Permalink
Browse files

Change password works

  • Loading branch information...
1 parent 1cceb83 commit 1c1ac2f6457de62727f746e6c96a3576944ddf22 @WiseMaestro committed Sep 2, 2011
@@ -0,0 +1,115 @@
+class ArtistsController < ApplicationController
+ # GET /artists
+ # GET /artists.xml
+ before_filter :authenticate, :except => [:show,:index]
+ before_filter :set_env
+ def index
+ @artists = Artist.find(:all, :order => 'name')
+
+ respond_to do |format|
+ format.html # index.html.erb
+ format.xml { render :xml => @artists }
+ end
+ end
+
+ # GET /artists/1
+ # GET /artists/1.xml
+ def show
+ @artist = Artist.find(params[:id])
+ @imgtag = ""
+ if @artist.photo_file_name.nil?
+ @imgtag = "NoImg.jpg"
+ else
+ @imgtag = @artist.photo.url
+ end
+ @sizex = @artist.sizex
+ @sizey = @artist.sizey
+
+
+ respond_to do |format|
+ format.html # show.html.erb
+ format.xml { render :xml => @artist }
+ end
+ end
+
+ # GET /artists/new
+ # GET /artists/new.xml
+ def new
+ @artist = Artist.new
+
+ respond_to do |format|
+ format.html # new.html.erb
+ format.xml { render :xml => @artist }
+ end
+ end
+
+ # GET /artists/1/edit
+ def edit
+ @artist = Artist.find(params[:id])
+ end
+
+ # POST /artists
+ # POST /artists.xml
+ def create
+ @artist = Artist.new(params[:artist])
+
+ respond_to do |format|
+ if @artist.save
+ format.html { redirect_to(@artist, :notice => 'Artist was successfully created.') }
+ format.xml { render :xml => @artist, :status => :created, :location => @artist }
+ else
+ format.html { render :action => "new" }
+ format.xml { render :xml => @artist.errors, :status => :unprocessable_entity }
+ end
+ end
+ end
+
+ # PUT /artists/1
+ # PUT /artists/1.xml
+ def update
+ @artist = Artist.find(params[:id])
+
+ respond_to do |format|
+ if @artist.update_attributes(params[:artist])
+ format.html { redirect_to(@artist, :notice => 'Artist was successfully updated.') }
+ format.xml { head :ok }
+ else
+ format.html { render :action => "edit" }
+ format.xml { render :xml => @artist.errors, :status => :unprocessable_entity }
+ end
+ end
+ end
+
+ # DELETE /artists/1
+ # DELETE /artists/1.xml
+ def destroy
+ @artist = Artist.find(params[:id])
+ @artist.destroy
+
+ #respond_to do |format|
+ # format.html { redirect_to(artists_url) }
+ # format.xml { head :ok }
+ # end
+ end
+
+ def delete
+
+ end
+ def set_env
+ @banner = "banner.jpg"
+ end
+ protected
+
+ def authenticate
+ authenticate_or_request_with_http_basic do |user, password|
+ for i in 1..1000 do
+ password = Digest::SHA256.hexdigest(password)
+ end
+ if !(user == "admin" && password == "6a631dd57fc7f184b1e92a5ddea94076d1fb4c05341816201ce0454d79a04562")
+ redirect_to(artists_path, :notice => "Sorry. You can't do that.")
+ else
+ true
+ end
+ end
+end
+end
@@ -2,7 +2,7 @@ class AccountsController < ApplicationController
before_filter :set_env
before_filter :auth
def index
-
+ @ident = authenticate("get_id")
end
def new
@@ -23,7 +23,7 @@ def makeadmin
@permission = authenticate('makeadmin')
unless @account.nil?
if @permission and (@account.permission > -1) and (1 > @account.permission)
-
+
@account.update_attribute(:permission, 1)
respond_to do |format|
format.html { redirect_to :action => 'list' }
@@ -52,6 +52,59 @@ def makesuper
end
end
+def changepassword
+ @account = Account.find(params[:id])
+ unless @account.nil?
+ id = authenticate('get_id')
+ if id = params[:id].to_i
+ respond_to do |format|
+ format.html
+ end
+ else
+ permalt
+ end
+ else
+ permalt
+ end
+
+end
+
+
+ def updater
+ @account = Account.find(params[:account])
+ if authenticate("get_id").to_i == @account.id
+ respond_to do |format|
+ if @account.save
+ format.html { redirect_to :action => "index" }
+ flash[:message] = "Signup successful"
+ else
+ format.html { render :action => "new" }
+ flash[:warning] = "Signup unsuccessful"
+ end
+ end
+ else
+ permalt
+ end
+ end
+
+ def update
+ @account = Account.find(params[:id])
+ if true
+ respond_to do |format|
+ if @account.update_attributes(params[:account])
+ format.html { redirect_to :action => "index" }
+ flash[:message] = "Signup successful"
+ else
+ format.html { render :action => "changepassword" }
