In my last post, we went over using method_missing in Ruby to do some simple dynamic programming. In this post we'll take a look at using the Singleton Class (not the Singleton pattern) to do a bit more dynamic programming. Most of this is a rehash of a couple of great posts by Ola Bini here and Peter Jones here.
So, what is the Singleton Class? A Singleton Class is where methods for an individual object are stored. What's this mean? Let's just look at some code.
# Create a class, Foo, that has a single method bar. We'll also # add a method_missing so that we can see what's called that class Foo def bar puts"Called bar" end
# Put this in so we can see what gets called in foo2 below that's not available. def method_missing(name,*args,&block) puts"You tried to call #{name} with #{args.inspect}. There is no method with that name." end end
# Create a new Foo foo=Foo.new
# Call the method that does exist. foo.bar
# Add a new method to foo. This method, baz, will be added to # foo's singleton class. def foo.baz puts"Called baz" end
# Call the method we just added. foo.baz
# Another way to add a new method to foo. This method, baz, will be added to # foo's singleton class. class <<foo def qux puts"Called qux" end end
# Call the method we just added. foo.qux
# Show that we don't have either baz or qux for any other Foo objects. foo2=Foo.new foo2.bar# Should be there foo2.baz# Should not be there foo2.qux# Should not be there
# Add two class methods to Foo. class Foo class <<self def quux puts"Called quux" end end
def self.quuux puts"Called quuux" end end
foo3=Foo.new foo3.quux foo3.quuux
Foo.quux Foo.quuux
First we define a class Foo (here we're going to use metasyntactic variables, a phrase I just learned here). Anyway, class Foo has two methods, bar and method_missing (see last post). bar just prints out the fact that it was called and method_missing shows any methods called that aren't available. Nothing too awfully interesting here, we've seen things like this a million times. Next, we'll just create a new Foo called foo and then call the bar method on it. After that, we're going to do something a bit new, we're going to add a new method, baz, to foo (note that we're adding it to the object foo and not the class Foo. We'll call foo.baz to show that it works. Following, we're going to add a method qux using a different syntax, but it will do exactly the same thing as the last addition. Then we're going to call qux on foo to show that it works. Where were these methods added? Well, you can see from the next few statements, that they weren't added to all Foos. The fact is they were added to foo's Singleton Class. The Singleton Class sits between the object foo and its class Foo (see Jones' post to see this represented graphically).
Since a class has a class Class (OK, that may have made very little sense), it makes sense that the class Foo itself might have a Singleton Class and if you guessed that, then you guessed correctly. In the next section, we add a couple of methods using two different techniques to Foo (notice that we just reopen it), as class methods. In the same way as happened above, these methods are added to the Foo Singleton Class. We create a new foo3 variable and show that we can't call these new methods using an instance of foo, then we call them using Foo.
OK, so all of this is very interesting and ... so what? What can we do with this. Well, one use for the Singleton Class is for mocking (once again shown in Jones' post).
# Create a class, User, that has a single method get_buy_power. In # real life a user would have many, many more methods than this. class User def get_buy_power # Normally, this would be a complex call to # the database, but here we'll just return # a random number * 10000.0. This should give # us a number between 0 and 10000. rand*10000.0 end end
# A "normal" user. user_normal=User.new puts"user_normal buy power = #{user_normal.get_buy_power}"
# Create a new User user_small_bp=User.new
# Change the user_small_bp's get_buy_power method to return a small value. This will be # added to the user_small_bp's singleton class. class <<user_small_bp def get_buy_power 20.0 end end
# Print out the buy power for the user_small_bp puts"user_small_bp buy power = #{user_small_bp.get_buy_power}"
# Create a new User user_large_bp=User.new
# Change the user's get_buy_power method to return a large value. This will be # added to the user's singleton class. class <<user_large_bp def get_buy_power 200000.0 end end
# Print out the buy power for the user_large_bp puts"user_large_bp buy power = #{user_large_bp.get_buy_power}"
# We can now use user_small_bp and user_large_bp to run tests on buying stocks # without enough buy power or with quite a bit of buy power.
# Create a simple OrderManager that will place orders and send orders. The place_order # method will check a user's buy power before sending an order through. If the buy power isn't # large enough, it will simply print a message, otherwise it will send the order and it # will also print a message. class OrderManager def place_order(user,shares,stock,price) ifuser.get_buy_power>price*shares send_order(stock,price,shares) else puts"Not engough buy power for #{shares} of #{stock} at #{price}" end end
private
def send_order(stock,price,shares) puts"Order sent for #{shares} of #{stock} at #{price}" end end
# Create a simple order manager. order_manager=OrderManager.new
# Place an order for 200 shares of apple at $210.0 with user_small_bp. This should fail. order_manager.place_order(user_small_bp,200,"AAPL",210.0)
# Place an order for 200 shares of apple at $210.0 with user_large_bp. This should succeed. order_manager.place_order(user_large_bp,200,"AAPL",210.0)
Take a look at the code above. In the world that I live in (stock trading software), users have a certain amount of buy power that they can use to purchase stocks. Normally, this value would come out of the database and would be incremented (selling a stock) and decremented I(buying a stock) with each trade (OK, this sentence is incredibly simplistic, but will do for now). We're going to use Singleton Class to change our get_buy_power method (rather than adding as we did earlier). In one case, we'll give the user very little buy power and in the other, quite a bit more. After that, we'll create simple order manager that will allow us to place an order for a user that will check their buy power before sending it.
So there you have it, the Singleton Class and its usage. As always, let me know if you have any questions or comments.
I've been reading"Ruby Best Practices" by Gregory T. Brown and it's well worth checking out for anyone interested in Ruby. I'm in the middle of Chapter 3, "Mastering the Dynamic Toolkit" and thought I'd share a some simple bits of code that actually use dynamic programming.
We actually make use of the fact that with Ruby you can add a method_missing method to any class that allows you to capture calls to any method that are ... well missing. Here's a simple example that shows how it works.
# Create a class with the method_missing method. If a method # is called on this class and it's not found, then this method # will be called. We'll then print whatever was passed in along # with the fact that it's not there. class MM def x puts"Called x" end
def y puts"Called y" end
def method_missing(name,*args,&block) puts"You tried to call #{name} with #{args.inspect}. There is no method with that name." end end
if__FILE__==$PROGRAM_NAME
# Create a new MM mm=MM.new
# Call the two mehtods that do exist. mm.x mm.y
# Call z (which doesn't exist) both with and without # paramaters. mm.z mm.z1,2,3 end
This code creates a simple class called MM with three methods, x, y, and method_missing. The first two only print out the fact that they were called and the third will print out any other method that gets called, say z 1,2, 3 and will print out the name and parameters that get passed in to it. The main code just creates a new MM and calls a few methods (existing and not) on it.
