very simple authenticatation

Could someone help me with this. It *really* only needs to be this simple. I don't need user models or plugins etc.

I think it's clear what I'd like (either admin or slt to authenticate), but it's obviously flawed and lets any username password combination in!

  def authenticateAdmin     authenticate_or_request_with_http_basic do |name, password|       name == "admin" || "slt" && password == "admin" || "slt"     end   end

I've also tried:

  def authenticateAdmin     authenticate_or_request_with_http_basic do |name, password|       (name == "admin" && password == "admin") || (name == "slt" && password == "slt")     end   end

Thanks.

"Not" equivalent. Not "now".

I don't understand how I manage to make those typos. It's not like I forgot a letter or something - I actually use another word in place. Strange xD

Thanks for the suggestion.

I get the same problem. *Any* username or password is allowed.

So I can enter 'foo' and no password and it let's me in.

Odd.

The logic is wrong. Try this:

def authenticateAdmin     authenticate_or_request_with_http_basic do |name, password|       credentials = {'admin' => 'admin', 'slt' => 'slt'}       credentials[name] == pasword     end end

On your previous examples, your method was returning 'the last thing evaluated' (a Ruby thing), and in your case, that happened to be 'slt'. 'slt', as a string, is not false, which is why your method was letting users in regardless of credentials.

Hardcoded credentials in any app are a terrible idea though...

johnsonmlw wrote:

Thanks for the suggestion.

I get the same problem. *Any* username or password is allowed.

So I can enter 'foo' and no password and it let's me in.

Odd.

So basically..:

  def authenticateAdmin     authenticate_or_request_with_http_basic do |name, password|       true     end   end

?

I dont see how this can be useful to anyone though.. But that might just be me. lol