In this way you can let the view post information back to itself, and the login method will
handle it differently. So, if there was a POST, you check the username and password provided.
If they match, you set the session information and redirect either to the into parameter, or if
there is no such parameter you redirect to the products controller instead. If the username or
password doesn??™t match, you fall through, setting a flash. Then you do the same thing as if it
was a GET, which is that you set the @into instance variable and display the view.
The logout method just wipes the session and redirects to the starting URL.
Next, let??™s take a look at the login view that can be found in app/views/auth/login.rhtml.
It should look like this:
Please login with your username and password
<%= start_form_tag %>
<%= hidden_field_tag 'into', @into %>
Username: | <%= text_field_tag 'username' %> |
Password: | <%= password_field_tag 'password' %> |
<%= submit_tag 'Login' %> |
<%= end_form_tag %>
Here you start a new form, but use all the default parameters, which means the browser
will POST it back to the same address. You set a hidden field with the 'into' parameter and
then ask for a username and password, display a login button, and end the form.
CHAPTER 4 ?– STORE ADMINISTRATION 69
Now that you can make sure people can log in, you also need to modify all your controllers
so they won??™t let anyone in if they haven??™t been authenticated.
Pages:
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146