Admittedly, this isn't too awfully interesting, but in our next example, we'll actually use method_missing to save ourselves some work. Here's the second bit of code:
# Create a class MM1. The x and y methods require calling # setup before and teardown after. This means that everytime # we have to add a new method (say z()), we end up having to # duplicate this code. class MM1
def setup puts"Setup" end
def teardown puts"Tear down" end
def x setup puts"Called x" teardown end
def y setup puts"Called y" teardown end end
# Create a class with the method_missing method. Here we # still require x and y to have setup and teardown called, but # we wrap it in method_missing as setup_x_teardown or setup_y_teardown. # This allows us to also add z without having to worry about remembering # the setup/teardown. class MM2
def setup puts"Setup" end
def teardown puts"Tear down" end
# The method_missing() does all of the work here. We check if the # name is setup_something_teardown and if it is, we call setup, # call something with the parameters passed in, and then call teardown. # If the method isn't of this form, we just pass it along. def method_missing(name,*args,&block) case(name) when/^setup_(.*)_teardown/ setup send($1,*args,&block) teardown else super end end
def x puts"Called x" end
def y puts"Called y" end end
if__FILE__==$PROGRAM_NAME
# Create a new MM1 mm1=MM1.new
# Call the two mehtods that do exist. mm1.x mm1.y
# Create a new MM2 mm2=MM2.new mm2.setup_x_teardown mm2.setup_y_teardown end
There's two classes here that both "do" the same thing. The first class MM1 has two methods, x and y that require a setup before they are called and a teardown after they are called.
The second class, MM2, has the same requirements, but we're going to handle them a bit differently. We have the same setup and teardown, but we don't have x and y call them directly. Instead we use method_missing to handle the setup and teardown. What we're going to do is use method_missing and then check the name parameter. If it matches something that looks like setup_X_teardown, then we'll call setup, call the method using send, and finally, call teardown. If we don't match the pattern, then we just pass the call up the chain. The main code here creates both an MM1 and an MM2 and shows a bit of how to use them.
Here, in this simple example, you probably wouldn't bother with this. In the book Brown gives a much better use case, but this should give you some ideas at least.
This in from Jeremy Evans ------------------------------ Looks better, but I recommend a few more changes:
1) You need to salt your password hashes. Unsalted hashes are better than storing the password in plaintext, but most common hash algorithms probably already have large rainbow tables that will allow an easy lookup of most passwords given an unsalted hash.
2) I would recommend at least including random data when generating the random key for password resets. Your use of the username and Time.now makes it guessable if you know roughly when the user requested/will request a password change. encrypt_password is a poorly named method, since you are hashing, not encrypting (encrypting implies the possibility of decrypting, while hashing is one way).
3) I generally put a time limit on password resets. That way if someone requests one, but then remembers their password and doesn't change it, they are not vulnerable to someone else changing it next year. ------------------------------------------------
So, add the salt for the password, modify the generate_rand_key() to add a random component (possibly just add a #{rand(1000000)} to the end of the string to add in a 6 digit random component, rename encrypt_password to say hash_password, and finally add a time limit. Here, you'll need to add a date to the user table, add a date when you generate_rand_key(), and check this in change_password() when you also test the existence of a user with the key.
Thanks for the improvements Jeremy.
------------------------------------------------
After my last post, I received, as I noted, some rather stern comments on a) saving passwords in plaintext in the database and b) sending them in plaintext via email. So, I decided to fix the example up to make it a bit better. We'll be saving the password as a hash in the database and also when the user forgets their password, we'll send a link to let them change it. One other suggestion was to add a salt for the password hash which is easy enough to do, but I've left it as an exercise for the reader. I should note that some of the ideas in this post were stolen (and I mean that in the good sense) from JustKez. This post is definitely worth reading over as are others on the site.
OK, let's get started. We'll start out with the database migration.
# dbMigration/001_ForgotPassword.rb # # This is the "new" way to do migrations by using the Class.new form. # It means that a new class name is not required and so there is no chance # of creating a second class in the migration files that is the same as the # first causing problems. Class.new(Sequel::Migration)do def up # Create the users table. create_table(:users)do primary_key:id String:user_name String:password String:email String:rand_key end
end
def down # Remove the two tables. drop_table(:users) end end
This is a bit simpler than in the previous example. We're only going to have a users table with the user_name, password (which will be encrypted), an email address, and a random key (used for sending the user their password). The down method will just drop the users table. To generate the password, simply type sequel -M dbMigration/ sqlite://forgot.db. This will create the database we'll use for the project.
The model for this is pretty simple too.
# models/models.rb # # Create the User model. Each user can have a single challenge question. require'digest/sha1' class User<Sequel::Model
# Return an encrypted password based on the one passed in. def self.encrypt_password(password) Digest::SHA1.hexdigest(password) end
# Generate a random key based on the username and the current time in # rand_key and save the model back to the database. We'll use this to email # the user so that they can changer their password. def generate_rand_key self.rand_key=Digest::SHA1.hexdigest("#{@username} -- #{Time.now}") save end end
The only model we have is for the User. We have a couple of methods. The first is a Class level method for encrypting the password. We create a hash of the password using SHA1 and return the value (it will be used for creation of the user and changing the password). The second method is for generating a random key which will be passed as part of a link to the user in case they forget or lose their password.
Here's our start code
# start.rb # # This is the main program for the example. It loads the Sequel database, # loads the controllers and models, and then starts up Ramaze. # # The database should have been set up using the database migrations in # the dbMigration directory. require'rubygems' require'ramaze' require'sequel'
# Required for mailing. require'net/smtp' require'mailit'
# Create the mailer. MAILER=Mailit::Mailer.new(:server=>'MailServer.MyCompany.COM',:port=>25,:username=>'ApplicationName', :password=>'ApplicationPassword')
# Open the forgot password database. This must be done before we access the # models that use it. DB=Sequel.sqlite("forgot.db")
# Load the controllers and models. require'models/models' require'controllers/main_controller'
# Start Ramaze. Ramaze.start
This is pretty much the same as most of our start files. We add in the code for mailit, open the database, and then require our models and controllers. Finally, we start ramaze.
