Thursday, November 12, 2009

Ramaze - Forgot Password (Edited 2009-11-20)

Edit: I received some rather stern comments on this post on the Sequel mail list and probably rather deservedly. The primary complaints were that you really shouldn't even be doing this sort of thing as it a) involves saving the user's password as plaintext in the database and b) sending the user's password in plaintext over the internet via email. The solution is to save the user's password as a hash in the database and then provide a link to them for changing the password if requested. I basically agree with the criticism, so use this only for non-critical applications (i.e. don't use if for a banking app.) or better yet, just use some of the techniqes (email, AJAX) without using the whole idea. Thanks to all who commented to set me straight.

-----------------------------------------------------

For a recent project, I was looking at how to notify the user if they forgot their password. I'd initially thought the interesting piece would be the email part, but really, not so much. Let's start there though. The first thing you'll need to add that we haven't before is install Michael Fellinger's (Manveru) Mailit. So ...
sudo gem install mailit

With that taken care of, let's take a look at our database migrations. There's two of them since I added the admins table later. Here's the first one

# dbMigration/001_ForgotPassword.rb
#
# This is the "new" way to do migrations by using the Class.new form.
# It means that a new class name is not required and so there is no chance
# of creating a second class in the migration files that is the same as the
# first causing problems.
Class.new(Sequel::Migration) do
def up
# Create the users table.
create_table(:users) do
primary_key :id
String :user_name
String :password
String :email
String :challenge_answer
foreign_key :challenge_question_id, :challenge_questions
end

# Create the challenge questions table.
create_table(:challenge_questions) do
primary_key :id
String :question
end

end

def down
# Remove the two tables.
drop_table(:users, :challenge_questions)
end
end



Here we create a user table that has a user_name, password, email, and a challenge_response. It also has a foreign key to the challenge_questions table for the challenge question. The challenge_question table contains a list of potential questions that the user can select. This will be handled as a drop down when they register for the site.

The second migration script contains the admins table. For this application, about the only thing an admin can do is add more challenge questions. We'll also add in an admin since we don't have another way of doing it in this application. Here we'll give the admin the name "admin" (clever) and a password "helloworld" (better anyway), and an email address that's never used.

# dbMigration/002_ForgotPasswordMigration.rb
#
# This is the "new" way to do migrations by using the Class.new form.
# It means that a new class name is not required and so there is no chance
# of creating a second class in the migration files that is the same as the
# first causing problems.
Class.new(Sequel::Migration) do
def up
# Add in the admins table for administrators.
create_table(:admins) do
primary_key :id
String :admin_name
String :password
String :email
end

# Add in an administrator.
from(:admins).insert(:admin_name => 'admin', :password => 'helloworld', :email => 'admin@company.com')

end

def down
# Remove the administrators table.
drop_table(:admins)
end
end



We run our migrations with the following:

sequel -m dbMigration/ sqlite://forgot.db

The models we use for this project are pretty simple. The User model just states that it's many_to_one with the challenge questions (many users can have the same challenge question). The Admin model is about as simple as it gets (empty). The ChallengeQuestion model has the one_to_many with users (one challenge question can be associated with many users). It also has the self.questions method which will return all of the challenge questions in the database and their associated ids. This will be used by the registration page to allow the user to select one challenge question from a drop down.

# Create the User model. Each user can have a single challenge question.
class User < Sequel::Model
many_to_one :challenge_question
end

# Create the Challenge_Question model. Multiple users can have a single
# challenge question.
class ChallengeQuestion < Sequel::Model
one_to_many :users

# Will return an array of all of the questions.
def self.questions
select(:id, :question).all
end
end

# Create the Administrator model.
class Admin < Sequel::Model
end



So now we're ready to move on to the start.rb file.

