Tuesday, June 29, 2010

Auto Login in rails

1. Remember me

When the user login and checks the “Remember me” checkbox, the :save_login parameter is set, the User instance remember_me method invoked and the :auth_token cookie set...

class AccountController < ApplicationController
def login
case @request.method
when :post
if @session[:user] = User.authenticate(@params[:user_login], @params[:user_password])
flash['notice'] = "Login successful"
if @params[:save_login] == "1"
cookies[:auth_token] = { :value => @session[:user].remember_token , :expires => @session[:user].remember_token_expires }
redirect_back_or_default :controller => "time"
flash.now['notice'] = "Login unsuccessful"
@login = @params[:user_login]

def logout
@session[:user].forget_me if @session[:user]
@session[:user] = nil
cookies.delete :auth_token

2. login_from_cookie

The next time the user visits the website the “login_from_cookie” filter is triggered. This method checks that the user is not logged in and that the :auth_token cookie is set. If that’s the case the user matching the :auth_token is searched and the token_expiration verified the the user is automatically logged in. Et voila! I guess auto_login would be more appropriate as method name.

class ApplicationController < ActionController::Base
before_filter :login_from_cookie
def login_from_cookie
return unless cookies[:auth_token] && @session[:user].nil?
user = User.find_by_remember_token(cookies[:auth_token])
if user && !user.remember_token_expires.nil? && Time.now < user.remember_token_expires
@session[:user] = user

3. the User class

The User class has two methods to set and remove the token from the database. It’s pretty secure as from the token the user cannot be identified without having the salt, the email, and the token expiration, which is most unlikely to be recreated. It could be even more secure by just encrypting some random unique identifier. The only issue I encountered was that the user class always forces the password validation and encryption when saving. For now I just bypass validation and encryption when setting and clearing the remember_me token.

class User < ActiveRecord::Base
def remember_me
self.remember_token_expires = 2.weeks.from_now
self.remember_token = Digest::SHA1.hexdigest("#{salt}--#{self.email}--#{self.remember_token_expires}")
self.password = "" # This bypasses password encryption, thus leaving password intact

def forget_me
self.remember_token_expires = nil
self.remember_token = nil
self.password = "" # This bypasses password encryption, thus leaving password intact

Wednesday, June 23, 2010

FaceBook Javascript SDK Like button examples


<h1>Explicit href</h1>
<fb:like href="http://fbrell.com"></fb:like>

<h1>Custom Font</h1>
<fb:like font="trebuchet ms" href="http://fbrell.com"></fb:like>

<h1>Disable Faces</h1>
<fb:like show_faces="no" href="http://fbrell.com"></fb:like>

<h1>Button Count</h1>
<fb:like layout="button_count" href="http://fbrell.com"></fb:like>

<fb:like width="200" href="http://fbrell.com"></fb:like>

<h1>Narrow no faces</h1>
<fb:like width="200" show_faces="no" href="http://fbrell.com"></fb:like>

<fb:like href="http://fbrell.com"></fb:like>

<div style="background-color: black; padding: 10px;">
<fb:like colorscheme="dark" href="http://fbrell.com"></fb:like>

<h1>Dark Button SuscribeCount</h1>
<fb:like layout="button_count" colorscheme="dark" href="http://fbrell.com"></fb:like>

To Subscribe the likes

// this will fire when any of the like widgets are "liked" by the user
FB.Event.subscribe('edge.create', function(href, widget) {
Log.info('You liked ' + href, widget);

Source: http://developers.facebook.com/tools/console/ -> examples

Monday, June 14, 2010

using map with html images

Wanna Use 1 image with 2 links??

<img src="/images/submit.png" width="219" height="59" border="0" usemap="#Map" />
<map name="Map" id="Map">
<area shape="rect" coords="17,15,218,44" href="http://www.google.com" />
<area shape="rect" coords="8,46,219,59" href="http://yahoo.com />

Thursday, June 3, 2010

Making a http/https post request

Spent an hour to find out how to send a https post request and this is how ..

require 'rubygems'
require 'net/http'
require 'net/https'
require 'uri'
http = Net::HTTP.new('facebook.com', 443)
http.use_ssl = true
path = "/oauth/access_token"
data = 'id=123456'
resp, data = http.post(path, data)
puts resp.inspect
puts data.inspect