Next up our only controller.
# controllers/main_controller.rb # # The mainController has a single method index. First map to / for # the view. Next, set the layout to page so that we use the layout/page.xhtml for our # layout. class MainController<Ramaze::Controller
# The Main controller will be accessed using "main" as in: # http://localhost:7000/main. map'/'
# Use page.xhtml in the layout directory for layout except # for when we're doing AJAX. layout(:page){!request.xhr?}
# Set up a helper to check if we're logged in and only allow access # to the :logged_in page if we are. This is probably the hard way to # do this for only the single page but will make much more sense if # we add more pages as we'd do in a real application. helper:aspect before(:account_settings,:main){ unlesslogged_in? # Set the flash message which will only be available in the next # screen. In this case that will be the logged_in screen. flash[:message]="You must log in before accessing the requested page." redirectrs(:index) end }
# You can access it now with http://localhost:7000/ def index @title="SteamCode - User" end
# Placeholder for real content. def main "<h2>Main</h2>" end
# Placeholder for real content. def about "<h2>About</h2>" end
# Placeholder for real content. def help "<h2>User Help</h2>" end
# Register a new user with SteamCode. We will get here from the # views/register.xhtml page where the user will put in their (requested) # login, password, and email address. First find if the user already # exists, if it does, then we'll set a message to tell the user so and # redirect them back to the register screen. If not, we'll go ahead and add # them to the database with the appropriate login, password, and email # address. We'll then send them to the login screen to let them log in to # SteamCode. def register @title="Register with SteamCode" # Make sure we're getting here from a post request. ifrequest.post? # Check the login and password. # if we find the Account based on the login and password. If we find it # we'll save the login ID in the session variable and we can use that # to show if the Account is currently logged in or not. If we can't # find the Account, we'll set the flash message, set the session to nil # and just stay on this page. unlessUser.find(:user_name=>request[:user_name]) # This account does not exist. Grab the user_name, the password, # and the email and create a new Account with them. user_name=request[:user_name] password=request[:password] email=request[:email]
# Create the account with the user_name, password, and email given. user=User.create(:user_name=>user_name,:password=>User.encrypt_password(password),:email=>email) Ramaze::Log.debug"New User Added: user_name = #{user.user_name} password = #{user.password} email = #{user.email}"
# Redirect to the login page. redirectrs(:login)
else # This user already exists. Set the flash message for them to # try again. flash[:message]="Login #{request[:user_name]} already used. Please select another."
# Stay on the register page. redirectrs(:register) end end end
# Login to Steamcode. If the request is a post, then we'll try to find the # user. If we succeed then we'll set some session variables and redirect to # the main page (which the user can only access if they're logged in). If they # can't be logged in, we'll set a flash message, reset the session, and redirect # back to the login page. def login @title="Login to SteamCode" ifrequest.post? ifuser=User.find(:user_name=>request[:user_name],:password=>User.encrypt_password(request[:password])) # Use the name= portion of the input form to grab the data # from the request variable and save it in the session # hash table. session[:user_id]=user.id session[:user_name]=user.user_name
# Redirect to the main screen. redirectrs(:main) else # The login could not be authorized. Set the flash message # and stay on this page (index/login). Set the session loginID # to nil also. This will effectively log the user out. This would # be reasonable if they are logged in and then try to log in with # a new login/password. flash[:message]="Incorrect user name or password, please try again!!!" session[:user_id]=nil session[:user_name]=nil
# Stay on the login page. redirectrs(:login) end end end
# Let the user change account settings. For now this is # just the email and password. def account_settings @title="Account Settings for SteamCode" user=User[session[:user_id]] ifrequest.post? user=User[session[:user_id]] user.email=request[:email] user.password=User.encrypt_password(request[:password]) user.save flash[:message]="New email and/or password saved." redirectrs(:main) end @current_email=user.email end
# Logout of the system. Set the flash message and then # set the session values to nil. Finally, redirect back to the # index page. def logout @title="Logout from SteamCode" flash[:message]="#{session[:user_name]} Logged out" session[:user_id]=nil session[:user_name]=nil redirectrs(:index) end
# The user has requested that we email their password back to them. Generate # a random key and email it to them to allow them to change their password. def forgot_password ifrequest.post? # Final submit. ifuser=User.find(:user_name=>request[:user_name])
# Generate a key and associate it with the user_name. user.generate_rand_key
# Create the mail message and fill it in with the appropriate # information (to/from/subject/text). Then send it off. mail=Mailit::Mail.new mail.to=user.email mail.from="Steamcode@MyCompany.com" mail.subject="Steamcode Password" mail.text="To change your password: http://localhost:7000/change_password/#{user.rand_key}"
# Send the mail message via the MAILER (created in start.rb). MAILER.send(mail)
# Just go back to the login page. redirectrs(:login) else flash[:message]="Could not find user: #{request[:user_name]}"
# Could not find user with this user_name. redirectrs(:forgot_password) end end end
# The key will be the key that we created above when the user asked # for the password change. It will be passed as a parameter when the user # clicks on the link that was emailed to them. def change_password(key) # Check to make sure that there's a user with this key. user=User.find(:rand_key=>key) ifuser ifrequest.post? # We got here from a post and there's a user with the key. Go ahead # and a) change the password, b) reset the random key, and c) save # the new user information. Then set the flash message and put them # on the login screen. user.password=User.encrypt_password(request[:password]) user.rand_key=nil user.save flash[:message]="Your new password saved." redirectrs(:login) end else # There wasn't a user with this random key. Just flash a message # and then redirect to the login screen. flash[:message]="This does not appear to be a valid request." redirectrs(:login) end end
private
# If the user is logged in, the session will # contain a non nil user id. def logged_in? session[:user_id]!=nil end end
This is very similar to many of our other controllers from our past posts. We map to '/', Add the layout (which won't be used for AJAX calls (not used here anyway)), and then the aspect which will prevent the user from going to certain pages unless they're logged in to the system. The next four methods, index, main, about, and help are really just place holders. Index is where the user will end up initially and main is where they will end up after logging in. Then we have the register page. This will check if it's a post and if it is, try to find the user. If it can't find the user (note the use of "unless" here. To a certain extend, I'm trying to decide if it helps or hinder readability. Let me know what you think) it will create a new one with the parameters from the request hash. If the user already exists, we'll just flash a message back and redirect them back to the register page. Next we have the login method. We check to make sure this is from a post, then check to see if we can find the user based on their user name and password (using the model's encrypt_password method). If we find them, we go ahead and log them in (set the session variables) and redirect them to the main page. If not, we flash a message, reset the session variables, and redirect them back to the login page. The account_settings page let's the user reset their email and password. The logout page resets the session variables and then redirects back to the index page. Looking at it now, I'd recommend refactoring the session resets here and in login to their own private method (once again we'll leave that as an exercise). The forgot_password method is the reason for all of this. We check that it's a post and contains a valid user. If so, we generate a random key for the user (using the model method) and then create an email with the link containing this key. If we can't find the user, we'll flash a message and redirect back to the same page. Finally (for the pages anyway), we have the change_password page. This checks to see if we have user with this rand_key (from the link generated above) and if we do, we check if this is a post and change their password appropriately, reset the random key (so it's used only once), flash a message and redirect them back to the login page. If there wasn't a user with that random key, we simply flash a message and redirect them back to the login page. Finally, we have the private method that's used to check if a user is logged in to the system.
