--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -2,6 +2,8 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
+  include AuthenticatedSystem
+
   helper :all # include all helpers, all the time
 
   # See ActionController::RequestForgeryProtection for details

--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,4 +1,6 @@
 class ProjectsController < ApplicationController
+  before_filter :login_required
+  
   layout "standard"
 
   undoable_methods
@@ -6,7 +8,7 @@ class ProjectsController < ApplicationController
   # GET /projects
   # GET /projects.xml
   def index
-    @projects = Project.find(:all)
+    @projects = current_user.projects.find(:all)
 
     respond_to do |format|
       format.html # index.html.erb
@@ -17,7 +19,7 @@ class ProjectsController < ApplicationController
   # GET /projects/1
   # GET /projects/1.xml
   def show
-    @project = Project.find(params[:id])
+    @project = current_user.projects.find(params[:id])
 
     respond_to do |format|
       format.html # show.html.erb
@@ -28,7 +30,7 @@ class ProjectsController < ApplicationController
   # GET /projects/new
   # GET /projects/new.xml
   def new
-    @project = Project.new
+    @project = current_user.projects.new
 
     respond_to do |format|
       format.html # new.html.erb
@@ -38,13 +40,13 @@ class ProjectsController < ApplicationController
 
   # GET /projects/1/edit
   def edit
-    @project = Project.find(params[:id])
+    @project = current_user.projects.find(params[:id])
   end
 
   # POST /projects
   # POST /projects.xml
   def create
-    @project = Project.new(params[:project])
+    @project = current_user.projects.new(params[:project])
 
     respond_to do |format|
       change("create project #{@project.title}", projects_path, projects_path) do
@@ -63,7 +65,7 @@ class ProjectsController < ApplicationController
   # PUT /projects/1
   # PUT /projects/1.xml
   def update
-    @project = Project.find(params[:id])
+    @project = current_user.projects.find(params[:id])
 
     respond_to do |format|
       change("update project #{@project.title}", edit_project_path(@project), project_path(@project)) do
@@ -82,7 +84,7 @@ class ProjectsController < ApplicationController
   # DELETE /projects/1
   # DELETE /projects/1.xml
   def destroy
-    @project = Project.find(params[:id])
+    @project = current_user.projects.find(params[:id])
     change("delete project #{@project.title}", project_path(@project), projects_path) do
       @project.destroy
     end

--- /dev/null
+++ b/app/controllers/sessions_controller.rb
@@ -0,0 +1,31 @@
+# This controller handles the login/logout function of the site.  
+class SessionsController < ApplicationController
+
+  layout "standard"
+
+  # render new.rhtml
+  def new
+  end
+
+  def create
+    self.current_user = User.authenticate(params[:login], params[:password])
+    if logged_in?
+      if params[:remember_me] == "1"
+        self.current_user.remember_me
+        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+      end
+      redirect_back_or_default('/')
+      flash[:notice] = "Logged in successfully"
+    else
+      render :action => 'new'
+    end
+  end
+
+  def destroy
+    self.current_user.forget_me if logged_in?
+    cookies.delete :auth_token
+    reset_session
+    flash[:notice] = "You have been logged out."
+    redirect_back_or_default('/')
+  end
+end

--- a/app/controllers/tasks_controller.rb
+++ b/app/controllers/tasks_controller.rb
@@ -1,5 +1,6 @@
 class TasksController < ApplicationController
   before_filter(:get_project)
+  before_filter(:login_required)
 
   layout "standard"
   
@@ -115,7 +116,7 @@ class TasksController < ApplicationController
 
   private
   def get_project
-  	@project = Project.find(params[:project_id])
+  	@project = current_user.projects.find(params[:project_id])
   end
 
 end

--- /dev/null
+++ b/app/controllers/users_controller.rb
@@ -0,0 +1,26 @@
+class UsersController < ApplicationController
+
+  layout "standard"
+
+  # render new.rhtml
+  def new
+  end
+
+  def create
+    cookies.delete :auth_token
+    # protects against session fixation attacks, wreaks havoc with 
+    # request forgery protection.
+    # uncomment at your own risk
+    # reset_session
+    @user = User.new(params[:user])
+    @user.save
+    if @user.errors.empty?
+      self.current_user = @user
+      redirect_back_or_default('/')
+      flash[:notice] = "Thanks for signing up!"
+    else
+      render :action => 'new'
+    end
+  end
+
+end

