1. Signup

First you signup just like normal. Your browser runs a bit of javascript and does not transfer your password but some validator based on it.

2. Login

Login using the same credentials. Again javascript is used to calculate a random number and a key based on it that the server then uses to validate your password.

3. Verify

The server logs will tell you your password was not transmitted in clear. Never the less the server can determine wether you were authorized.

<% if @user.login %>

You are signed up as <%= @user.login %>.

<% end %>

<% if @user.active %>

You are logged in.

<% end %>

<%= button_link(:signup, :primary => !@user.login) %>

<%= button_link(:login, :primary => @user.login && !@user.active) %>

<%= button_link(:verify, :primary => @user.active) %>