The first thing I wanted to do was enclose my code in blocks that could scroll left and right, up and down, so that long blocks of code didn’t take up a huge amount of space, and so that wide blocks of code didn’t wrap or reach outside of the content area.

After putting my waders on and going through some of the code, I found the function that generates the headers for my code blocks. With Simply Syntax, the file is “SimpleSyntax/geshi/geshi.php”. Do a text search for “function header” and you’ll get the code block we’re going to hack:

function header ()
{
  // Get attributes needed
  $attributes = $this->get_attributes();
 
  $ol_attributes = '';
 
  if ($this->line_numbers_start != 1) {
    $ol_attributes .= ' start="' . $this->line_numbers_start . '"';
  }
 
  // Get the header HTML
  $header = $this->format_header_content();
 
  if (GESHI_HEADER_NONE == $this->header_type) {
    if ($this->line_numbers != GESHI_NO_LINE_NUMBERS) {
      return "$header<ol$ol_attributes>";
    }
    return $header;
  }

  // Work out what to return and do it
  if ($this->line_numbers != GESHI_NO_LINE_NUMBERS) {
    if ($this->header_type == GESHI_HEADER_PRE) {
      return "<pre$attributes>$header<ol$ol_attributes>";
    } elseif ($this->header_type == GESHI_HEADER_DIV) {
      return "<div$attributes>$header<ol$ol_attributes>";
    }
  } else {
    if ($this->header_type == GESHI_HEADER_PRE) {
      return "<pre$attributes>$header";
    } elseif ($this->header_type == GESHI_HEADER_DIV) {
      return "<div$attributes>$header";
    }
  }
}

The first thing to do is make our code blocks part of a certain class, so that we can style them with CSS. Just add “class=\”code\”" to the following parts of the header function (we also have to remove the $attributes variable from the header. If not, it’s going to add its own class tags, which we don’t want):

  // Work out what to return and do it
  if ($this->line_numbers != GESHI_NO_LINE_NUMBERS) {
    if ($this->header_type == GESHI_HEADER_PRE) {
      return "<pre class=\"code\">$header<ol$ol_attributes>";
    } elseif ($this->header_type == GESHI_HEADER_DIV) {
      return "<div$attributes>$header<ol$ol_attributes>";
    }
  } else {
    if ($this->header_type == GESHI_HEADER_PRE) {
      return "<pre class=\"code\">$header";
    } elseif ($this->header_type == GESHI_HEADER_DIV) {
      return "<div$attributes>$header";
    }
  }

Alright, now that our code blocks have their own class, let’s add the CSS to put them into blocks:

.code {
	background-color: #f0f0f0;
	border: 1px solid #C3CED9;
	padding: 0px 0px 0 0;
	width: 100%;
	color: #000;
	text-align: left;
	font-size:1.00em;
	overflow:auto;
}

So now our code is put into nice blocks that scroll horizontally (if you want, you can change the width to a fixed pixel amount. 100% worked best for this layout). But, if you post a block of code with many lines, it’s going to make a very tall code block. What we want to do is determine the number of lines in a block of code, and, if it’s above a certain number, fix the height of the code block so that it scrolls vertically.

Back to our “header” function, here’s the code that will count the number of lines in a code block:

substr_count($this->source,"\n")

So all we have to do is check to see if this code returns a number above a certain value and, if it does, set a variable that will contain our height-fixing code.

if (substr_count($this->source,"\n") > 30){
  $maxsize = " style=\"height: 300px;\"";
}

Kid stuff. Now we just add our $maxsize variable to the headers, and we’re done. Here’s the final code:

function header ()
{
  // hack to fix height if certain number of lines
  if (substr_count($this->source,"\n") > 30){
    $maxsize = " style=\"height: 300px;\"";
  }
 
  $ol_attributes = '';
 
  if ($this->line_numbers_start != 1) {
    $ol_attributes .= ' start="' . $this->line_numbers_start . '"';
  }
 
  // Get the header HTML
  $header = $this->format_header_content();
 
  if (GESHI_HEADER_NONE == $this->header_type) {
    if ($this->line_numbers != GESHI_NO_LINE_NUMBERS) {
      return "$header<ol$ol_attributes>";
    }
    return $header;
  }

  // Work out what to return and do it
  if ($this->line_numbers != GESHI_NO_LINE_NUMBERS) {
    if ($this->header_type == GESHI_HEADER_PRE) {
      return "<pre$maxsize class=\"code\">$header<ol$ol_attributes>";
    } elseif ($this->header_type == GESHI_HEADER_DIV) {
      return "<div$attributes>$header<ol$ol_attributes>";
    }
  } else {
    if ($this->header_type == GESHI_HEADER_PRE) {
      return "<pre$maxsize class=\"code\">$header";
    } elseif ($this->header_type == GESHI_HEADER_DIV) {
      return "<div$attributes>$header";
    }
  }
}

We’re going to start from scratch, so the first thing to do is create our application. Navigate to the directory where you want your app to live, and type

rails appname

where “appname” is the name you want to give your application.