--- /dev/null
+++ b/app/helpers/session_helper.rb
@@ -0,0 +1,2 @@
+module SessionHelper
+end
\ No newline at end of file

--- /dev/null
+++ b/app/helpers/users_helper.rb
@@ -0,0 +1,2 @@
+module UsersHelper
+end
\ No newline at end of file

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1,4 +1,5 @@
 class Project < ActiveRecord::Base
+  belongs_to :user
   has_many :tasks
   acts_as_undoable
 end

--- /dev/null
+++ b/app/models/user.rb
@@ -0,0 +1,78 @@
+require 'digest/sha1'
+class User < ActiveRecord::Base
+  # Virtual attribute for the unencrypted password
+  attr_accessor :password
+
+  validates_presence_of     :login
+  validates_presence_of     :password,                   :if => :password_required?
+  validates_presence_of     :password_confirmation,      :if => :password_required?
+  validates_length_of       :password, :within => 3..40, :if => :password_required?
+  validates_confirmation_of :password,                   :if => :password_required?
+  validates_length_of       :login,    :within => 3..40
+  validates_uniqueness_of   :login, :case_sensitive => false
+  before_save :encrypt_password
+  
+  # prevents a user from submitting a crafted form that bypasses activation
+  # anything else you want your user to change should be added here.
+  attr_accessible :login, :password, :password_confirmation
+
+  has_many :projects
+
+  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
+  def self.authenticate(login, password)
+    u = find_by_login(login) # need to get the salt
+    u && u.authenticated?(password) ? u : nil
+  end
+
+  # Encrypts some data with the salt.
+  def self.encrypt(password, salt)
+    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+  end
+
+  # Encrypts the password with the user salt
+  def encrypt(password)
+    self.class.encrypt(password, salt)
+  end
+
+  def authenticated?(password)
+    crypted_password == encrypt(password)
+  end
+
+  def remember_token?
+    remember_token_expires_at && Time.now.utc < remember_token_expires_at 
+  end
+
+  # These create and unset the fields required for remembering users between browser closes
+  def remember_me
+    remember_me_for 2.weeks
+  end
+
+  def remember_me_for(time)
+    remember_me_until time.from_now.utc
+  end
+
+  def remember_me_until(time)
+    self.remember_token_expires_at = time
+    self.remember_token            = encrypt("#{login}--#{remember_token_expires_at}")
+    save(false)
+  end
+
+  def forget_me
+    self.remember_token_expires_at = nil
+    self.remember_token            = nil
+    save(false)
+  end
+
+  protected
+    # before filter 
+    def encrypt_password
+      return if password.blank?
+      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+      self.crypted_password = encrypt(password)
+    end
+      
+    def password_required?
+      crypted_password.blank? || !password.blank?
+    end
+    
+end

--- a/app/views/layouts/standard.html.erb
+++ b/app/views/layouts/standard.html.erb
@@ -13,6 +13,10 @@
     <h2>Showing off RUR (<a href="http://blog.nanorails.com/rails-undo-redo">Rails Undo Redo</a>)</h2>
   </div>
 
+  <% if flash[:notice] %>
+  <p class="message undo"><%= flash[:notice] %></p>
+  <% end %>
+
   <%= @content_for_layout %>
 
 <div id="clear"></div>
@@ -23,12 +27,18 @@
 <p class="message"><%= undo_redo_links %></p>
 <% end %>
 
-<% if flash["notice"] %>
-<p class="message"><%= flash["notice"] %></p>
-<% end %>
-
 <div id="footer">
 Copyright 2008 <a href="http://blog.nanorails.com">nano RAILS</a> | Design by <a href="http://www.minimalistic-design.net">Minimalistic Design</a>
 </div>
+<!-- Start of StatCounter Code -->
+<script type="text/javascript">
+var sc_project=3439485; 
+var sc_invisible=1; 
+var sc_partition=38; 
+var sc_security="bab9070d"; 
+</script>
+
+<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script><noscript><div class="statcounter"><a class="statcounter" href="http://www.statcounter.com/free_hit_counter.html"><img class="statcounter" src="http://c39.statcounter.com/3439485/0/bab9070d/1/" alt="counter" /></a></div></noscript>
+<!-- End of StatCounter Code -->
 </body>
 </html>
\ No newline at end of file

