Ruby-on-Rails: Understanding the Basics of Active Record - Rails in the Real World
(Page 4 of 4 )
Without much ado let's get to work and see how to implement a login module. The requirements of the module are as below:
- A form that allows the users to enter their user name and password.
- A simple userid password verification implemented to check the credentials of the user.
- Once they are logged in, we need to record the fact somehow for the rest of their session (or until they log out).
On the basis of the requirements, the following are the components required:
- User.rb – Model for the user table.
- login_controller.rb – The controller orchestrating the flow.
- login.rhtml – View providing form for logging in.
Here is the user table:
create table users (
id int not null auto_increment,
name varchar(100) not null,
password char(40) null,
primary key (id);
Next comes the model class. Since we are using the Active Record in RoR, there is no need to use the establish_connection method. Instead I will be using the database.yml file with the following information (since I am expanding upon the demo application created in the first part):
development: adapter: mysql
database: demo_development
username:raj
password:
host: localhost
The command to generate the model class is:
ruby script/generate model User
The model class contains two methods- try_to_login which in turn calls login. Here is the code:
class User < ActiveRecord::Base
def self.login(name, password)
find(:first, :conditions =>
["name = ? and hashed_password = ?", name,password])
end
def try_to_login
User.login(self.name, self.password)
end
end
The login method contains the find method with criteria. The details of this will be covered in the next part. The logic is simple – the try_to_login method gets called by the controller. This method in turn passes the data to the login method. The requirement of layering is to provide implementation abstraction. The login method tries to retrieve the data corresponding to username and password (before anyone complains about lack of security please bear with me as this is not a full-fledged implementation).
Next comes the controller. For that here is command:
ruby script/generate controller Login
And here is the code that implements the login validation and session establishment.
class LoginController < ApplicationController
def login
@user = User.new(params[:user])
logged_in_user = @user.try_to_login
if logged_in_user
session[:user_id] = logged_in_user.id
#creating the session
#and putting user’s id in #it
redirect_to(:action => "index")
else
flash[:notice] =
"Invalid user/password combination" end
end
end
And here is the view :
<% @page_title = "Add a User" -%>
<%= error_messages_for 'user' %>
<%= form_tag %>
<table>
<tr>
<td>User name:</td>
<td><%= text_field("user", "name") %></td>
</tr>
<tr>
<td>Password:</td>
<td><%= password_field("user", "password") %></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value=" ADD USER " /></td>
</tr>
</table>
<%= end_form_tag %>
That completes the login application. If you compare it with similar applications in any other language, the result would tell you that the number of lines is really less in RoR-based code. In this discussion there are certain aspects of Active Record that I have left out. The left out pieces of the puzzle called Active Record will be covered in the next part. Till then…
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