Ok, now that we have our application set up, let’s create the models and controllers that we know we’ll be using. The only model we need for this example is a User model, and we’ll keep things simple and use a single controller called “Main.”

script/generate model User
script/generate controller Main

Now we’ve got our model and controller set up. We’re going to use database migrations for this tutorial; if you’re not used to using them, don’t worry, we’ll outline each step that you need to follow. To get started, open the file “/db/migrate/001_create_users.rb”. This file was created for us when we ran “script/generate model User”, and, for our purposes, it’s going to contain the database information about our User model.

What kind of database fields will we need for our User model? Obviously, we’ll need a username and password field, as well as an email address. Let’s also add a boolen “email_confirmed,” so that we can keep track of which users have confirmed their email address, and which haven’t. Also, instead of a “password” field, let’s use “hashed_password”, since we’re going to hash the password before it gets stored in the database (we’ll also put a limit of 40 on the field because that will be the size of our hash). Edit your 001_create_users.rb so that it looks like this:

class CreateUsers < ActiveRecord::Migration
  def self.up
    create_table :users do |t|
      t.column "username", :string
      t.column "hashed_password", :string, :limit => 40
      t.column "email", :string
      t.column "email_confirmed", :boolean, :default => false
    end
  end
 
  def self.down
    drop_table :users
  end
end
 

Now that our database migration is set up, we can go ahead and use it to generate our database schema. First, edit “/config/database.yml” so that it points to the database you’re using. Once you have the proper values entered there, go to the root of your app and type

rake db:migrate

Once the rake finishes, open up your database, and note that our “users” table was created, along with all the fields that we wanted. Notice also that the rake task created an “id” field, even though we didn’t define it ourselves in the migration file.

Now that our database is set up, let’s create our actions. We’ll need three actions, an “index” action that users will see when they go to the root section of our site, a register action, and an action that confirms the email address. Open up “/app/controllers/main_controller.rb” and add the following definitions

class MainController < ApplicationController
 
  # the root index action for our application
  def index
 
  end
 
  # allows guests to create a new User
  def register
 
  end
 
  # confirm an email address
  def confirm_email
 
  end
 
end
 

Since we have actions now, let’s set up our routes and our views. To configure the routes, open up “/app/config/routes.rb” and add the following routes:

  map.connect '', :controller => "main", :action => "index"
  map.connect 'register', :controller => "main", :action => "register"
  map.connect 'confirm_email/:hash', :controller => "main", :action => "confirm_email"

Now that our routes are hooked up, let’s create our views. Create the file “/app/views/main/index.rhtml”

<h1>Welcome!</h1>
<p>
Click <%= link_to "here", :controller => "main", :action => "register" %> to register.
</p>

and “/app/views/main/register.rhtml”

<%= error_messages_for 'user' %>
<h1>Register</h1>
<%= form_tag %>
<p>username<br/>
<%= text_field "user", "username", "maxlength" => 20, "size" => 20 %></p>
<p>email address<br/>
<%= text_field "user", "email", "maxlength" => 50, "size" => 20 %></p>
<p>password<br/>
<%= password_field "user", "password", "maxlength" => 20, "size" => 20 %></p>
<p>confirm password<br/>
<%= password_field "user", "confirm_password", "maxlength" => 20, "size" => 20 %></p>
<input type="submit" value="sign up" /></p>
<%= end_form_tag %>
 

We’re going to try to get away with not creating a view for our “confirm_email” action, so let’s leave alone that for now.

Alright, we’ve got our views set up, so let’s start writing some of the application code. Let’s start with the “register” action of our “main” controller. Basically, our registration function needs to grab the user parameters from the form in our “register.rhtml” view, create the user, and redirect to the login form. Simple enough. Here’s the code

  # allows guests to create a new User
  def register
 
    if request.get?
      @user = User.new
    else
      @user = User.new(params[:user])

      if @user.save
        flash[:notice] = "Thank you for registering! We have sent a confirmation email to #{@user.email} with instructions on how to validate your account."
        redirect_to(:action => "index")
      end
    end
 
  end

Now, you’ll notice two things that are very wrong. First of all, we’re telling the user that we sent him a confirmation email, but clearly we did no such thing. Also, we have no validation in our user model! Nothing is checking to make sure that the email address entered is properly formatted, that the username isn’t taken, that the password and confirm_password fields match, etc. Let’s open up our user model and add this validation now.