+ flash[:warning] = "Signup unsuccessful"
+ end
+ end
+ else
+ permalt
+ end
+ end
+
+
def create
@account = Account.new(params[:account])
if authenticate("create")
@@ -80,10 +133,10 @@ def list
if authenticate("list")
@accounts = Account.find(:all)
else
- #permalt
+ permalt
end
end
-
+
def delete
end
@@ -149,12 +202,8 @@ def permissions(act, account)
else
false
end
- when "change_password"
- if account.id == params[:id]
- true
- else
- false
- end
+ when "get_id"
+ account.id
when "login"
true
when "list"
@@ -208,9 +257,11 @@ def authenticate(action)
# above end authenticate_http
else
@match = Account.find_by_username(session[:username])
+ unless @match.nil?
if !(@match.hashedpass == session[:passhash])
match = nil
end
+ end
end
View
@@ -8,11 +8,8 @@ class Account < ActiveRecord::Base
attr_protected :id, :salt
-
attr_accessor :password, :password_confirmation
-
-
def self.authenticate(username, pass)
u=find(:first, :conditions=>["username = ?", username])
return nil if u.nil?
@@ -26,6 +23,13 @@ def password=(pass)
self.hashedpass = Account.encrypt(@password, self.salt)
end
+ # def update_attribute()
+ # unless password == pass_confirmation
+ # return false
+ # else
+ # false
+ # end
+ # end
protected
def self.encrypt(pass, salt)
@@ -0,0 +1,7 @@
+<h1>Editing Password</h1>
+<%= @permission %>
+<br/>
+<%= render 'editform' %>
+
+<%= link_to 'Show', @account %> |
+<%= link_to 'Back', accounts_path %>
@@ -1,4 +1,34 @@
+
+
+<!-- <%= form_for @account, :url => { :action => "updater" } do |f| %> -->
+<!-- <% if @account.errors.any? %> -->
+<!-- <div id="error_explanation"> -->
+<!-- <h2><%= pluralize(@account.errors.count, "error") %> prohibited this account from being saved:</h2> -->
+
+<!-- <ul> -->
+<!-- <% @account.errors.full_messages.each do |msg| %> -->
+<!-- <li><%= msg %></li> -->
+<!-- <% end %> -->
+<!-- </ul> -->
+<!-- </div> -->
+<!-- <% end %> -->
+
+<!-- <div class="field"> -->
+<!-- <%= f.label "New Password" %><br /> -->
+<!-- <%= f.password_field :password %> -->
+<!-- </div> -->
+<!-- <div class="field"> -->
+<!-- <%= f.label "New Password confirmation" %><br /> -->
+<!-- <%= f.password_field :password_confirmation %> -->
+<!-- </div> -->
+<!-- <div class="actions"> -->
+<!-- <%= f.submit %> -->
+<!-- </div> -->
+<!-- <% end %> -->
+
+
+
<%= form_for(@account) do |f| %>
<% if @account.errors.any? %>
<div id="error_explanation">
@@ -13,8 +43,24 @@
<% end %>
<div class="field">
- <%= f.label :permission %><br />
- <%= f.text_field :permission %>
+
+ <%= f.hidden_field :username %>
+ </div>
+ <div class="field">
+ <%= f.label :password %><br />
+ <%= f.password_field :password %>
+ </div>
+ <div class="field">
+ <%= f.label "Password Confirmation" %><br />
+ <%= f.password_field :password_confirmation %>
+ </div>
+ <div class="field">
+
+ <%= f.hidden_field :artist %>
+ </div>
+ <div class="field">
+
+ <%= f.hidden_field :permission %>
</div>
<div class="actions">
<%= f.submit %>
@@ -0,0 +1,7 @@
+<h1>Editing Password</h1>
+<%= @permission %>
+<br/>
+<%= render 'editform' %>
+
+<%= link_to 'Show', @account %> |
+<%= link_to 'Back', accounts_path %>
@@ -1,8 +1 @@
-<h1>Editing account</h1>
-current permission:
-<%= @permission %>
-<br/>
-<%= render 'editform' %>
-<%= link_to 'Show', @account %> |
-<%= link_to 'Back', accounts_path %>
@@ -4,4 +4,5 @@
<%= link_to 'New Account', new_account_path %>
<br />
<%= link_to 'List Accounts (Priviledged)', :action => 'list' %>
+<%= link_to 'Change your password.', :controller => 'accounts', :action => 'changepassword', :id => @ident %>
<br />
@@ -15,6 +15,7 @@
<td><%= account.username %></td>
<td><%= account.artist %></td>
<td><%= account.permission %></td>
+ <td><%= link_to 'change password', :controller => "accounts", :action => 'changepassword', :id => account.id %></td>
<td><%= link_to 'Make Super', :controller => "accounts", :action => 'makesuper', :id => account.id %></td>
<td><%= link_to 'Make Admin', :controller => "accounts", :action => 'makeadmin', :id => account.id %></td>
Oops, something went wrong.

0 comments on commit 1c1ac2f

Please sign in to comment.