# start.rb
#
# This is the main program for the example. It loads the Sequel database,
# loads the controllers and models, and then starts up Ramaze.
#
# The database should have been set up using the database migrations in
# the dbMigration directory.
require 'rubygems'
require 'ramaze'
require 'sequel'

# Required for mailing.
require 'net/smtp'
require 'mailit'

# Create the mailer.
MAILER = Mailit::Mailer.new(:server => 'MailServer.MyCompany.COM', :port => 25, :username => 'ApplicationName', :password => 'ApplicationPassword')

# Open the forgot password database. This must be done before we access the
# models that use it.
DB = Sequel.sqlite("forgot.db")

# Load the controllers and models.
require 'models/models'
require 'controllers/main_controller'
require 'controllers/admin_controller'

# Start Ramaze.
Ramaze.start



The difference here from most of our other start.rb files is the addition of the code for the mailer. First we require 'net/smtp' and 'mailit'. The we create the MAILER. We'll pass the server name, the port (will almost certainly be 25), the username, and the password. This will create a mailer that we can then "send" messages to. Next we open the database, forgot.db, and then get the models and the controllers.

Let's take a look at the admin controller first.

# controllers/admin_controller.rb
#
# The AdminController has a single method index. First map to /admin for
# the view. Next, set the layout to page so that we use the layout/page.xhtml for our
# layout. Then we use a helper for the :xhtml which will allow us to use "js" in the
# layout (we use this to generate a javascript link).
class AdminController < Ramaze::Controller
# The Admin controller will be accessed using "admin" as in:
# http://localhost:7000/admin.
map '/admin'

# Use page.xhtml in the layout directory for layout
layout :page

# Let's us put in our "js" lines.
helper(:xhtml)

# Set up a helper to check if we're logged in and only allow access
# to the :logged_in page if we are. This is probably the hard way to
# do this for only the single page but will make much more sense if
# we add more pages as we'd do in a real application.
helper :aspect
before(:main, :add_challenge) {
unless logged_in?
# Set the flash message which will only be available in the next
# screen. In this case that will be the logged_in screen.
flash[:message] = "You must log in before accessing the requested page."
redirect rs(:index)
end
}

# You can access it now with http://localhost:7000/admin
def index
Ramaze::Log.debug "Enter Admin Index"
@title = "SteamCode - Administration Home"
end

def main
end

# Add a new challenge question for the user to select.
def add_challenge
if request.post?
challenge_question = request[:challenge_question]
ChallengeQuestion.create(:question => challenge_question)
end
end

# Login as an administrator. Figure out if this is a correct login/password
# pair and log the admin in and redirect ot main if it is. If not, flash
# a message and redirect back to the login page.
def login
@title = "Library - Administration - Login"
if request.post?
if admin = Admin.find(:admin_name => request[:admin_name], :password => request[:password])
# Use the name= portion of the input form to grab the data
# from the request variable and save it in the session
# hash table.
session[:admin_id] = admin.id

# Redirect to the list_all screen.
redirect rs(:main)
else
# The login could not be authorized. Set the flash message
# and stay on this page (index/login). Set the session loginID
# to nil also. This will effectively log the user out. This would
# be reasonable if they are logged in and then try to log in with
# a new login/password.
flash[:message] = "Incorrect user name or password, please try again!!!"
session[:admin_id] = nil

# Stay on the login page.
redirect rs(:login)
end
end
end

# Log the administrator out.
def logout
session[:admin_id] = nil
flash[:message] = "Admin Logged out"
redirect MainController.r(:index)
end

private

# If the admin is logged in, the session will
# contain a non nil admin id.
def logged_in?
session[:admin_id] != nil
end

end



It starts out with most of the same code as all of our controllers. There's the map command, the layout (here we'll use layout/page.xhtml), the helper for our javascript, the helper for aspect (this will allow us to do before/after commands for selected methods in this controller), the before command which will have us check for being logged in before allowing access to the main page and the add_challenge page. The first method is the index method which is the page that the admin will go to before logging in. This is followed by main which is where the admin will be redirected after login. Next we have the add_challenge method. Here we just grab the question from the request hash (filled in by the add_challenge page input) and create a new ChallengeQuestion from it (also adding it to the database). Next is the login method, which should be pretty familiar from past posts. If we find the admin (and here the only one we have was created by the database migration), we'll set the session admin_id variable and redirect to the main page. If we fail to login the admin, we'll put up a flash message and redirect back to the login page. Next is the logout which just resets the session admin_id, sets a message, and redirects back to the login page. Finally, we have the private method logged_in? which will check if an admin is logged in.