class User < ActiveRecord::Base
  validates_presence_of :username, :email
  validates_uniqueness_of :username
  validates_length_of :username, :minimum => 4
 
  attr_accessor :password, :confirm_password
 
  # callback hooks

    # validate that password and confirm_password match, and that email is proper format
    def validate_on_create
      @email_format = Regexp.new(/^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/)
      errors.add(:email, "must be a valid format") unless @email_format.match(email)
      errors.add(:confirm_password, "does not match") unless password == confirm_password
      errors.add(:password, "cannot be blank") unless !password or password.length > 0
    end
 
end
 

You’ll notice that we also added the line “attr_accessor :password, :confirm_password”. This is because we did not create a password or confirm_password field in our database, but we still want to access these properties on our user object. For this, we use the ruby method attr_accessor, which in this case essentially creates model properties for us which we can use like any other, but which are not stored in the database anywhere.

Now, we still need to figure out how to hash the password before it gets stored in the database. We could put this in our controller, but it really belongs in our user model. Rails provides us with lots of handy callback hooks, so let’s use one. We want to hash the password before the user is created, so we’ll use the hook “before_create”. We’ll also want to create a private function that does the actual hashing for us, and we’ll have to add a line at the top of our class to include the ruby class that does the hashing.

require "digest/sha1"
 
class User < ActiveRecord::Base
  validates_presence_of :username, :email
  validates_uniqueness_of :username
  validates_length_of :username, :minimum => 4

  attr_accessor :password, :confirm_password
 
  # callback hooks

    # validate that password and confirm_password match, and that email is proper format
    def validate_on_create
      @email_format = Regexp.new(/^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/)
      errors.add(:email, "must be a valid format") unless @email_format.match(email)
      errors.add(:confirm_password, "does not match") unless password == confirm_password
      errors.add(:password, "cannot be blank") unless !password or password.length > 0
    end
 
    # hash password before create
    def before_create
      self.hashed_password = User.hash_password(self.password)
    end

 
  private
 
  # hash password for storage in database
  def self.hash_password(password)
    Digest::SHA1.hexdigest(password)
  end

end
 

Now, we could stop here, but let’s make our user model a little more robust and secure. Let’s remove cleartext passwords from memory after the user is created, and let’s scrub email addresses and usernames to remove spaces and convert to lowercase. To do these two things, we’ll add two more callback hooks and another private function.

require "digest/sha1"
 
class User < ActiveRecord::Base
  validates_presence_of :username, :email
  validates_uniqueness_of :username
  validates_length_of :username, :minimum => 4

  attr_accessor :password, :confirm_password
 
  # callback hooks
 
    # clean up email and username before validation
    def before_validation
      self.email = User.clean_string(self.email || "")
      self.username = User.clean_string(self.username || "")
    end

    # validate that password and confirm_password match, and that email is proper format
    def validate_on_create
      @email_format = Regexp.new(/^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/)
      errors.add(:email, "must be a valid format") unless @email_format.match(email)
      errors.add(:confirm_password, "does not match") unless password == confirm_password
      errors.add(:password, "cannot be blank") unless !password or password.length > 0
    end
 
    # hash password before create
    def before_create
      self.hashed_password = User.hash_password(self.password)
    end

    # after creation, clear password from memory
    def after_create
      @password = nil
      @confirm_password = nil
    end

 
  private
 
  # hash password for storage in database
  def self.hash_password(password)
    Digest::SHA1.hexdigest(password)
  end
 
  # clean string to remove spaces and force lowercase
  def self.clean_string(string)
    (string.downcase).gsub(" ","")
  end

end
 

Alright, our user model is all done. It takes care of validation, hashes the password, cleans up email addresses and usernames, and minimizes the exposure of cleartext passwords. We’ve done a lot of work, so stand up, stretch, grab a beer, and come back.

Now, it’s time to add the mailer object that will send out the confirmation email. Before we do that, however, let’s take a moment to step back and think about how we’re going to handle email confirmation from an abstract level.

For email registration, we need to make sure that whatever method we use, the user cannot cheat and manually enter the URL to validate his email (no typing http://website.com/confirm_email/username). To prevent this, we need to use some kind of randomly-generated string. Now, we could just randomly generate a string and stick it in the database in our “users” table, but that’s sort of inelegant. Instead, it would be best if we could create some kind of seemingly random string, which the user cannot reverse engineer, but which we can recreate given known values. This is exactly what a hash is meant to be used for!

Let’s say, for example, that a user registers with the username “zaphod”. Converted to a hash using our algorithm, “zaphod” becomes “79118ddf1f07f13c3ddaf659f835f1ce4e1161f3″. We could then use that hash as a confirmation code, generating a confirmation url of “http://website.com/confirm_email/79118ddf1f07f13c3ddaf659f835f1ce4e1161f3″. When our app handles this URL, it just has to go through our list of users, look for one whose username, put through the hash function, matches “79118ddf1f07f13c3ddaf659f835f1ce4e1161f3″, and it will know which user is attempting to confirm! Note that the hash function is one-way, so we cannot just “unhash” the hash and match it up to a username.

