app/controllers/clients_controller.rb app/models/client_mailer.rb app/models/client_observer.rb app/views/client_mailer/forgot_password.erb app/views/client_mailer/reset_password.erb app/views/client_mailer/signup_notification.erb app/views/clients/forgot_password.html.erb app/views/clients/reset_password.html.erb @@ -14,6 +14,7 @@ FEATURES * Admin section where you can manage categories and their photos, and client's and their photo previews. * Client section where your client's can preview their photos. * Contact form. +* Search Engine Optimization INSTALLATION ------------ README @@ -8,7 +8,7 @@ class Admin::ClientsController < ResourceController::Base layout proc { |controller| controller.request.xhr? ? nil : 'admin' } # redirect to edit instead of show on create and update - [create, update].each { |action| action.wants.html { redirect_to edit_object_path } } + [create, update].each { |action| action.wants.html { redirect_to collection_path } } # set the meta titles for the different actions index.wants.html { @@ -24,20 +24,16 @@ class Admin::ClientsController < ResourceController::Base @meta_title = "Client | #{@meta_title}" } - def reset_password - # TODO - end - def login_as logout_keeping_session! - self.current_client = @object + self.current_client = Client.find(params[:id]) if self.current_client logger.debug("Logged in.") # Protects against session fixation attacks, causes request forgery # protection if account resubmits an earlier form using back # button. Uncomment if you understand the tradeoffs. # reset_session - redirect_to client_path(@object) + redirect_to client_photos_path(current_client) flash[:notice] = "Logged in successfully" else logger.debug("Couldn't log in") app/controllers/admin/clients_controller.rb @@ -29,19 +29,8 @@ class Client < ActiveRecord::Base # use login as a route identifier has_friendly_id :login - - - def self.create_defaults - Client.create!(:login => 'rapind', :email => 'dave@rapin.com', :name => 'Dave Rapin', :password => '123456', :password_confirmation => '123456', :phone => '416-321-3214') - Client.create!(:login => 'jcoyle', :email => 'jaime@jaimecoyle.com', :name => 'Jaime Coyle', :password => '123456', :password_confirmation => '123456', :phone => '416-123-1234') - end # Authenticates a client by their login name and unencrypted password. Returns the client or nil. - # - # uff. this is really an authorization, not authentication routine. - # We really need a Dispatch Chain here or something. - # This will also let us return a human error message. - # def self.authenticate(login, password) return nil if login.blank? || password.blank? u = find_by_login(login.downcase) # need to get the salt @@ -55,9 +44,35 @@ class Client < ActiveRecord::Base def email=(value) write_attribute :email, (value ? value.downcase : nil) end + + def forgot_password + @forgotten_password = true + self.make_password_reset_code + end + + def reset_password + # First update the password_reset_code before setting the + # reset_password flag to avoid duplicate email notifications. + update_attributes(:password_reset_code => nil) + @reset_password = true + end + + # used in user_observer + def recently_forgot_password? + @forgotten_password + end + # Returns true if the user has just reset their password. + def recently_reset_password? + @reset_password + end + + + #----------- protected - + def make_password_reset_code + self.password_reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join ) + end end app/models/client.rb @@ -7,8 +7,6 @@ | <%=link_to 'Login As', login_as_admin_client_path(row), :title => 'Login to your site as if you are this client' %> | - <%=link_to 'Reset Password', reset_password_admin_client_path(row), :title => 'Creates a new password and sends it to them via email' %> - | <%=link_to 'Remove', admin_client_path(row), :title => 'Remove this client permanently', :confirm => 'Are you sure? This cannot be undone!', :method => :delete %> </td> </tr> app/views/admin/clients/_row.html.erb @@ -1,3 +1,7 @@ + + ** Important: When you create a new client account, a welcome email is sent to them containing their username and password. + + <%= error_messages_for :object %> <% form_for(@object, :url => collection_path) do |f| %> app/views/admin/clients/new.html.erb @@ -12,6 +12,7 @@ <li>Admin section where you can manage categories and their photos, and client's and their photo previews.</li> <li>Client section where your client's can preview their photos.</li> <li>Contact form.</li> + <li>Search Engine Optimization.</li> </ul> <h2>Installation</h2> app/views/main/about.html.erb @@ -1,11 +1,10 @@ <% form_tag session_path do -%> <label for="login">Username</label> - <%= text_field_tag 'login', {}, :class => 'text' %> - - + <%= text_field_tag 'login', {}, :class => 'text' %> <label for="password">Password</label> - <%= password_field_tag 'password', {}, :class => 'text' %> + <%= password_field_tag 'password', {}, :class => 'text' %> + <%= link_to 'Forget your password?', forgot_password_path %> <%= check_box_tag 'remember_me' %>   app/views/sessions/new.html.erb @@ -36,6 +36,7 @@ Rails::Initializer.run do |config| # Activate observers that should always be running # config.active_record.observers = :cacher, :garbage_collector, :forum_observer + config.active_record.observers = :client_observer # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. # Run "rake -D time" for a list of tasks for finding time zone names. config/environment.rb @@ -9,17 +9,16 @@ ActionController::Routing::Routes.draw do |map| # Admin section map.admin '/admin', :controller => 'admin/categories' map.namespace :admin do |admin| - # displaying and managing photos for users admin.resources :categories do |category| category.resources :photos, :member => { :update_position => :put } end - #admin.resources :categories, :has_many => :photos - admin.resources :clients, :has_many => :photos, :member => { :login_as => :get, :reset_password => :get } - #admin.resources :photos, :member => { :update_position => :put } + admin.resources :clients, :has_many => :photos, :member => { :login_as => :get } end map.logout '/logout', :controller => 'sessions', :action => 'destroy' map.login '/login', :controller => 'sessions', :action => 'new' + map.forgot_password '/forgot_password', :controller => 'clients', :action => 'forgot_password' + map.reset_password '/reset_password/:id', :controller => 'clients', :action => 'reset_password' map.root :controller => "main" map.about '/about', :controller => 'main', :action => 'about' config/routes.rb app/views/clients/_client_bar.html.erb app/views/clients/new.html.erb af4011030bb3da86a007441d0006adba9ec77f0e Dave Rapin dave@rapin.com http://github.com/rapind/photographer/commit/62e601b71bba736ef0941e3016eb88e6f3ea09b9 62e601b71bba736ef0941e3016eb88e6f3ea09b9

2009-06-23T14:47:03-07:00

client forgot and reset password implemented. system emails for new signups. minor form tweaks. b5d007628aef5c2f031e8746312d8b705b7ff6de Dave Rapin dave@rapin.com