思路:表中保存用戶的用戶名,密碼(處理過),密匙,或者把cookies放在特意的一張表中

密碼加密是對用戶的輸入的密碼進(jìn)行md5加密,我做的是md5加密后,再二次用hash加密,密匙是隨機(jī)生成給用戶的隨機(jī)string,目的是對它進(jìn)行加密后作為用戶的cookie

自動登陸是在本地電腦保存cookie即可,然后讀取保存的cookie的值看在數(shù)據(jù)庫中有沒有,有的話,就自動登陸,沒有的話就跳出登陸框

核心代碼:

model:

class User < ActiveRecord::Base

# sha1 加密
def self.sha1(pass)
    Digest::SHA1.hexdigest(pass)
end

# md5 加密
def self.md5(pass)
   Digest::MD5.hexdigest(pass)
end

# hash 加密
def self.password_hash(pass)
  Digest::SHA256.hexdigest(pass)
end

# 混合二次加密
def self.mix_password(pass1,pass2)
  password_hash(md5(pass1.to_s).to_s+pass2.to_s)
end

# 隨機(jī)產(chǎn)生字符串
def self.random_string(len)
    randstring = ""
    chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
    1.upto(len) { |i| randstring << chars[rand(chars.size-1)] }
    return randstring
end

# 向user表中添加記錄
def self.create(name,password,pwd_salt)
   @user = User.new do |f|
    f.name = name
    f.password = password
    f.pwd_salt = pwd_salt   
    f.save
  end
end

#判斷登陸信息
def self.try_to_login(login_name,login_password)       
        transaction do
          User.find(:first,:conditions=>["name=? and password=?", login_name, login_password])        
end
end # 取得登陸用戶的密匙
def self.get_pwdsalt(login_name)
   transaction do
     User.find(:first,:conditions=>["name=?",login_name]).pwd_salt
   end
end

end

controller:

class LoginController < ApplicationController

  before_filter :login_from_cookie
def login_from_cookie #自動登陸
# cookies.delete :riskfit_token
  user = Cookieauto.find(:first,:conditions=>["pwd_salt=?",cookies[:riskfit_token]])
  if user && !user.nil?
    render :partial=>'success'
  end
end  

  #向數(shù)據(jù)庫添加記錄
  def new
    name = params[:user][:name]
    password = params[:user][:password]
    rand_string = User.random_string(30)
    mix_password = User.mix_password(password,rand_string)
    User.create(name,mix_password ,rand_string)   
  end

  #登陸
  def logon
    name = params[:user][:name]
    password = params[:user][:password]
    pwd_salt = User.get_pwdsalt(name)
    mix_password = User.mix_password(password,pwd_salt)
    login_user = User.try_to_login(name,mix_password) 
    if params[:auto]
      Cookieauto.create(name, pwd_salt)
      cookies[:riskfit_token]={:value=>pwd_salt,:expires => Time.now + 7.days}
    end    
    if !login_user.nil?
      render :partial => 'success'
      puts "render"
    end
  end

  #method:logout
  def logout
    cookies.delete :riskfit_token
    render :action=>'index'
  end

end

sql:

DROP TABLE IF EXISTS `cookieautos`;
CREATE TABLE `cookieautos` (
  `id` int(20) NOT NULL auto_increment,
  `name` varchar(30) default NULL,
  `pwd_salt` varchar(128) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
  `id` int(11) NOT NULL auto_increment,
  `name` varchar(30) default NULL,
  `password` text,
  `pwd_salt` varchar(128) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

view部分我就不寫了

source:

http://www.namipan.com/d/87f7886a3c0660304c48d2b03385810c084ddb7aabbf0100

ref:

http://onrails.org/articles/2006/02/18/auto-login
http://iceskysl.1sters.com/?action=show&id=22