From 957a883ccf5a645055427451c42dbfb37712ba8b Mon Sep 17 00:00:00 2001
From: magnolia-fan <magnolia_fan@me.com>
Date: Wed, 13 Apr 2011 08:42:44 +0400
Subject: [PATCH] Good registration & fair auth #23

---
 app/controllers/artist_controller.rb   |  5 ++++-
 app/controllers/main_controller.rb     | 16 ++++++++++++++--
 app/controllers/user_controller.rb     | 19 +++++++++++++++++--
 app/views/layouts/application.html.erb |  2 ++
 app/views/user/login.erb               | 24 ++++++++++++++++++++++++
 config/routes.rb                       |  3 ++-
 6 files changed, 63 insertions(+), 6 deletions(-)
 create mode 100644 app/views/user/login.erb

diff --git a/app/controllers/artist_controller.rb b/app/controllers/artist_controller.rb
index 50360b7..bddd09c 100644
--- a/app/controllers/artist_controller.rb
+++ b/app/controllers/artist_controller.rb
@@ -2,7 +2,10 @@
 class ArtistController < ApplicationController
   require 'open-uri'
 	def view
-		if params[:name].nil?
+    unless MainController.logged_in request.session['session_id']
+      redirect_to '/login'
+    end
+  	if params[:name].nil?
 	  		name = ''
 	  	else
 			if request.request_method == 'POST'
diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb
index a9708bd..5a69b89 100644
--- a/app/controllers/main_controller.rb
+++ b/app/controllers/main_controller.rb
@@ -1,5 +1,17 @@
 class MainController < ApplicationController
   def index
+    unless MainController.logged_in request.session['session_id']
+      redirect_to '/login'
+    end
   end
-
-end
+  def self.logged_in session_id
+    user_data = User.collection.find({session_key: Digest::SHA256.hexdigest(session_id)}).first
+    unless user_data.nil?
+      user_data['lastvisit'] = Time.now()
+      User.collection.update({_id: user_data._id}, user_data.attributes)
+      return true
+    else
+      return false
+    end
+  end
+end
\ No newline at end of file
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 6e1dfbe..6d7b5bb 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -1,11 +1,26 @@
 class UserController < ApplicationController
+  def login
+    unless params[:email].nil? or params[:password].nil?
+      user_data = User.collection.find({email: params[:email], password: Digest::SHA256.hexdigest(params[:password])}).first
+      unless user_data.nil?
+        user_data['session_key'] = Digest::SHA256.hexdigest(request.session['session_id'])
+        User.collection.update({_id: user_data._id}, user_data.attributes)
+        redirect_to '/'
+      else
+        redirect_to '/login'
+      end
+    else
+      redirect_to '/login'
+    end
+  end
+  
   def register
     data = Invite.where(:email => params[:email], :code => params[:code]).first
     unless data.nil?
       @code = data.code
       @email = data.email
     else
-      redirect_to '/'
+      redirect_to '/login'
     end
   end
   
@@ -30,7 +45,7 @@ class UserController < ApplicationController
       
       Invite.collection.remove({email: params[:invite_email], code: params[:invite_code]})
     else
-      redirect_to '/'
+      redirect_to '/login'
     end
   end
 end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 262a1da..8c1b892 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -9,6 +9,8 @@
 	<%= csrf_meta_tag %>
 </head>
 <body>
+	<br/><br/><br/><br/>
+	<%= @params %>
 	<div id="contents">
 		<div class="inner-1">
 			<div id="player">
diff --git a/app/views/user/login.erb b/app/views/user/login.erb
new file mode 100644
index 0000000..30e07ad
--- /dev/null
+++ b/app/views/user/login.erb
@@ -0,0 +1,24 @@
+<div id="registration">
+	<h1>Do BeatHaven know you?</h1>
+	<%= form_tag('/login', :method => 'post') do -%>
+		<%= label_tag 'email', 'E-mail' %><%= email_field_tag 'email', nil %>
+		<%= label_tag 'password', 'Password' %><%= password_field_tag 'password', nil %><div id="password_error"></div>
+		<div class="complete">
+			<%= submit_tag 'Let me in!' %>
+		</div>
+	<% end -%>
+</div>
+<script type="text/javascript" charset="utf-8">
+	$(function(){
+		$('#email').focus();
+		$('form').submit(function(){
+			$('#password_error, #password_c_error').html('');
+			if ($('#password').val().length < 6) {
+				$('#password_error').html('* You must be kidding?');
+				$('#password').focus();
+				return false;
+			}
+			return true;
+		})
+	})
+</script>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index a53adb2..598c993 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -8,8 +8,9 @@ Beathaven::Application.routes.draw do
   match 'search/autocomplete' => 'artist#autocomplete'
   
   # Registration & login
-  match 'reg/:email/:code' => 'user#register', :constraints => { :email => /[-a-z0-9\._@]+/i, :code => /[a-z0-9]{8}/ }
+  match 'reg/:email/:code' => 'user#register', :constraints => { :email => /[-a-z0-9\._@]+/i, :code => /[a-f0-9]{64}/ }
   match 'reg/complete' => 'user#complete'
+  match 'login' => 'user#login'
   
   match '*a', :to => 'errors#routing'
 end