To Examples

CustomLogin Example

This example can be addapted to add custom login authentication to any controller.

1. Create a Rails project named CustomLogin.
    
2. Generate a scaffold with model name Blog defined by
   

   Field	Datatype
   screen_name	string
   message	text

3. Create a scaffold with model model name LoginInfo that contains the user names and their encrypted passwords.

   Field	Datatype
   username	string
   password	string

4. Add these Ruby statements to the CustomLogin/db/seeds.rb file
5. Add a new view to the LoginInfo controller named login_page:
   
   1. Create a new view file: login_form.html.erb.
   2. Place these login_form and logout methods in CustomLogin/app/controllers/login_info_controller.rb:
      

      def login_form  
       
        # User must login again when arriving at the login page,
        # even if already logged in previously.
        reset_session
      
        # Get username and password
        user = params[:user_from_login]
        pw_from_login = params[:pw_from_login]
      
        # Get password from database for entered username.  
        # If password from database matches the entered password,
        # store true in session variable so user need not login again.
        if !user.blank?
          pw_array = LoginInfo.where(username: user)
          encoded_pw = Digest::MD5.hexdigest(pw_from_login)	
          if pw_array.length > 0
            pw_from_db = pw_array[0].password
            if pw_from_db == encoded_pw
              session[:logged_in] = true
              redirect_to blogs_path 
            end
          end
        end
      end
      
      def logout
      
        # If user logs out from any page,
        # reset session variable to false.
        reset_session
      
        # Go back to login again.
        redirect_to login_form_login_infos_path
      
      end 
      

   3. Replace the routes in CustomLogin/config/routes.rb with
      

      Rails.application.routes.draw do
        resources :blogs
        resources :login_infos do
          collection do
            get :login_form
            post :login_form
            post :logout
          end
        end
      end
      

      Don't forget to delete the end statement at the bottom of the file.
6. Add this code to the private section at the bottom of CustomLogin/app/controllers/blogs_controller.rb:
   

   def check_logged_in
     if !session[:logged_in]
       redirect_to login_form_login_infos_path
     end
   end
   

7. At very the top of CustomLogin/app/controllers/blogs_controller.rb, before the class header, place the line:
   

   require 'digest/md5'
   

8. At the top of CustomLogin/app/controllers/blogs_controller.rb, after the existing before_action statement, add this line:
   

   before_action :check_logged_in, only: [:index, :show, :new, :edit]
   

9. Make a copy the layout file CustomLogin/apps/views/layouts/application.html.erb. Rename this copy blogs.html.erb.  Place this code at the bottom of this file immediately before the </body> tag:
   

   <hr />
   
   <%= form_tag logout_login_infos_path do %>
     <%= submit_tag 'Logout' %>
   <% end %>
   

10. In CustomLogin/apps/controllers/application_controller.rb, replace :exception with :null_session in the method call protect_from_forgery.