<htmlxmlns="http://www.w3.org/1999/xhtml"> <head> <!-- Use the page.css in the public directory and set title based on what's set in the associated method. --> <linkrel="stylesheet"type="text/css"href="/page.css"/>
<divid="nav"> <!-- Main/User controller --> <!-- Move this next section over to the right side of the screen. It will contain the Login/Register if we're not logged in and the Logout if we are. --> <spanstyle="float: right"> <!-- We're going to use the private method logged_in? here to test if we want to show the Login/Register links or the Logout link --> <?rif !logged_in??> <ahref="#{r(:login)}">Login</a> <ahref="#{r(:register)}">Register</a> <?relse?> <ahref="#{r(:account_settings)}">Account</a> <ahref="#{r(:logout)}">Logout</a> <?rend?> </span>
<!-- These next three will be on the left side and always there --> <ahref="#{r(:index)}">Home</a> | <ahref="#{r(:about)}">About Us</a> | <ahref="#{r(:help)}">Help</a> </div>
<divid="content"> <!-- Display the actual content. This will come from the method or the associated view/*.xhtml file --> #@content </div>
<!-- Set the footer in the center of the screen. --> <divid="footer"style="text-align: center;"> <h5> Powered by Ramaze </h5> </div> </div> </body> </html>
It's stripped down a bit from the last post and has all of the administration stuff removed. Since you've seen this in past posts, I won't go through it. It's mostly just code for the navigation with some content and a header and footer tossed in for good measure.
Let's take a look at the views for the project. They're really simple this time. No JavaScript and no AJAX. Here's the index.
#{flashbox} <h2>Welcome</h2>
Here's the login page
#{flashbox} <ahref="#{r(:forgot_password)}">Forgot your password?</a> <br/>
<formid="login"method="post"> <fieldset> <legend> Login </legend> <div> <!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the user_name. --> <labelfor="user_name">User Name:</label> <inputid="user_name"name="user_name"type="text"/> <br/>
<!-- Input for the user_name. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"/> <br/>
<!-- Submit the login request. --> <inputtype="submit"value="Login"/> </div> </fieldset> </form>
There's just input boxes for the user name and password and a button for submitting.
Here's the registration page.
<!-- view/register.xhtml --> <formid="register"method="post"> <div> <!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the user_name. --> <labelfor="user_name">Login:</label> <inputid="user_name"name="user_name"type="text"/> <br/>
<!-- Input for the password. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"/> <br/>
<!-- Input for the email. --> <labelfor="email">Email:</label> <inputid="email"name="email"type="text"/> <br/>
<!-- Submit the new User --> <inputtype="submit"value="Register"/> </div> </form>
As above boxes for user name, password, and email plus the submit button.
Here's the page for changing the account settings.
<!-- Let's the user change their email and/or password --> <formid="change_password"method="post"> <fieldset> <legend> Change Settings </legend> <div> <!-- Input for the email address. --> <labelfor="email">Email:</label> <inputid="email"name="email"type="text"value=#{@current_email}/> <br/>
<!-- Input for the password. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"/> <br/>
<!-- Submit the new email and/or password --> <inputtype="submit"value="Submit"/> </div> </fieldset> </form>
This contains boxes for password and email (the user can't change their user_name) and the submit button.
<!-- for= goes with id=, the name= is placed in the request variable. --> <!-- Input for the user_name. --> <labelfor="user_name">User Name:</label> <inputid="user_name"name="user_name"type="text"value="User Name"/> <br/>
</div>
<!-- Once they've put in the challenge answer, they will select --> <!-- this and the system will send their password via email. --> <inputtype="submit"value="Send Password"/> </fieldset> </form> <br/>
This has a box for the user_name and the submit button. When the user puts in their user_name and submits, an email is generated (see above) that provides a link to change their password. This page is the change_password.xhtml.
<!-- view/register.xhtml --> <formid="change_password"method="post"> <div> <!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the password. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"/> <br/>
<!-- Submit the new User --> <inputtype="submit"value="Change Password."/> </div> </form>
Once again, dead simple with the password box and a submit (you'd probably want a confirmation password that would be checked using JavaScript, but we'll just assume that the user won't make any mistakes.
That's pretty much everything except for the CSS which is in public/page.css
So, I hope this works out for everyone a bit better than the last version and gets at least a bit closer to what you might use in a "real" project. Let me know if you have questions or comments.
Edit: I received some rather stern comments on this post on the Sequel mail list and probably rather deservedly. The primary complaints were that you really shouldn't even be doing this sort of thing as it a) involves saving the user's password as plaintext in the database and b) sending the user's password in plaintext over the internet via email. The solution is to save the user's password as a hash in the database and then provide a link to them for changing the password if requested. I basically agree with the criticism, so use this only for non-critical applications (i.e. don't use if for a banking app.) or better yet, just use some of the techniqes (email, AJAX) without using the whole idea. Thanks to all who commented to set me straight.
