mrinterweb/gist:8225

## gistfile1.rbx
# this works very nicely
  def self.authenticate(email, password)
    user = self.find_by_email(email)
    locked_for_x_seconds = 0
    if user && user.account_locked_until && Time.now < user.account_locked_until
      locked_for_x_seconds = (user.account_locked_until - Time.now).round
      user = nil
    end
    if user
      expected_password = encrypted_password(password, user.salt)
      unless user.hashed_password == expected_password
        user.login_attempts += 1
        if(user.login_attempts >= 5)
          user.account_locked_until = Time.now + 30.seconds
          user.login_attempts = 0
        end
        user.save!
        user = nil
      else
        user.login_attempts = 0
        user.account_locked_until = nil
        user.save!
      end
    end
    user ||= locked_for_x_seconds
  end
	# this works very nicely
	def self.authenticate(email, password)
	user = self.find_by_email(email)
	locked_for_x_seconds = 0
	if user && user.account_locked_until && Time.now < user.account_locked_until
	locked_for_x_seconds = (user.account_locked_until - Time.now).round
	user = nil
	end
	if user
	expected_password = encrypted_password(password, user.salt)
	unless user.hashed_password == expected_password
	user.login_attempts += 1
	if(user.login_attempts >= 5)
	user.account_locked_until = Time.now + 30.seconds
	user.login_attempts = 0
	end
	user.save!
	user = nil
	else
	user.login_attempts = 0
	user.account_locked_until = nil
	user.save!
	end
	end
	user \|\|= locked_for_x_seconds
	end