Let's take a look at the admin views. First we have the view/admin/index.xhtml.

#{flashbox}
<p> Welcome to the Library. This is the Administrator's section. Please login and administrate. </p>



Nothing too much here, just a note for the user to login.

Next we have the main view.

<!-- The only thing here is a link to add a challenge question. -->
<h2>Enter Admin</h2>
<a href="#{r(:add_challenge)}">Add Challenge Question</a>



This is the page that the admin will see when they log in to the system. Here, there's just a link to the add challenge question page.

<form id="login" method="post">
<fieldset>
<legend> Add Challenge </legend>
<div>
<!-- for= goes with id=, the name= is placed in the request variable. -->

<!-- Input for the challenge_question. -->
<label for="challenge_question">User Name:</label>
<input id="challenge_question" name="challenge_question" type="text" />
<br/>

<!-- Submit the new challenge question (this should result in it being saved in the database) -->
<input type="submit" value="Add" />
</div>
</fieldset>
</form>



Here we just have the input box for the challenge question and the submit button. This will, as noted above, add a new challenge question to the database.

Here's the login page.

#{flashbox}
<form id="login" method="post">
<fieldset>
<legend> Login </legend>
<div>
<!-- for= goes with id=, the name= is placed in the request variable. -->

<!-- Input for the admin_name. -->
<label for="admin_name">Admin:</label>
<input id="admin_name" name="admin_name" type="text" />
<br/>

<!-- Input for the password. -->
<label for="password">Password:</label>
<input id="password" name="password" type="password" />
<br/>

<!-- Submit the admin name and password. If accepted,
the admin should get logged in. -->

<input type="submit" value="Login" />
</div>
</fieldset>
</form>



It has input boxes for the admin's admin_name and password as well as the submit button. Once again, nothing very interesting. And the end of the admin pages.

Let's turn to the user side now. First we have the user controller, controllers/main_controller.rb.

# controllers/main_controller.rb
#
# The mainController has a single method index. First map to /admin for
# the view. Next, set the layout to page so that we use the layout/page.xhtml for our
# layout. Then we use a helper for the :xhtml which will allow us to use "js" in the
# layout (we use this to generate a javascript link).
class MainController < Ramaze::Controller

# The Main controller will be accessed using "main" as in:
# http://localhost:7000/main.
map '/'

# Use page.xhtml in the layout directory for layout except
# for when we're doing AJAX.
layout(:page) { !request.xhr? }

# Let's us put in our "js" lines.
helper(:xhtml)

# Set up a helper to check if we're logged in and only allow access
# to the :logged_in page if we are. This is probably the hard way to
# do this for only the single page but will make much more sense if
# we add more pages as we'd do in a real application.
helper :aspect
before(:account_settings, :main) {
unless logged_in?
# Set the flash message which will only be available in the next
# screen. In this case that will be the logged_in screen.
flash[:message] = "You must log in before accessing the requested page."
redirect rs(:index)
end
}

# You can access it now with http://localhost:7000/
def index
@title = "SteamCode - User"
end

# Placeholder for real content.
def main
"<h2>Main</h2>"
end

# Placeholder for real content.
def about
"<h2>About</h2>"
end

# Placeholder for real content.
def help
"<h2>User Help</h2>"
end

# Register a new user with SteamCode. We will get here from the
# views/register.xhtml page where the user will put in their (requested)
# login, password, and email address. First find if the user already
# exists, if it does, then we'll set a message to tell the user so and
# redirect them back to the register screen. If not, we'll go ahead and add
# them to the database with the appropriate login, password, and email
# address. We'll then send them to the login screen to let them log in to
# SteamCode.
def register
@title = "Register with SteamCode"
@questions = ChallengeQuestion.questions
# Make sure we're getting here from a post request.
if request.post?
# Check the login and password.
# if we find the Account based on the login and password. If we find it
# we'll save the login ID in the session variable and we can use that
# to show if the Account is currently logged in or not. If we can't
# find the Account, we'll set the flash message, set the session to nil
# and just stay on this page.
if User.find(:user_name => request[:user_name])

# This user already exists. Set the flash message for them to
# try again.
flash[:message] = "Login #{request[:user_name]} already used. Please select another."

