Forum: Ruby on Rails application security fun

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
428f1d76da99d9602d57b046841df29a?d=identicon&s=25 Dave Smith (railsnoob)
on 2008-12-11 12:47
Hello,

I am trying to develop an application that uses STI for People. So you
have customer < person, admin < person. I have also created a login
controller with accompanying simple login page (un & pw fields).

------------------------------------------------------
Login Controller

def do_login
    username = params[:username]
    password = params[:password]

    if username.nil? || password.nil? || username==password
    redirect_to :action => "login"
    flash[:notice] = 'Unknown user or invalid password'
  else
    session["user_id"] = username
    redirect_to :controller => "customers", :action => "index"
  end
-------------------------------------------------------

Currently it just checks if something is entered into the boxes to test
that it works. I have created a register page that adds a record to the
database table people an email address, hashed password, and salt. What
i want to do is check these when a user enters a username and password
in the login page but am not quite sure what to do.

I currently only have customer and admin controllers. Do i need to
create a people controller? or can i reference the database from the
login controller?

Any help would be great !!!

Regards,

Dave
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-12-11 12:51
(Received via mailing list)
On 11 Dec 2008, at 11:47, Dave Smith wrote:

>
> I currently only have customer and admin controllers. Do i need to
> create a people controller? or can i reference the database from the
> login controller?
>
controllers aren't tied to models. Any controller can use any model to
do anything.

Fred
428f1d76da99d9602d57b046841df29a?d=identicon&s=25 Dave Smith (railsnoob)
on 2008-12-11 13:19
Frederick Cheung wrote:
> On 11 Dec 2008, at 11:47, Dave Smith wrote:
>
>>
>> I currently only have customer and admin controllers. Do i need to
>> create a people controller? or can i reference the database from the
>> login controller?
>>
> controllers aren't tied to models. Any controller can use any model to
> do anything.
>
> Fred

excellent.. sorted.. cheers
This topic is locked and can not be replied to.