For a recent project, I was looking at how to notify the user if they forgot their password. I'd initially thought the interesting piece would be the email part, but really, not so much. Let's start there though. The first thing you'll need to add that we haven't before is install Michael Fellinger's (Manveru) Mailit. So ... sudo gem install mailit
With that taken care of, let's take a look at our database migrations. There's two of them since I added the admins table later. Here's the first one
# dbMigration/001_ForgotPassword.rb # # This is the "new" way to do migrations by using the Class.new form. # It means that a new class name is not required and so there is no chance # of creating a second class in the migration files that is the same as the # first causing problems. Class.new(Sequel::Migration)do def up # Create the users table. create_table(:users)do primary_key:id String:user_name String:password String:email String:challenge_answer foreign_key:challenge_question_id,:challenge_questions end
# Create the challenge questions table. create_table(:challenge_questions)do primary_key:id String:question end
end
def down # Remove the two tables. drop_table(:users,:challenge_questions) end end
Here we create a user table that has a user_name, password, email, and a challenge_response. It also has a foreign key to the challenge_questions table for the challenge question. The challenge_question table contains a list of potential questions that the user can select. This will be handled as a drop down when they register for the site.
The second migration script contains the admins table. For this application, about the only thing an admin can do is add more challenge questions. We'll also add in an admin since we don't have another way of doing it in this application. Here we'll give the admin the name "admin" (clever) and a password "helloworld" (better anyway), and an email address that's never used.
# dbMigration/002_ForgotPasswordMigration.rb # # This is the "new" way to do migrations by using the Class.new form. # It means that a new class name is not required and so there is no chance # of creating a second class in the migration files that is the same as the # first causing problems. Class.new(Sequel::Migration)do def up # Add in the admins table for administrators. create_table(:admins)do primary_key:id String:admin_name String:password String:email end
# Add in an administrator. from(:admins).insert(:admin_name=>'admin',:password=>'helloworld',:email=>'admin@company.com')
end
def down # Remove the administrators table. drop_table(:admins) end end
We run our migrations with the following:
sequel -m dbMigration/ sqlite://forgot.db
The models we use for this project are pretty simple. The User model just states that it's many_to_one with the challenge questions (many users can have the same challenge question). The Admin model is about as simple as it gets (empty). The ChallengeQuestion model has the one_to_many with users (one challenge question can be associated with many users). It also has the self.questions method which will return all of the challenge questions in the database and their associated ids. This will be used by the registration page to allow the user to select one challenge question from a drop down.
# Create the User model. Each user can have a single challenge question. class User<Sequel::Model many_to_one:challenge_question end
# Create the Challenge_Question model. Multiple users can have a single # challenge question. class ChallengeQuestion<Sequel::Model one_to_many:users
# Will return an array of all of the questions. def self.questions select(:id,:question).all end end
# Create the Administrator model. class Admin<Sequel::Model end
So now we're ready to move on to the start.rb file.
# start.rb # # This is the main program for the example. It loads the Sequel database, # loads the controllers and models, and then starts up Ramaze. # # The database should have been set up using the database migrations in # the dbMigration directory. require'rubygems' require'ramaze' require'sequel'
# Required for mailing. require'net/smtp' require'mailit'
# Create the mailer. MAILER=Mailit::Mailer.new(:server=>'MailServer.MyCompany.COM',:port=>25,:username=>'ApplicationName',:password=>'ApplicationPassword')
# Open the forgot password database. This must be done before we access the # models that use it. DB=Sequel.sqlite("forgot.db")
# Load the controllers and models. require'models/models' require'controllers/main_controller' require'controllers/admin_controller'
# Start Ramaze. Ramaze.start
The difference here from most of our other start.rb files is the addition of the code for the mailer. First we require 'net/smtp' and 'mailit'. The we create the MAILER. We'll pass the server name, the port (will almost certainly be 25), the username, and the password. This will create a mailer that we can then "send" messages to. Next we open the database, forgot.db, and then get the models and the controllers.
Let's take a look at the admin controller first.
# controllers/admin_controller.rb # # The AdminController has a single method index. First map to /admin for # the view. Next, set the layout to page so that we use the layout/page.xhtml for our # layout. Then we use a helper for the :xhtml which will allow us to use "js" in the # layout (we use this to generate a javascript link). class AdminController<Ramaze::Controller # The Admin controller will be accessed using "admin" as in: # http://localhost:7000/admin. map'/admin'
# Use page.xhtml in the layout directory for layout layout:page
# Let's us put in our "js" lines. helper(:xhtml)
# Set up a helper to check if we're logged in and only allow access # to the :logged_in page if we are. This is probably the hard way to # do this for only the single page but will make much more sense if # we add more pages as we'd do in a real application. helper:aspect before(:main,:add_challenge){ unlesslogged_in? # Set the flash message which will only be available in the next # screen. In this case that will be the logged_in screen. flash[:message]="You must log in before accessing the requested page." redirectrs(:index) end }
# You can access it now with http://localhost:7000/admin def index Ramaze::Log.debug"Enter Admin Index" @title="SteamCode - Administration Home" end
def main end
# Add a new challenge question for the user to select. def add_challenge ifrequest.post? challenge_question=request[:challenge_question] ChallengeQuestion.create(:question=>challenge_question) end end
# Login as an administrator. Figure out if this is a correct login/password # pair and log the admin in and redirect ot main if it is. If not, flash # a message and redirect back to the login page. def login @title="Library - Administration - Login" ifrequest.post? ifadmin=Admin.find(:admin_name=>request[:admin_name],:password=>request[:password]) # Use the name= portion of the input form to grab the data # from the request variable and save it in the session # hash table. session[:admin_id]=admin.id
# Redirect to the list_all screen. redirectrs(:main) else # The login could not be authorized. Set the flash message # and stay on this page (index/login). Set the session loginID # to nil also. This will effectively log the user out. This would # be reasonable if they are logged in and then try to log in with # a new login/password. flash[:message]="Incorrect user name or password, please try again!!!" session[:admin_id]=nil
# Stay on the login page. redirectrs(:login) end end end
# Log the administrator out. def logout session[:admin_id]=nil flash[:message]="Admin Logged out" redirectMainController.r(:index) end
private
# If the admin is logged in, the session will # contain a non nil admin id. def logged_in? session[:admin_id]!=nil end
end
It starts out with most of the same code as all of our controllers. There's the map command, the layout (here we'll use layout/page.xhtml), the helper for our javascript, the helper for aspect (this will allow us to do before/after commands for selected methods in this controller), the before command which will have us check for being logged in before allowing access to the main page and the add_challenge page. The first method is the index method which is the page that the admin will go to before logging in. This is followed by main which is where the admin will be redirected after login. Next we have the add_challenge method. Here we just grab the question from the request hash (filled in by the add_challenge page input) and create a new ChallengeQuestion from it (also adding it to the database). Next is the login method, which should be pretty familiar from past posts. If we find the admin (and here the only one we have was created by the database migration), we'll set the session admin_id variable and redirect to the main page. If we fail to login the admin, we'll put up a flash message and redirect back to the login page. Next is the logout which just resets the session admin_id, sets a message, and redirects back to the login page. Finally, we have the private method logged_in? which will check if an admin is logged in.