# Stay on the register page.
redirect rs(:register)
else
# This account does not exist. Grab the user_name, the password,
# and the email and create a new Account with them.
user_name = request[:user_name]
password = request[:password]
email = request[:email]

# Log the new user (a real application wouldn't probably print
# the password out though).
# Ramaze::Log.debug "New User Added: user_name = #{user_name} password = #{password} email = #{email}"

# Create the account with the user_name, password, and email given.
user = User.create(:user_name => user_name, :password => password, :email => email,
:challenge_answer => request[:challenge_answer],
:challenge_question => ChallengeQuestion[request[:challenge_question]])
Ramaze::Log.debug "New User Added: user_name = #{user.user_name} password = #{user.password} email = #{user.email} question = #{user.challenge_question.question}"

# Redirect to the login page.
redirect rs(:login)
end
end
end

# Login to Steamcode. If the request is a post, then we'll try to find the
# user. If we succeed then we'll set some session variables and redirect to
# the main page (which the user can only access if they're logged in). If they
# can't be logged in, we'll set a flash message, reset the session, and redirect
# back to the login page.
def login
if request.post?
if user = User.find(:user_name => request[:user_name], :password => request[:password])
# Use the name= portion of the input form to grab the data
# from the request variable and save it in the session
# hash table.
session[:user_id] = user.id
session[:user_name] = user.user_name

# Redirect to the main screen.
redirect rs(:main)
else
# The login could not be authorized. Set the flash message
# and stay on this page (index/login). Set the session loginID
# to nil also. This will effectively log the user out. This would
# be reasonable if they are logged in and then try to log in with
# a new login/password.
flash[:message] = "Incorrect user name or password, please try again!!!"
session[:user_id] = nil
session[:user_name] = nil

# Stay on the login page.
redirect rs(:login)
end
end
end

# Let the user change account settings. For now this is
# just the email and password.
def account_settings
user = User[session[:user_id]]
if request.post?
user = User[session[:user_id]]
user.email = request[:email]
user.password = request[:password]
user.save
flash[:message] = "New email and/or password saved."
redirect rs(:main)
end
@current_password = user.password
@current_email = user.email
end

# Logout of the system. Set the flash message and then
# set the session values to nil. Finally, redirect back to the
# index page.
def logout
flash[:message] = "#{session[:user_name]} Logged out"
session[:user_id] = nil
session[:user_name] = nil
redirect rs(:index)
end

# The user has requested that we email their password back to them. When they submit
# their challenge response and we verify it, we'll set up an email response using
# Mailit and send it to them.
def forgot_password
Ramaze::Log.debug "Enter Forgot Password"
@page_javascript = 'forgot_password'
if request.post?
Ramaze::Log.debug "Challenge Question Submitted: Email: #{request[:user_name]} Answer: #{request[:challenge_answer]}"
# Final submit.
if user = User.find(:user_name => request[:user_name], :challenge_answer => request[:challenge_answer])
Ramaze::Log.debug "Found user: #{user.user_name} #{user.email} #{user.password}"


# Create the mail message and fill it in with the appropriate
# information (to/from/subject/text). Then send it off.
mail = Mailit::Mail.new
mail.to = user.email
mail.from = "Steamcode@MyCompany.com"
mail.subject = "Steamcode Password"
mail.text = "Your password is: #{user.password}."

# Send the mail message via the MAILER (created in start.rb).
MAILER.send(mail)

# Just go back to the login page.
redirect rs(:login)
else
Ramaze::Log.debug "Could not find user: #{request[:user_name]} or incorrect challenge response."
flash[:message] = "Could not find user: #{request[:user_name]} or incorrect challenge response."