--- a/app/views/projects/edit.html.erb
+++ b/app/views/projects/edit.html.erb
@@ -29,6 +29,9 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'Show', @project %></li>
     <li><%= link_to 'New task', new_project_task_path(@project) %></li>

--- a/app/views/projects/index.html.erb
+++ b/app/views/projects/index.html.erb
@@ -26,6 +26,9 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'New project', new_project_path %></li>
   </ul>

--- a/app/views/projects/new.html.erb
+++ b/app/views/projects/new.html.erb
@@ -29,6 +29,9 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
   </ul>
 </div>

--- a/app/views/projects/show.html.erb
+++ b/app/views/projects/show.html.erb
@@ -25,6 +25,9 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'Edit', edit_project_path(@project) %></li>
     <li><%= link_to 'New task', new_project_task_path(@project) %></li>

--- /dev/null
+++ b/app/views/sessions/new.html.erb
@@ -0,0 +1,34 @@
+<div class="middle">
+  <h2>Login to your account</h2>
+  <% form_tag session_path do -%>
+  <p>
+    <b>Login</b><br/>
+    <%= text_field_tag 'login' %>
+  </p>
+
+  <p>
+    <b>Password</b><br/>
+    <%= password_field_tag 'password' %>
+  </p>
+
+  <p>
+    <b>Remember me</b>
+    <%= check_box_tag 'remember_me' %>
+  </p>
+
+  <p><%= submit_tag 'Log in' %></p>
+  <% end -%>
+</div>
+<div class="right">
+  <h2>Navigation</h2>
+  <ul>
+    <li><%= link_to 'Home', root_path %></li>
+    <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% else %>
+      <li><%= link_to 'Login', login_path %></li>
+      <li><%= link_to 'Sign Up', signup_path %></li>
+    <% end %>
+  </ul>
+</div>

--- a/app/views/tasks/edit.html.erb
+++ b/app/views/tasks/edit.html.erb
@@ -29,8 +29,12 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'Show', project_task_path(@project, @task) %></li>
+    <li><%= link_to 'New task', new_project_task_path(@project) %></li>
     <li><%= link_to 'Tasks', project_tasks_path(@project) %></li>
     <li><%= link_to 'Project', project_path(@project) %></li>
   </ul>

--- a/app/views/tasks/index.html.erb
+++ b/app/views/tasks/index.html.erb
@@ -26,6 +26,9 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'New task', new_project_task_path(@project) %></li>
     <li><%= link_to 'Project', project_path(@project) %></li>

--- a/app/views/tasks/move.html.erb
+++ b/app/views/tasks/move.html.erb
@@ -19,8 +19,12 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'Show', project_task_path(@project, @task) %></li>
+    <li><%= link_to 'New task', new_project_task_path(@project) %></li>
     <li><%= link_to 'Tasks', project_tasks_path(@project) %></li>
     <li><%= link_to 'Project', project_path(@project) %></li>
   </ul>

--- a/app/views/tasks/new.html.erb
+++ b/app/views/tasks/new.html.erb
@@ -29,6 +29,9 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'Tasks', project_tasks_path(@project) %></li>
     <li><%= link_to 'Project', project_path(@project) %></li>

--- a/app/views/tasks/show.html.erb
+++ b/app/views/tasks/show.html.erb
@@ -26,9 +26,13 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'Edit', edit_project_task_path(@project, @task) %></li>
     <li><%= link_to 'Move', move_project_task_path(@project, @task) %></li>
+    <li><%= link_to 'New task', new_project_task_path(@project) %></li>
     <li><%= link_to 'Tasks', project_tasks_path(@project) %></li>
     <li><%= link_to 'Project', project_path(@project) %></li>
   </ul>

--- /dev/null
+++ b/app/views/users/new.html.erb
@@ -0,0 +1,33 @@
+<div class="middle">
+  <h2>Register for a new account</h2>
+  <%= error_messages_for :user %>
+  <% form_for :user, :url => users_path do |f| -%>
+  <p><label for="login">Login</label><br/>
+  <%= f.text_field :login %></p>
+
+  <p><label for="email">Email</label><br/>
+  <%= f.text_field :email %></p>
+
+  <p><label for="password">Password</label><br/>
+  <%= f.password_field :password %></p>
+
+  <p><label for="password_confirmation">Confirm Password</label><br/>
+  <%= f.password_field :password_confirmation %></p>
+
+  <p><%= submit_tag 'Sign up' %></p>
+  <% end -%>
+</div>
+		
+<div class="right">
+  <h2>Navigation</h2>
+  <ul>
+    <li><%= link_to 'Home', root_path %></li>
+    <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% else %>
+      <li><%= link_to 'Login', login_path %></li>
+      <li><%= link_to 'Sign Up', signup_path %></li>
+    <% end %>
+  </ul>
+</div>
\ No newline at end of file