Let's take a look at the admin views. First we have the view/admin/index.xhtml.
#{flashbox} <p> Welcome to the Library. This is the Administrator's section. Please login and administrate. </p>
Nothing too much here, just a note for the user to login.
Next we have the main view.
<!-- The only thing here is a link to add a challenge question. --> <h2>Enter Admin</h2> <ahref="#{r(:add_challenge)}">Add Challenge Question</a>
This is the page that the admin will see when they log in to the system. Here, there's just a link to the add challenge question page.
<formid="login"method="post"> <fieldset> <legend> Add Challenge </legend> <div> <!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the challenge_question. --> <labelfor="challenge_question">User Name:</label> <inputid="challenge_question"name="challenge_question"type="text"/> <br/>
<!-- Submit the new challenge question (this should result in it being saved in the database) --> <inputtype="submit"value="Add"/> </div> </fieldset> </form>
Here we just have the input box for the challenge question and the submit button. This will, as noted above, add a new challenge question to the database.
Here's the login page.
#{flashbox} <formid="login"method="post"> <fieldset> <legend> Login </legend> <div> <!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the admin_name. --> <labelfor="admin_name">Admin:</label> <inputid="admin_name"name="admin_name"type="text"/> <br/>
<!-- Input for the password. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"/> <br/>
<!-- Submit the admin name and password. If accepted, the admin should get logged in. --> <inputtype="submit"value="Login"/> </div> </fieldset> </form>
It has input boxes for the admin's admin_name and password as well as the submit button. Once again, nothing very interesting. And the end of the admin pages.
Let's turn to the user side now. First we have the user controller, controllers/main_controller.rb.
# controllers/main_controller.rb # # The mainController has a single method index. First map to /admin for # the view. Next, set the layout to page so that we use the layout/page.xhtml for our # layout. Then we use a helper for the :xhtml which will allow us to use "js" in the # layout (we use this to generate a javascript link). class MainController<Ramaze::Controller
# The Main controller will be accessed using "main" as in: # http://localhost:7000/main. map'/'
# Use page.xhtml in the layout directory for layout except # for when we're doing AJAX. layout(:page){!request.xhr?}
# Let's us put in our "js" lines. helper(:xhtml)
# Set up a helper to check if we're logged in and only allow access # to the :logged_in page if we are. This is probably the hard way to # do this for only the single page but will make much more sense if # we add more pages as we'd do in a real application. helper:aspect before(:account_settings,:main){ unlesslogged_in? # Set the flash message which will only be available in the next # screen. In this case that will be the logged_in screen. flash[:message]="You must log in before accessing the requested page." redirectrs(:index) end }
# You can access it now with http://localhost:7000/ def index @title="SteamCode - User" end
# Placeholder for real content. def main "<h2>Main</h2>" end
# Placeholder for real content. def about "<h2>About</h2>" end
# Placeholder for real content. def help "<h2>User Help</h2>" end
# Register a new user with SteamCode. We will get here from the # views/register.xhtml page where the user will put in their (requested) # login, password, and email address. First find if the user already # exists, if it does, then we'll set a message to tell the user so and # redirect them back to the register screen. If not, we'll go ahead and add # them to the database with the appropriate login, password, and email # address. We'll then send them to the login screen to let them log in to # SteamCode. def register @title="Register with SteamCode" @questions=ChallengeQuestion.questions # Make sure we're getting here from a post request. ifrequest.post? # Check the login and password. # if we find the Account based on the login and password. If we find it # we'll save the login ID in the session variable and we can use that # to show if the Account is currently logged in or not. If we can't # find the Account, we'll set the flash message, set the session to nil # and just stay on this page. ifUser.find(:user_name=>request[:user_name])
# This user already exists. Set the flash message for them to # try again. flash[:message]="Login #{request[:user_name]} already used. Please select another."
# Stay on the register page. redirectrs(:register) else # This account does not exist. Grab the user_name, the password, # and the email and create a new Account with them. user_name=request[:user_name] password=request[:password] email=request[:email]
# Log the new user (a real application wouldn't probably print # the password out though). # Ramaze::Log.debug "New User Added: user_name = #{user_name} password = #{password} email = #{email}"
# Create the account with the user_name, password, and email given. user=User.create(:user_name=>user_name,:password=>password,:email=>email, :challenge_answer=>request[:challenge_answer], :challenge_question=>ChallengeQuestion[request[:challenge_question]]) Ramaze::Log.debug"New User Added: user_name = #{user.user_name} password = #{user.password} email = #{user.email} question = #{user.challenge_question.question}"
# Redirect to the login page. redirectrs(:login) end end end
# Login to Steamcode. If the request is a post, then we'll try to find the # user. If we succeed then we'll set some session variables and redirect to # the main page (which the user can only access if they're logged in). If they # can't be logged in, we'll set a flash message, reset the session, and redirect # back to the login page. def login ifrequest.post? ifuser=User.find(:user_name=>request[:user_name],:password=>request[:password]) # Use the name= portion of the input form to grab the data # from the request variable and save it in the session # hash table. session[:user_id]=user.id session[:user_name]=user.user_name
# Redirect to the main screen. redirectrs(:main) else # The login could not be authorized. Set the flash message # and stay on this page (index/login). Set the session loginID # to nil also. This will effectively log the user out. This would # be reasonable if they are logged in and then try to log in with # a new login/password. flash[:message]="Incorrect user name or password, please try again!!!" session[:user_id]=nil session[:user_name]=nil
# Stay on the login page. redirectrs(:login) end end end
# Let the user change account settings. For now this is # just the email and password. def account_settings user=User[session[:user_id]] ifrequest.post? user=User[session[:user_id]] user.email=request[:email] user.password=request[:password] user.save flash[:message]="New email and/or password saved." redirectrs(:main) end @current_password=user.password @current_email=user.email end
# Logout of the system. Set the flash message and then # set the session values to nil. Finally, redirect back to the # index page. def logout flash[:message]="#{session[:user_name]} Logged out" session[:user_id]=nil session[:user_name]=nil redirectrs(:index) end
# The user has requested that we email their password back to them. When they submit # their challenge response and we verify it, we'll set up an email response using # Mailit and send it to them. def forgot_password Ramaze::Log.debug"Enter Forgot Password" @page_javascript='forgot_password' ifrequest.post? Ramaze::Log.debug"Challenge Question Submitted: Email: #{request[:user_name]} Answer: #{request[:challenge_answer]}" # Final submit. ifuser=User.find(:user_name=>request[:user_name],:challenge_answer=>request[:challenge_answer]) Ramaze::Log.debug"Found user: #{user.user_name}#{user.email}#{user.password}"
# Create the mail message and fill it in with the appropriate # information (to/from/subject/text). Then send it off. mail=Mailit::Mail.new mail.to=user.email mail.from="Steamcode@MyCompany.com" mail.subject="Steamcode Password" mail.text="Your password is: #{user.password}."