# Could not find user with this user_name/challenge answer just redirect to forgot password
redirect rs(:forgot_password)
end
end
end

# This is called from an Ajax request. We take in the email address that the
# user submitted and then pass back the challenge question for that user. If
# we can't find the user, we won't respond with anything and we'll let the
# javascript (public/js/forgot_password.js) deal with it. In this case, they'll
# just pop up an alert to let the user know.
def generate_forgot_question
if request.xhr?
# Get the user_name and if it exists, return the challenge question. If not, generate the
# could not find user_name messesage.
if user = User.find(:user_name => request[:user_name])
challenge_question = user.challenge_question.question
Ramaze::Log.debug "Challenge Question Requested: challenge_question = #{challenge_question}"

# It looks like we a) MUST use the respond command and b)MUST use the 200 return value. This was
# determined by just trying different things.
json = "{ challenge_question: \"#{challenge_question}\"}"
respond json, 200
else
# Go ahead and log a message.
Ramaze::Log.debug "Could not find user with user_name: #{request[:user_name]}"
end
end
end

private

# If the user is logged in, the session will
# contain a non nil user id.
def logged_in?
session[:user_id] != nil
end
end



The main controller starts the exact same way that the admin controller does. It has the map, layout, helper, and aspect lines and for all of the exact same reasons. Next is the index method which is the default page before someone logs in and this is followed by the main page which is where a user ends up after they log in. Next are two placeholder methods about and help that can be used for obvious purposes. Next is the registration method. We check if this is called from a post and if it is, we check to see if we already have a user with the user_name that was submitted. If we already have that name registered, we'll flash the user a message and send them back to the registration page. If we don't, we'll create a new user with the user_name, password, email, and challenge question/answer. Then we'll redirect them to the main page. Next, the login page will see if they can find the user with the given user_name and password and if so, we save their information in the session and redirect them to the main page. If not, we'll flash a message and redirect back to the login page so that they can try again. The account_settings allows the user to change their email and/or password. The logout method, like the corresponding admin logout, sets the session id and redirects the user back to the index page. The forgot_password method is the main reason for the post and it's actually pretty simple. We check the user_name and the challenge_answer that they provided and if they match we use the MAILER constant to send the email containing their password and redirect them to the login page. If we can't find the user or if the challenge answer doesn't match, we'll flash a message and send them back to the forgot_password page. The generate_forgot_question will come from an AJAX request. If we find the user_name, we'll send their challenge question back to them using JSON. If not, we'll just stay on the same page and they can try again. Finally, we have the logged_in? method, for checking if the user is logged in (obviously). We use this to protect certain pages from users who aren't logged in.

Now, let's take a look at the views. First is the index page and it's a simple Welcome message.

#{flashbox}
<h2>Welcome</h2>



Next, the registration page contains input boxes for the user_name, password, email, and challenge response. There's also a drop down for the challenge question and the submit button.

<!-- view/register.xhtml -->
<form id="register" method="post">
<div>
<!-- for= goes with id=, the name= is placed in the request variable. -->

<!-- Input for the user_name. -->
<label for="user_name">Login:</label>
<input id="user_name" name="user_name" type="text" />
<br/>

<!-- Input for the password. -->
<label for="password">Password:</label>
<input id="password" name="password" type="password" />
<br/>

<!-- Input for the email. -->
<label for="email">Email:</label>
<input id="email" name="email" type="text" />
<br/>

<!-- Input for the challenge question. The register() method will get the list
of challenge questions from the database table ChallengeQuestion and will
pass the list of questions and ids.
-->

<label for="challenge_question" class="label">Challenge Question:</label>
<select name="challenge_question">
<?r @questions.each do | question | ?>
<option value=#{question.id}>#{question.question} </option>
<?r end ?>
</select>
<br/>

<!-- Input for the challenge_answer. We'll save this and if they need to retrieve
their password, we'll ask the question from above and see if they know the
answer they will submit here.
-->

<label for="challenge_answer">Challenge Response:</label>
<input id="challenge_answer" name="challenge_answer" type="text" />
<br/>

<!-- Submit the new User -->
<input type="submit" value="Register" />
</div>
</form>



The login page only has the input boxes for the user_name and password along with the submit button.

#{flashbox}
<a href="#{r(:forgot_password)}">Forgot your password?</a>
<br/>

<form id="login" method="post">
<fieldset>
<legend> Login </legend>
<div>
<!-- for= goes with id=, the name= is placed in the request variable. -->

<!-- Input for the user_name. -->
<label for="user_name">User Name:</label>
<input id="user_name" name="user_name" type="text" />
<br/>

<!-- Input for the user_name. -->
<label for="password">Password:</label>
<input id="password" name="password" type="password" />
<br/>

<!-- Submit the login request. -->
<input type="submit" value="Login" />
</div>
</fieldset>
</form>



The account_settings page only has the input boxes for the email and password along with the submit button. It would actually be nice to have a way to change the challenge question/response also.

