Hey all,
When someone is on my login page, I have this:
<% form_for :user, :url => { :action => "login" } do |f| %> <%= f.label(:user_email, "User Email")%> <%= f.text_field(:email) %><br/> <%= f.label(:user_password, "User Password")%> <%= f.password_field(:password) %><br/> <%= f.submit("Login") %>
<%= link_to 'Register', :action => 'signup' %> | <%= link_to 'Forgot my password', :action => 'forgot_password' %> <% end %>
<%= flash_helper %>
Note that flash_helper method calls this method in ApplicationHelper module:
def flash_helper
f_names = [:notice, :warning, :message] fl = ''
for name in f_names if flash[name] fl = fl + "<div class=\"notice\">#{flash[name]}</div>" end flash[name] = nil; end return fl end
During a post request to server, I call the authenticate class method on User class, passing in two parameters, an email string and password:
def login if request.post? if session[:user] = User.authenticate(params[:user][:email], params[:user][:password]) flash[:message] = "Login successful" redirect_to :root else flash[:warning] = "Login unsuccessful" end end end
authenticate is executed:
def self.authenticate(email, pass) u=find(:first, :conditions=>["email = ?", email]) return nil if u.nil? return u if User.encrypt(pass, u.password_salt)==u.encrypted_password nil end
It does some sql, finds the user, and then if it finds matching email address we call encrypt:
def self.encrypt(pass, salt) Digest::SHA2.hexdigest(pass+salt) end
which basically checks if the password and salt for that record match the one for that record in the encrypted_password field of users table.
So everything works and user is returned to home page. (Note that I also tested a wrong apssword and system correctly gave flash error)
But here's the problem. When returned to home page, the user still does not become current user!
Because I have this in my home page:
<% if current_user %> <%= link_to "Logout", logout_path %> <% else %> <%= link_to "Create Account", signup_path %> <%= link_to "Login", login_path %> <% end %>
And it continues to shop me the login link rather than loggout, menaing the system has not captured the record that just signed in as the current_user. I am not sure why?
I have this in application controller:
def current_user @current_user ||= session[:user_id] && User.find(session[:user_id]) end
So I presume that when the login process occurs the user id is stored in session, and assigned to current_user. but apparently it's not because when signing in the if current_user block returns false and it triggers the else statement instead.
Thanks for response.