# Send the mail message via the MAILER (created in start.rb). MAILER.send(mail)
# Just go back to the login page. redirectrs(:login) else Ramaze::Log.debug"Could not find user: #{request[:user_name]} or incorrect challenge response." flash[:message]="Could not find user: #{request[:user_name]} or incorrect challenge response."
# Could not find user with this user_name/challenge answer just redirect to forgot password redirectrs(:forgot_password) end end end
# This is called from an Ajax request. We take in the email address that the # user submitted and then pass back the challenge question for that user. If # we can't find the user, we won't respond with anything and we'll let the # javascript (public/js/forgot_password.js) deal with it. In this case, they'll # just pop up an alert to let the user know. def generate_forgot_question ifrequest.xhr? # Get the user_name and if it exists, return the challenge question. If not, generate the # could not find user_name messesage. ifuser=User.find(:user_name=>request[:user_name]) challenge_question=user.challenge_question.question Ramaze::Log.debug"Challenge Question Requested: challenge_question = #{challenge_question}"
# It looks like we a) MUST use the respond command and b)MUST use the 200 return value. This was # determined by just trying different things. json="{ challenge_question: \"#{challenge_question}\"}" respondjson,200 else # Go ahead and log a message. Ramaze::Log.debug"Could not find user with user_name: #{request[:user_name]}" end end end
private
# If the user is logged in, the session will # contain a non nil user id. def logged_in? session[:user_id]!=nil end end
The main controller starts the exact same way that the admin controller does. It has the map, layout, helper, and aspect lines and for all of the exact same reasons. Next is the index method which is the default page before someone logs in and this is followed by the main page which is where a user ends up after they log in. Next are two placeholder methods about and help that can be used for obvious purposes. Next is the registration method. We check if this is called from a post and if it is, we check to see if we already have a user with the user_name that was submitted. If we already have that name registered, we'll flash the user a message and send them back to the registration page. If we don't, we'll create a new user with the user_name, password, email, and challenge question/answer. Then we'll redirect them to the main page. Next, the login page will see if they can find the user with the given user_name and password and if so, we save their information in the session and redirect them to the main page. If not, we'll flash a message and redirect back to the login page so that they can try again. The account_settings allows the user to change their email and/or password. The logout method, like the corresponding admin logout, sets the session id and redirects the user back to the index page. The forgot_password method is the main reason for the post and it's actually pretty simple. We check the user_name and the challenge_answer that they provided and if they match we use the MAILER constant to send the email containing their password and redirect them to the login page. If we can't find the user or if the challenge answer doesn't match, we'll flash a message and send them back to the forgot_password page. The generate_forgot_question will come from an AJAX request. If we find the user_name, we'll send their challenge question back to them using JSON. If not, we'll just stay on the same page and they can try again. Finally, we have the logged_in? method, for checking if the user is logged in (obviously). We use this to protect certain pages from users who aren't logged in.
Now, let's take a look at the views. First is the index page and it's a simple Welcome message.
#{flashbox} <h2>Welcome</h2>
Next, the registration page contains input boxes for the user_name, password, email, and challenge response. There's also a drop down for the challenge question and the submit button.
<!-- view/register.xhtml --> <formid="register"method="post"> <div> <!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the user_name. --> <labelfor="user_name">Login:</label> <inputid="user_name"name="user_name"type="text"/> <br/>
<!-- Input for the password. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"/> <br/>
<!-- Input for the email. --> <labelfor="email">Email:</label> <inputid="email"name="email"type="text"/> <br/>
<!-- Input for the challenge question. The register() method will get the list of challenge questions from the database table ChallengeQuestion and will pass the list of questions and ids. --> <labelfor="challenge_question"class="label">Challenge Question:</label> <selectname="challenge_question"> <?r @questions.eachdo | question | ?> <optionvalue=#{question.id}>#{question.question} </option> <?rend?> </select> <br/>
<!-- Input for the challenge_answer. We'll save this and if they need to retrieve their password, we'll ask the question from above and see if they know the answer they will submit here. --> <labelfor="challenge_answer">Challenge Response:</label> <inputid="challenge_answer"name="challenge_answer"type="text"/> <br/>
<!-- Submit the new User --> <inputtype="submit"value="Register"/> </div> </form>
The login page only has the input boxes for the user_name and password along with the submit button.
#{flashbox} <ahref="#{r(:forgot_password)}">Forgot your password?</a> <br/>
<formid="login"method="post"> <fieldset> <legend> Login </legend> <div> <!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the user_name. --> <labelfor="user_name">User Name:</label> <inputid="user_name"name="user_name"type="text"/> <br/>
<!-- Input for the user_name. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"/> <br/>
<!-- Submit the login request. --> <inputtype="submit"value="Login"/> </div> </fieldset> </form>
The account_settings page only has the input boxes for the email and password along with the submit button. It would actually be nice to have a way to change the challenge question/response also.
<!-- Let's the user change their email and/or password --> <formid="change_password"method="post"> <fieldset> <legend> Change Settings </legend> <div> <!-- Input for the email address. --> <labelfor="email">Email:</label> <inputid="email"name="email"type="text"value=#{@current_email}/> <br/>
<!-- Input for the password. --> <labelfor="password">Password:</label> <inputid="password"name="password"type="password"value=#{@current_password}/> <br/>
<!-- Submit the new email and/or password --> <inputtype="submit"value="Submit"/> </div> </fieldset> </form>
The forgot_password page is reached from the login page. The user is offered a link for a forgotten password. Here they have an input box for their user name and then they'll put submit for and get their challenge question back. We then use a bit of AJAX magic to display the challenge question. When they put in their answer they can submit that and then get their password mailed to them as outlined above. Here's the XHTML followed by the JavaScript for the AJAX piece.