<!-- Let's the user change their email and/or password -->
<form id="change_password" method="post">
<fieldset>
<legend> Change Settings </legend>
<div>
<!-- Input for the email address. -->
<label for="email">Email:</label>
<input id="email" name="email" type="text" value=#{@current_email} />
<br/>

<!-- Input for the password. -->
<label for="password">Password:</label>
<input id="password" name="password" type="password" value=#{@current_password} />
<br/>

<!-- Submit the new email and/or password -->
<input type="submit" value="Submit" />
</div>
</fieldset>
</form>



The forgot_password page is reached from the login page. The user is offered a link for a forgotten password. Here they have an input box for their user name and then they'll put submit for and get their challenge question back. We then use a bit of AJAX magic to display the challenge question. When they put in their answer they can submit that and then get their password mailed to them as outlined above. Here's the XHTML followed by the JavaScript for the AJAX piece.

<h2>Forgot Password</h2>
#{flashbox}

<form id="forgot_screen" method="post">
<fieldset>
<legend> Forgot Password </legend>
<div id='forgot_password'>

<!-- for= goes with id=, the name= is placed in the request variable. -->
<!-- Input for the user_name. -->
<label for="user_name">User Name:</label>
<input id="user_name" name="user_name" type="text" value="User Name" />
<br/>

<!-- Button for getting the challenge question based on the -->
<!-- user_name above -->
<div id='challenge_question'>
<input type="submit" id="get_challenge" value="Get Challenge" />
</div>

</div>

<!-- Once they've put in the challenge answer, they will select -->
<!-- this and the system will send their password via email. -->
<input type="submit" value="Send Password" />
</fieldset>
</form>
<br/>



// public/js/forgot_password.js
$(document).ready(function() {
// Grab the get_challenge so we can add the choiceMarkup to it.
var user_name_container = $("#user_name");

// Add click handler. When the get_challenge button is clicked, we'll send the
// user_name value to the generate_forgot_question() method in the controller.
$("#get_challenge").click(function(e) {

// Don't do the normal thing you'd do when clicking a button.
e.preventDefault();

// Send a post request to the generate_forgot_question method when the
// get_challenge button is clicked. Pass in the JSON "user_name:
// user_name_container.val()" (value in the user_name input field to the
// generate_forgot_question() method. The callback routine gets a
// resultObject(JSON) and a status (not used and not actually
// returned). The generate_forgot_question() method will return JSON,
// the fourth parameter, to post.
$.post(
"/generate_forgot_question",
{user_name: user_name_container.val()},
function(resultObject, resultStatus) {

var answer_container = $("#challenge_answer");

/* Check if the result contains the correct json and that there is no answer_container already. */
if (answer_container.length == 0)
{
if (resultObject.challenge_question != undefined)
{
// Take the resultObject and grab the challenge_question from it and add the
// input for the user to submit.
var result = [
"
Challenge Question: ", resultObject.challenge_question, "
",
"",
"
"
];

// Add the result to the challenge_question at the bottom.
$("#challenge_question").append(result.join(''));
}
else
{
/* There wasn't a challenge answer returned, so let the user know. */
alert("Could not find user name " + user_name_container.val());
}
}
},
'json' );
});
});



I've tried to comment this pretty well, but let's go through it. As always with jQuery we're going to make sure the document is ready before doing anything. Next, we'll grab the user_name container. We're going to use it to get the name the user types in to it and pass it back to the server for processing. Next, we set up a click function for the get_challenge button. We do this so we can use it to send the user name and retrieve the challenge question. Next, we disable the normal thing (submit) that we'd do for a button. Then we set up the post to the generate_forgot_password() method in the main controller. We'll pass the user_name that we get from the user_name_container we grabbed above, set up a function for processing the return value, and finally we'll let everyone know we're passing JSON back as the return value. Now let's look at the processing function. First we check to see if we already have a challenge_answer. If we don't, we check the resultObject and see if we have a challenge_question. If we do, then we put the challenge question and then create an input box for the answer. We then join this new HTML to the end of the challenge_question. There may be (OK probably is) better ways to do this. I'm not really an expert on JavaScript or AJAX or JSON, so if you have suggestions for cleaning this up, please leave some hints in the comments.

