Could someone help me with this. It *really* only needs to be this
simple. I don't need user models or plugins etc.
I think it's clear what I'd like (either admin or slt to
authenticate), but it's obviously flawed and lets any username
password combination in!
def authenticateAdmin
authenticate_or_request_with_http_basic do |name, password|
name == "admin" || "slt" && password == "admin" || "slt"
end
end
I've also tried:
def authenticateAdmin
authenticate_or_request_with_http_basic do |name, password|
(name == "admin" && password == "admin") || (name == "slt" &&
password == "slt")
end
end
Thanks.
11175
(-- --)
March 19, 2009, 3:29pm
2
"Not" equivalent. Not "now".
I don't understand how I manage to make those typos. It's not like I
forgot a letter or something - I actually use another word in place.
Strange xD
Thanks for the suggestion.
I get the same problem. *Any* username or password is allowed.
So I can enter 'foo' and no password and it let's me in.
Odd.
Harold
(Harold)
March 19, 2009, 9:23pm
4
The logic is wrong. Try this:
def authenticateAdmin
authenticate_or_request_with_http_basic do |name, password|
credentials = {'admin' => 'admin', 'slt' => 'slt'}
credentials[name] == pasword
end
end
On your previous examples, your method was returning 'the last thing
evaluated' (a Ruby thing), and in your case, that happened to be
'slt'. 'slt', as a string, is not false, which is why your method was
letting users in regardless of credentials.
Hardcoded credentials in any app are a terrible idea though...
11175
(-- --)
March 19, 2009, 9:38pm
5
johnsonmlw wrote:
Thanks for the suggestion.
I get the same problem. *Any* username or password is allowed.
So I can enter 'foo' and no password and it let's me in.
Odd.
So basically..:
def authenticateAdmin
authenticate_or_request_with_http_basic do |name, password|
true
end
end
?
I dont see how this can be useful to anyone though.. But that might just
be me. lol