class CommentsController < ApplicationController

  before_filter :grab_post

  def index
    @comments = Comment.find(:all)
  end

  def show
    @comment = Comment.find(params[:id])
  end

  def new
    @comment = Comment.new
  end

  def edit
    @comment = @post.comments.find(params[:id])
  end

  def create
    @comment = Comment.new(params[:comment])
    
    if (@post.comments << @comment)
      redirect_to post_url(@post)
    else
      render :action => :new
    end
  end


  def update
    @comment = @post.comments.find(params[:id])
    if @comment.update_attributes(params[:comment])
      redirect_to post_url(@post)
    else
      render :action => :edit
    end
  end


  def destroy
    comment = @post.comments.find(params[:id])
    @post.comments.delete(comment)
    redirect_to post_url(@post)
  end
  
private
  def grab_post
    @post = Post.find(params[:post_id])
  end

end

------------------------------------------------------------------------------------------

class CryptPassword < ActiveRecord::Migration  
  def self.up    
    remove_column :users, :password 
    add_column :users, :crypted_password, :string, :limit => 256    
    add_column :users, :salt, :string
    change_column :users, :email, :string, :null => false  
  end  

  def self.down    
    remove_column :users, :crypted_password
    remove_column :users, :salt    
    add_column :users, :password, :string  
  end
end


---------------------------------------------------------------------------------------------

protected    
  def encrypt_password      
    self.salt ||= Digest:SHA256.hexdigest("--#{Time.now.to_s}--#{email}--")
    self.crypted_password = encrypt(password)
    self.password = nil    
  end        

  def encrypt(password)
    Digest::SHA256.hexdigest("--#{salt}--#{password}--")    
  end
-------------------------------------------------------------------------------------------

def new
    unless User.count > 0
      flash[:notice] = "Please create the first user"
      redirect_to new_user_path
    end
  end

  def create
    self.current_user = User.authenticate(params[:email], params[:password])
    unless logged_in?
      flash[:notice] = "Incorrect login/password"
      render :action => 'new' and return
    end
    redirect_to(root_path)
  end

  def destroy
    reset_session
    flash[:notice] = "You've been logged out"
    redirect_to(root_path)
  end
--------------------------------------------------------------------------------------------------

def current_user=(user) 
  session[:user_id] = user.nil? ? nil : user.id 
  @current_user = user || :false 
end

def current_user 
  @current_user ||= (login_from_session || :false) 
end 

protected 
  def login_from_session 
    self.current_user = User.find(session[:user_id]) if session[:user_id] 
end 
---------------------------------------------------------------------------------------------------

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
  <title>Sample Blog<%= yield :title %></title>
  <%= stylesheet_link_tag 'scaffold' %>
</head>
<body>

<p><% if logged_in? -%>
  You are: <%= current_user.name %>.
  <%= link_to('logout', logout_path) %> |
  <%= link_to_unless_current('user mgmt', users_path) %> |
<% else %>
  <%= link_to('login', login_path) %> |
<% end -%>
<%= link_to_unless_current('all posts', posts_path) %>
</p>
<hr />

<p style="color: green"><%= flash[:notice] %></p>

<%= yield  %>

</body>
</html>
--------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------