Finally, let's take a look at the layout page.

<!-- view/page.xhtml -->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- Use the page.css in the public directory and set title based on
what's set in the associated method.
-->

<link rel="stylesheet" type="text/css" href="/page.css"/>

<!-- Serve jQuery from Google. This appears to be the accepted way of doing things now. -->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

<!-- Need to have the xhtml helper for this next line -->
#{ js @page_javascript }

<title>#@title</title>
</head>
<body>
<div id="whole_page">
<div id="header">
<h1>SteamCode</h1>
</div>

<div id="nav">
<?r if action.node.to_s == "MainController" ?>
<!-- Main/User controller -->
<!-- Move this next section over to the right side of the screen. It
will contain the Login/Register if we're not logged in and the Logout
if we are. -->

<span style="float: right">
<!-- We're going to use the private method logged_in? here to test if
we want to show the Login/Register links or the Logout link -->

<?r if !logged_in? ?>
<a href="#{r(:login)}">Login</a>
<a href="#{r(:register)}">Register</a>
<?r else ?>
<a href="#{r(:account_settings)}">Account</a>
<a href="#{r(:logout)}">Logout</a>
<?r end ?>
</span>

<!-- These next three will be on the left side and always there -->
<a href="#{r(:index)}">Home</a> |
<a href="#{r(:about)}">About Us</a> |
<a href="#{r(:help)}">Help</a>
<?r else ?>
<!-- Admin controller -->
<!-- Move this next section over to the right side of the screen. It
will contain the Login/Register if we're not logged in and the Logout
if we are. -->

<span style="float: right">
<!-- We're going to use the private method logged_in? here to test if
we want to show the Login/Register links or the Logout link -->

<?r if !logged_in? ?>
<a href="#{r(:login)}">Login</a>
<?r else ?>
<a href="#{r(:logout)}">Logout</a>
<?r end ?>
</span>

<!-- These next three will be on the left side and always there -->
<a href="#{r(:main)}">Home</a>
<?r end ?>
</div>

<div id="content">
<!-- Display the actual content. This will come from the method or the
associated view/*.xhtml file
-->

#@content
</div>

<!-- Set the footer in the center of the screen. -->
<div id="footer" style="text-align: center;">
<h5> Powered by Ramaze </h5>
</div>
</div>
</body>
</html>



We've reused this a number of times, so it should look pretty familiar. In the head section, we set up for our JavaScript including for jQuery. This time around, we grab it from Google as per current best practices (possibly the only best practice here). Then we have the JavaScript for our particular page (this being whatever page the user is on that needs JavaScript. Next is the body where we have the "header" (which based on an interesting book I'm reading right now, Transcending CSS by Andy Clark, I'd probably relabel as "branding") with our title. Next is the "nav" section with two parts, one for the admin and one for a normal user. This is followed by the "content" which is really whatever is filled in by each of our methods in the controller and finally we have the footer (once again probably renamed to something like "siteinfo").

Finally, here's our CSS (once again, nothing we haven't seen before).


# public/page.css
#whole_page {
width: 50em;
margin: auto;
padding: 0;
text-align: left;
border-width: 0 1px 1px 1px;
border-color: black;
border-style: solid;
}

#content {
height: 100%;
background: white;
padding: 1em 1em 1em 1em;
}


/* Header CSS */
#header {
background:#9DA9EE;
color: white;
margin-bottom: 0;
padding: 0.25em;
}

#nav {
background:#9DA9EE;
color: black;
padding: 0.5em;
}


/* Footer CSS */
#footer {
background:#9DA9EE;
color: black;
}


So, I think that's everything (let me know if I missed anything). This pretty much started out as an example for using mail, but that really proved to be the least interesting part of this given how easy it is to use the Mailit gem.

Let me know if you have any questions or comments and I'll do my best to answer them.

No comments:

Post a Comment