password:
def login
if request.post?
if session[:user] = User.authenticate(params[:user][:email],
params[:user][:password])
flash[:message] = “Login successful”
redirect_to :root
else
flash[:warning] = “Login unsuccessful”
end
end
end
authenticate is executed:
def self.authenticate(email, pass)
u=find(:first, :conditions=>[“email = ?”, email])
return nil if u.nil?
return u if User.encrypt(pass,
u.password_salt)==u.encrypted_password
nil
end
It does some sql, finds the user, and then if it finds matching email
address we call encrypt:
def self.encrypt(pass, salt)
Digest::SHA2.hexdigest(pass+salt)
end
which basically checks if the password and salt for that record match
the one for that record in the encrypted_password field of users table.
So everything works and user is returned to home page. (Note that I also
tested a wrong apssword and system correctly gave flash error)
But here’s the problem. When returned to home page, the user still does
not become current user!
Because I have this in my home page:
<% if current_user %>
<%= link_to "Logout", logout_path %>
<% else %>
<%= link_to "Create Account", signup_path %>
<%= link_to "Login", login_path %>
<% end %>
And it continues to shop me the login link rather than loggout, menaing
the system has not captured the record that just signed in as the
current_user. I am not sure why?
I have this in application controller:
def current_user
@current_user ||= session[:user_id] && User.find(session[:user_id])
end
So I presume that when the login process occurs the user id is stored in
session, and assigned to current_user. but apparently it’s not because
when signing in the if current_user block returns false and it triggers
the else statement instead.
Thanks for response.