User Login

Hi,
I'm creating a website with Ruby on Rails, that has a user account
feature. On the side bar, I have a login form. But if the user logs
in, I want it to no display the user login form, but rather hello
user_name. I am guessing I would set up a if statement, perhaps like
this?

<% if session[:uid] = @user.id -%>

<% else -%>

Login Form
    <% end %>

Oops, sorry about that, I accidentally sent it somehow...

Anyway, for the <% if session[:uid] = @user.id -%> , I don't know what
would go in there...

Thanks for your help...

cz231 wrote:

Oops, sorry about that, I accidentally sent it somehow...

Anyway, for the <% if session[:uid] = @user.id -%> , I don't know what
would go in there...

Thanks for your help...

Really all you want to know is if there is a session[:uid] -

<% if session[:uid] %>

if there is then the user is logged in, otherwise it will be nil.

However, there's some more to it. I would recommend you pull down the
restful_authentication plugin, run the generator and then examine the
code to see how they do all this, which will teach you a lot.

For instance, Restful_Authentication exposes the currently logged in
user with "current_user" and also methods like "logged_in?" and
"authorized?" that will assist with what you are trying to do.

Hmm...that doesn't work...Does anyone else know?
I'll have to look into that plugin too...

Right now I'm trying
<% if session[:uid] != nil -%>
      <p>Welcome User</p>

      <% else -%>
    Login Form
<% end -%>

Thanks for any help...

<% if session[:uid].blank? %>

Login Form

<% else %>

<%="Hello id: #{session[:uid]}" %>

<% end %>

-Fredrik

cz231 wrote:

That still doesn't work. Maybe I haven't given you enough info...I'm
using the LoginGenerator if that changes things...
http://wiki.rubyonrails.org/rails/pages/LoginGenerator
Thanks.

The login generator was deprecated ages ago, you could try using acts_as_authenticated or restful_authentication (the latter being the latest), and seeing if they work (they should)

I agree with Ryan here. Start off with a decent plugin for
authentication. That will do 2 things for you: 1. It's likely they'll
do a job better you would yourself, and 2. You can learn a lot by
reading through the code in these plugins.

What I also like about these plugins is that you're not stuck with a
"gate-keeper" style login scenario. Instead you are provided fine
grained control of how you manage accesses to your controller actions.
They make it easy to provide some controller actions for public access
and some restricted access. They are very flexible in this regard and
well worth a few minutes of your time getting familiar with them.

With restful_authentication, for example, you could do this:

<% if logged_in? %>
  Login Form...
<% else %>
Welcome your user...
<% end %>

Makes the intent very clear, so if anyone else were to inspect your
code they would understand it's function right away.

The beta restful_authentication includes a helper method and partial
to do just that, right out of the box:

  <% if logged_in? -%>
    <div id="user-bar-greeting">Logged in as <%=
link_to_current_user :content_method => :login %></div>
    <div id="user-bar-action" >(<%= link_to "log out", logout_path
%>)</div>
  <% else -%>
    <div id="user-bar-greeting"><%= link_to_login_with_IP 'Not logged
in', :style => 'border: none;' %></div>
    <div id="user-bar-action" ><%= link_to "Log in", login_path %> /
               <%= link_to "Sign up", signup_path, { :title => "Create an
account" } %></div>
  <% end -%>

You can put this in your app/views/layouts/application.html.erb layout
file
<div id="top_bar">
  <div id="hello_or_login"><%= render :partial => 'users/
hello_or_login' %></div>
</div>
with something like this in your stylesheet:
  #top_bar { float:right; width:100%; background-
color: #eee; }
  #hello_or_login { float:right; text-align:right; color:
#999; }
  #hello_or_login div { float:left; clear:none; padding: 0.2em 0.5em;
border-left:1px solid #aaa }

There is also an "if_authorized?" helper method:
  <%= if_authorized? :to => :edit, :on => @user do link_to("Edit
#{@user.login}", edit_user_path) end %>

To try out the newer version of restful_authentication, invoke:
  git clone git://github.com/technoweenie/restful-authentication.git
restful_authentication
  cd restful_authentication/
  git checkout --track -b modular origin/modular

Cheers,
flip

(You asked about loggedin/not logged in view hiding, but since I
mentioned authorization filtering too I should mention: removing
something from view does NOT forbid it; only access control in your
controller module will do this. Going farther astray: Another
approach to view-filtering is the "Full Access With Errors" security
pattern: expose all things a visitor might reasonably have access to
by logging in/escalating, then ask for login when action is requested.
See p305ff in "Security Patterns" http://www.amazon.com/gp/reader/0470858842/ref=sib_dp_pt
)

I was running into similar problems you had and was lucky enough to
pick up the book Simply Rails 2 from Amazon which walked me through
this and a really simple authentication system so I have a better idea
of how it works.

Like everyone else has said, grab some code (plugin, another site
built with Rails 2, etc.) and just immerse yourself in the code and
try and follow where all of the variables are going and where the
logic is coming from. You'll gain a lot of knowledge that way and then
keep on trying and breaking things ... failure is only telling you to
keep on trying. :slight_smile:

Wow...thanks for all the response! I didn't know what I was using was
deprecated generator, you'd think it would be clearly shown, so noobs
like me wouldn't use it. So is there some way to reverse using that
generator and then do you guys have any personal favorite plugins?
Thanks again