Double
unread,Jan 15, 2008, 9:45:39 PM1/15/08Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Ruby on Rails: Talk
Hi,
I'm having a problem trying to get a login controller working. When I
try and post to my login controller I get the following error:
ActionController::InvalidAuthenticityToken in LoginController#login
login_controller:
class LoginController < ApplicationController
def login
case request.method
when :post
if @session['user'] = User.authenticate(@params['username'],
@params['password'])
flash['notice'] = "Login successful"
redirect_back_or_default :action => "welcome"
else
@login = @params['username']
@message = "Login unsuccessful"
redirect_to :action=> "login"
end
end
end
.....
login.html.erb:
<div id="login">
<h1>Please Login</h1>
<form method="post" action="">
<p><label for="user_login">Username</label>
<%= text_field "user", "username", :class => 'textbox', :value
=> '', :maxlength => 40 %></p>
<p><label for="user_password">Password</label>
<%= password_field "user", "password", :class =>
'textbox', :value => '', :maxlength => 40 %></p>
<p class="buttons">
<%= submit_tag 'Login', :class => 'button' %>
</p>
</form>
</div>
User.rb
class User < ActiveRecord::Base
def self.authenticate(login, pass)
User.find(:first, :conditions =>["username = ? AND password = ?",
login, sha1(pass)])
end
def change_password(pass)
update_attribute "password", self.class.sha1(pass)
end
protected
def self.sha1(pass)
Digest::SHA1.hexdigest("somedigest")
end
before_create :crypt_password
def crypt_password
write_attribute("password", self.class.sha1(password))
end
validates_length_of :login, :within => 3..40
validates_length_of :password, :within => 5..40
validates_presence_of :login, :password, :password_confirmation
validates_uniqueness_of :login, :on => :create
validates_confirmation_of :password, :on => :create
end
I have the :secret and :session_key set in the environment.rb
Does anyone have any ideas?