--- a/app/views/welcome/about.html.erb
+++ b/app/views/welcome/about.html.erb
@@ -1,9 +1,6 @@
 <div class="middle">
   <h2>About Rails Undo Redo</h2>
-  <p>Just to fill out empty space in the template I decided to write this and to add one of my previous templates
-  here. There are direct links to view one of my previous templates live and live link to download it also ;) 
-  Anyway hope you like both this one and previous one. You can see all of my templates at 
-  <a href="http://www.minimalistic-design.net">Minimalistic design</a> live.</p>
+  <p>To learn more about how you can easily implement undo/redo for Active Record and your Ruby and Rails app, visit the Rails Undo Redo (RUR) <a href="http://blog.nanorails.com/rails-undo-redo">Project Page</a>.</p>
 </div>
 		
 <div class="right">
@@ -11,6 +8,12 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% else %>
+      <li><%= link_to 'Login', login_path %></li>
+      <li><%= link_to 'Sign Up', signup_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'New project', new_project_path %></li>
   </ul>

--- a/app/views/welcome/index.html.erb
+++ b/app/views/welcome/index.html.erb
@@ -1,9 +1,16 @@
 <div class="middle">
   <h2>Home</h2>
-  <p>Just to fill out empty space in the template I decided to write this and to add one of my previous templates
-  here. There are direct links to view one of my previous templates live and live link to download it also ;) 
-  Anyway hope you like both this one and previous one. You can see all of my templates at 
-  <a href="http://www.minimalistic-design.net">Minimalistic design</a> live.</p>
+  <p>This web application is an experiment to test a few ideas on how to implement Undo Redo for Rails.  Give it a <%= link_to("test drive", signup_path) %>.</p>
+  <h2>Key ideas</h2>
+  <ul>
+    <li>Works across all models</li>
+    <li>Capture the list of changed objects (UndoRecord)</li>
+    <li>Group these UndoRecords per User Action (UndoAction)</li>
+    <li>undo and redo are just a simple matter or replaying the UndoRecord in the right order</li>
+  </ul>
+  <p>By using a Rails plugin (or very soon a gem as well), you can very easily transform any Rails Application using Active Record into a full fledged multi level undo/redo application like most desktop application.<p>
+  <br/>
+  <p>Notice: This is a demo application, and as such, do not use to store any data you would not want to lose</p>
 </div>
 		
 <div class="right">
@@ -11,6 +18,12 @@
   <ul>
     <li><%= link_to 'Home', root_path %></li>
     <li><%= link_to 'About', about_path %></li>
+    <% if logged_in? %>
+      <li><%= link_to "Logout (#{h current_user.login})", logout_path %></li>
+    <% else %>
+      <li><%= link_to 'Login', login_path %></li>
+      <li><%= link_to 'Sign Up', signup_path %></li>
+    <% end %>
     <li><%= link_to 'Project List', projects_path %></li>
     <li><%= link_to 'New project', new_project_path %></li>
   </ul>

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,4 +1,8 @@
 ActionController::Routing::Routes.draw do |map|
+  map.resources :users
+
+  map.resource :session
+
   map.resources :projects do |task|
     task.resources :tasks, :member => { :move => :get, :move_to => :post }
   end
@@ -36,6 +40,11 @@ ActionController::Routing::Routes.draw do |map|
   map.undo 'undo', :controller => "welcome", :action => "undo"
   map.redo 'redo', :controller => "welcome", :action => "redo"
 
+  # authentication
+  map.signup '/signup', :controller => 'users', :action => 'new'
+  map.login '/login', :controller => 'sessions', :action => 'new'
+  map.logout '/logout', :controller => 'sessions', :action => 'destroy'
+  
 
   # Install the default routes as the lowest priority.
   map.connect ':controller/:action/:id'