Since we want to be secure, let’s go a step further. Instead of just hashing the username, let’s hash their username plus a secret word which we define. This prevents users from figuring out how we generate our hash (since they don’t know the inputs), and generating the hash themselves.

In our “main” controller, add the line to include the Ruby hash class, and add our private function for generating email confirmation hashes:

require "digest/sha1"
 
class MainController < ApplicationController
 
  # the root index action for our application
  def index
 
  end
 
  # allows guests to create a new User
  def register

    if request.get?
      @user = User.new
    else
      @user = User.new(params[:user])

      if @user.save
        flash[:notice] = "Thank you for registering! We have sent a confirmation email to #{@user.email} with instructions on how to validate your account."
        redirect_to(:action => "index")
      end
    end
 
  end
 
  # confirm an email address
  def confirm_email
 
  end
 
 
  private

  # create a hash to use when confirming User email addresses
  def confirmation_hash(string)
    Digest::SHA1.hexdigest(string + "secret word")
  end
 
end
 

Great, so now we know how we’re going to handle email confirmation, and we’ve got our function all set up to generate our hashes. Let’s create our mail robot that’s going to send out our emails. In the console, type

script/generate mailer MailRobot

This generates a model called MailRobot, which is going to handle all of our email stuff. The way ActionMailer works is that, for each email we want our app to be able to send, we need to create an action within our mailer model and a view to go along with it. Open up “/app/models/mail_robot.rb” and let’s add that action now.

class MailRobot < ActionMailer::Base
 
  def confirmation_email(user,hash)
    # email header info MUST be added here
    @recipients = user.email
    @from = "fromaddress@website-url-here.com"
    @subject = "Confirm email address"

    # email body substitutions go here
    @body["username"] = user.username
    @body["hash"] = hash
  end

end
 

Pretty simple. We’re just passing our user object and our confirmation hash to the action, setting up the “to,” “from,” and “subject” of the email, and defining some variables that we’re going to use in our view. Let’s create that view now; we’ll need to create “/app/views/mail_robot/confirmation_email.rhtml”

<%= @username %>,
 
Thank you for registering with our website. To confirm your email address, please visit the following address:
 
http://www.website-url-here.com/confirm_email/<%= @hash %>
 
- Friendly Mail Robot
 

One last thing we need to set up to get our mailer working. We need to edit our “/app/config/environment.rb” and add our mail settings to the end of the file. If you’re using DreamHost, your settings will look like this:

ActionMailer::Base.delivery_method = :sendmail
ActionMailer::Base.server_settings = {
  :address  => "mail.website-url-here.com",
  :port  => 25,
  :domain  => "website-url-here.com",
  :user_name  => "mXXXXXXX",
  :password  => "password",
  :authentication  => :login
    }
ActionMailer::Base.perform_deliveries = true
ActionMailer::Base.raise_delivery_errors = true
ActionMailer::Base.default_charset = "utf-8"
 

If you’re not using DreamHost, see this tutorial for help on getting these settings right.

Ok! Our mailer is all set up, so we can now go back to our “register” action in our “main” controller and add the code that will actually send out an email to our new user.

  # allows guests to create a new User
  def register
 
    if request.get?
      @user = User.new
    else
      @user = User.new(params[:user])

      if @user.save
        MailRobot::deliver_confirmation_email(@user, confirmation_hash(@user.username))

        flash[:notice] = "Thank you for registering! We have sent a confirmation email to #{@user.email} with instructions on how to validate your account."
        redirect_to(:action => "index")
      end
    end
 
  end

Now when a new user registers, they will get a confirmation email containing the confirmation hash we generated, formed as a url to our “confirm_email” action within our main controller. All that’s left to do is write that action.

What do we need this action to do? Basically, it just needs to go through all the users in our database, and for each user, generate a confirmation hash using that user’s username. Then, it needs to compare that hash to the hash that it’s receiving. If it finds a match, it should mark that user’s email address as confirmed, log that user in, and redirect to our index. Here’s the code:

  # confirm an email address
  def confirm_email
 
    @users = User.find :all

    for user in @users
      # if the passed hash matches up with a User, confirm him, log him in, set proper flash[:notice], and stop looking
      if confirmation_hash(user.username) == params[:hash] and !user.email_confirmed
        user.update_attributes(:email_confirmed => true)
        session[:user_id] = user.id
        flash[:notice] = "Thank you for validating your email."
        break
      end
    end
 
    redirect_to(:action => "index")
 
  end

That’s it! You’re all done. You now have a robust and secure login system for your app that validates users’ email addresses.