<!-- for= goes with id=, the name= is placed in the request variable. --> <!-- Input for the user_name. --> <labelfor="user_name">User Name:</label> <inputid="user_name"name="user_name"type="text"value="User Name"/> <br/>
<!-- Button for getting the challenge question based on the --> <!-- user_name above --> <divid='challenge_question'> <inputtype="submit"id="get_challenge"value="Get Challenge"/> </div>
</div>
<!-- Once they've put in the challenge answer, they will select --> <!-- this and the system will send their password via email. --> <inputtype="submit"value="Send Password"/> </fieldset> </form> <br/>
// public/js/forgot_password.js $(document).ready(function() { // Grab the get_challenge so we can add the choiceMarkup to it. var user_name_container = $("#user_name");
// Add click handler. When the get_challenge button is clicked, we'll send the // user_name value to the generate_forgot_question() method in the controller. $("#get_challenge").click(function(e) {
// Don't do the normal thing you'd do when clicking a button. e.preventDefault();
// Send a post request to the generate_forgot_question method when the // get_challenge button is clicked. Pass in the JSON "user_name: // user_name_container.val()" (value in the user_name input field to the // generate_forgot_question() method. The callback routine gets a // resultObject(JSON) and a status (not used and not actually // returned). The generate_forgot_question() method will return JSON, // the fourth parameter, to post. $.post( "/generate_forgot_question", {user_name: user_name_container.val()}, function(resultObject, resultStatus) {
var answer_container = $("#challenge_answer");
/* Check if the result contains the correct json and that there is no answer_container already. */ if (answer_container.length == 0) { if (resultObject.challenge_question != undefined) { // Take the resultObject and grab the challenge_question from it and add the // input for the user to submit. var result = [ " Challenge Question: ", resultObject.challenge_question, " ", "", " " ];
// Add the result to the challenge_question at the bottom. $("#challenge_question").append(result.join('')); } else { /* There wasn't a challenge answer returned, so let the user know. */ alert("Could not find user name " + user_name_container.val()); } } }, 'json' ); }); });
I've tried to comment this pretty well, but let's go through it. As always with jQuery we're going to make sure the document is ready before doing anything. Next, we'll grab the user_name container. We're going to use it to get the name the user types in to it and pass it back to the server for processing. Next, we set up a click function for the get_challenge button. We do this so we can use it to send the user name and retrieve the challenge question. Next, we disable the normal thing (submit) that we'd do for a button. Then we set up the post to the generate_forgot_password() method in the main controller. We'll pass the user_name that we get from the user_name_container we grabbed above, set up a function for processing the return value, and finally we'll let everyone know we're passing JSON back as the return value. Now let's look at the processing function. First we check to see if we already have a challenge_answer. If we don't, we check the resultObject and see if we have a challenge_question. If we do, then we put the challenge question and then create an input box for the answer. We then join this new HTML to the end of the challenge_question. There may be (OK probably is) better ways to do this. I'm not really an expert on JavaScript or AJAX or JSON, so if you have suggestions for cleaning this up, please leave some hints in the comments.
<htmlxmlns="http://www.w3.org/1999/xhtml"> <head> <!-- Use the page.css in the public directory and set title based on what's set in the associated method. --> <linkrel="stylesheet"type="text/css"href="/page.css"/>
<!-- Serve jQuery from Google. This appears to be the accepted way of doing things now. --> <scripttype="text/javascript"src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<!-- Need to have the xhtml helper for this next line --> #{ js @page_javascript }
<divid="nav"> <?rifaction.node.to_s=="MainController"?> <!-- Main/User controller --> <!-- Move this next section over to the right side of the screen. It will contain the Login/Register if we're not logged in and the Logout if we are. --> <spanstyle="float: right"> <!-- We're going to use the private method logged_in? here to test if we want to show the Login/Register links or the Logout link --> <?rif !logged_in??> <ahref="#{r(:login)}">Login</a> <ahref="#{r(:register)}">Register</a> <?relse?> <ahref="#{r(:account_settings)}">Account</a> <ahref="#{r(:logout)}">Logout</a> <?rend?> </span>
<!-- These next three will be on the left side and always there --> <ahref="#{r(:index)}">Home</a> | <ahref="#{r(:about)}">About Us</a> | <ahref="#{r(:help)}">Help</a> <?relse?> <!-- Admin controller --> <!-- Move this next section over to the right side of the screen. It will contain the Login/Register if we're not logged in and the Logout if we are. --> <spanstyle="float: right"> <!-- We're going to use the private method logged_in? here to test if we want to show the Login/Register links or the Logout link --> <?rif !logged_in??> <ahref="#{r(:login)}">Login</a> <?relse?> <ahref="#{r(:logout)}">Logout</a> <?rend?> </span>
<!-- These next three will be on the left side and always there --> <ahref="#{r(:main)}">Home</a> <?rend?> </div>
<divid="content"> <!-- Display the actual content. This will come from the method or the associated view/*.xhtml file --> #@content </div>
<!-- Set the footer in the center of the screen. --> <divid="footer"style="text-align: center;"> <h5> Powered by Ramaze </h5> </div> </div> </body> </html>
We've reused this a number of times, so it should look pretty familiar. In the head section, we set up for our JavaScript including for jQuery. This time around, we grab it from Google as per current best practices (possibly the only best practice here). Then we have the JavaScript for our particular page (this being whatever page the user is on that needs JavaScript. Next is the body where we have the "header" (which based on an interesting book I'm reading right now, Transcending CSS by Andy Clark, I'd probably relabel as "branding") with our title. Next is the "nav" section with two parts, one for the admin and one for a normal user. This is followed by the "content" which is really whatever is filled in by each of our methods in the controller and finally we have the footer (once again probably renamed to something like "siteinfo").
Finally, here's our CSS (once again, nothing we haven't seen before).
So, I think that's everything (let me know if I missed anything). This pretty much started out as an example for using mail, but that really proved to be the least interesting part of this given how easy it is to use the Mailit gem.
Let me know if you have any questions or comments and I'll do my best to answer them.