思路:表中保存用戶的用戶名,密碼(處理過),密匙,或者把cookies放在特意的一張表中
密碼加密是對用戶的輸入的密碼進行md5加密,我做的是md5加密后,再二次用hash加密,密匙是隨機生成給用戶的隨機string,目的是對它進行加密后作為用戶的cookie
自動登陸是在本地電腦保存cookie即可,然后讀取保存的cookie的值看在數(shù)據(jù)庫中有沒有,有的話,就自動登陸,沒有的話就跳出登陸框
核心代碼:
model:
class User < ActiveRecord::Base
# sha1 加密
def self.sha1(pass)
Digest::SHA1.hexdigest(pass)
end
# md5 加密
def self.md5(pass)
Digest::MD5.hexdigest(pass)
end
# hash 加密
def self.password_hash(pass)
Digest::SHA256.hexdigest(pass)
end
# 混合二次加密
def self.mix_password(pass1,pass2)
password_hash(md5(pass1.to_s).to_s+pass2.to_s)
end
# 隨機產生字符串
def self.random_string(len)
randstring = ""
chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
1.upto(len) { |i| randstring << chars[rand(chars.size-1)] }
return randstring
end
# 向user表中添加記錄
def self.create(name,password,pwd_salt)
@user = User.new do |f|
f.name = name
f.password = password
f.pwd_salt = pwd_salt
f.save
end
end
#判斷登陸信息
def self.try_to_login(login_name,login_password)
transaction do
User.find(:first,:conditions=>["name=? and password=?", login_name, login_password])
end
end # 取得登陸用戶的密匙
def self.get_pwdsalt(login_name)
transaction do
User.find(:first,:conditions=>["name=?",login_name]).pwd_salt
end
end
end
controller:
class LoginController < ApplicationController
before_filter :login_from_cookie
def login_from_cookie #自動登陸
# cookies.delete :riskfit_token
user = Cookieauto.find(:first,:conditions=>["pwd_salt=?",cookies[:riskfit_token]])
if user && !user.nil?
render :partial=>'success'
end
end
#向數(shù)據(jù)庫添加記錄
def new
name = params[:user][:name]
password = params[:user][:password]
rand_string = User.random_string(30)
mix_password = User.mix_password(password,rand_string)
User.create(name,mix_password ,rand_string)
end
#登陸
def logon
name = params[:user][:name]
password = params[:user][:password]
pwd_salt = User.get_pwdsalt(name)
mix_password = User.mix_password(password,pwd_salt)
login_user = User.try_to_login(name,mix_password)
if params[:auto]
Cookieauto.create(name, pwd_salt)
cookies[:riskfit_token]={:value=>pwd_salt,:expires => Time.now + 7.days}
end
if !login_user.nil?
render :partial => 'success'
puts "render"
end
end
#method:logout
def logout
cookies.delete :riskfit_token
render :action=>'index'
end
end
sql:
DROP TABLE IF EXISTS `cookieautos`;
CREATE TABLE `cookieautos` (
`id` int(20) NOT NULL auto_increment,
`name` varchar(30) default NULL,
`pwd_salt` varchar(128) default NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(30) default NULL,
`password` text,
`pwd_salt` varchar(128) default NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
view部分我就不寫了
source:
http://www.namipan.com/d/87f7886a3c0660304c48d2b03385810c084ddb7aabbf0100
ref:
http://onrails.org/articles/2006/02/18/auto-login
http://iceskysl.1sters.com/?action=show&id=22
posted on 2009-03-26 18:31
fl1429 閱讀(3198)
評論(0) 編輯 收藏 所屬分類:
Rails