Good registration & fair auth #23

app/controllers/artist_controller.rb

@@ -2,7 +2,10 @@
 class ArtistController < ApplicationController
   require 'open-uri'
 	def view
-		if params[:name].nil?
+    unless MainController.logged_in request.session['session_id']
+      redirect_to '/login'
+    end
+  	if params[:name].nil?
 	  		name = ''
 	  	else
 			if request.request_method == 'POST'

app/controllers/main_controller.rb

@@ -1,5 +1,17 @@
 class MainController < ApplicationController
   def index
+    unless MainController.logged_in request.session['session_id']
+      redirect_to '/login'
+    end
   end
-
-end
+  def self.logged_in session_id
+    user_data = User.collection.find({session_key: Digest::SHA256.hexdigest(session_id)}).first
+    unless user_data.nil?
+      user_data['lastvisit'] = Time.now()
+      User.collection.update({_id: user_data._id}, user_data.attributes)
+      return true
+    else
+      return false
+    end
+  end
+end

app/controllers/user_controller.rb

@@ -1,11 +1,26 @@
 class UserController < ApplicationController
+  def login
+    unless params[:email].nil? or params[:password].nil?
+      user_data = User.collection.find({email: params[:email], password: Digest::SHA256.hexdigest(params[:password])}).first
+      unless user_data.nil?
+        user_data['session_key'] = Digest::SHA256.hexdigest(request.session['session_id'])
+        User.collection.update({_id: user_data._id}, user_data.attributes)
+        redirect_to '/'
+      else
+        redirect_to '/login'
+      end
+    else
+      redirect_to '/login'
+    end
+  end
+  
   def register
     data = Invite.where(:email => params[:email], :code => params[:code]).first
     unless data.nil?
       @code = data.code
       @email = data.email
     else
-      redirect_to '/'
+      redirect_to '/login'
     end
   end
   
@@ -30,7 +45,7 @@ class UserController < ApplicationController
       
       Invite.collection.remove({email: params[:invite_email], code: params[:invite_code]})
     else
-      redirect_to '/'
+      redirect_to '/login'
     end
   end
 end

app/views/layouts/application.html.erb

@@ -9,6 +9,8 @@
 	<%= csrf_meta_tag %>
 </head>
 <body>
+	<br/><br/><br/><br/>
+	<%= @params %>
 	<div id="contents">
 		<div class="inner-1">
 			<div id="player">

app/views/user/login.erb

@@ -0,0 +1,24 @@
+<div id="registration">
+	<h1>Do BeatHaven know you?</h1>
+	<%= form_tag('/login', :method => 'post') do -%>
+		<%= label_tag 'email', 'E-mail' %><%= email_field_tag 'email', nil %>
+		<%= label_tag 'password', 'Password' %><%= password_field_tag 'password', nil %><div id="password_error"></div>
+		<div class="complete">
+			<%= submit_tag 'Let me in!' %>
+		</div>
+	<% end -%>
+</div>
+<script type="text/javascript" charset="utf-8">
+	$(function(){
+		$('#email').focus();
+		$('form').submit(function(){
+			$('#password_error, #password_c_error').html('');
+			if ($('#password').val().length < 6) {
+				$('#password_error').html('* You must be kidding?');
+				$('#password').focus();
+				return false;
+			}
+			return true;
+		})
+	})
+</script>

config/routes.rb

@@ -8,8 +8,9 @@ Beathaven::Application.routes.draw do
   match 'search/autocomplete' => 'artist#autocomplete'
   
   # Registration & login
-  match 'reg/:email/:code' => 'user#register', :constraints => { :email => /[-a-z0-9\._@]+/i, :code => /[a-z0-9]{8}/ }
+  match 'reg/:email/:code' => 'user#register', :constraints => { :email => /[-a-z0-9\._@]+/i, :code => /[a-f0-9]{64}/ }
   match 'reg/complete' => 'user#complete'
+  match 'login' => 'user#login'
   
   match '*a', :to => 'errors#routing'
 end