On 31 Jan 2012, at 10:43, Colin Law wrote:
>> That would be second option.
>
> Since you have top posted everyone will have to scroll down to see
> which that is. I will repeat it here to make it easier for those
> reading it:
>>> prevent the user from logging in unless he uses a valid name/
>>> password configured for the db
>
> The only way I can think of doing that is to attempt to connect to
> re-connect to the db when he logs in, using his credentials, and see
> if it successful.
There is actually a way to just query the database.
You haven't said what database you're using, but the procedure should
be more or less the same once you figure out how your specific
database stores things.
In case of MySQL, you would basically have to establish a connection
with the database "mysql" from some ActiveRecord model (using
"establish_connection", search it at http://api.rubyonrails.org/),
then make sure your ActiveRecord model connects to the "user" table
(singular! so use self.table_name="user" in Rails 3 or set_table_name
in Rails 2) witin that database. Then you can just use a method like:
Rails 2.x
def authenticate(login, passwd)
self.first(:conditions => ["Login=? and Password=PASSWORD(?)",
login, passwd])
end
Rails 3.x
def authenticate(login, passwd)
self.where("Login=? and Password=PASSWORD(?)", login, passwd).first
end
This is completely untested and it's an authentication method I'm not
too fond of, but this is more or less how you could get it done.
Best regards
Peter De Berdt
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment