yooo this is sick

app/controllers/application_controller.rb

@@ -1,2 +1,18 @@
 class ApplicationController < ActionController::Base
+  helper_method :current_user, :logged_in?
+
+  def current_user
+    @current_user ||= User.find_by(id: session[:user_id]) if session[:user_id]
+  end
+
+  def logged_in?
+    !current_user.nil?
+  end
+
+  def require_user
+    unless logged_in?
+      flash[:alert] = "You must be logged in first. Please visit <a href=\"/signup\">the signup page</a> to create an account."
+      redirect_to login_path
+    end
+  end
 end

app/controllers/articles_controller.rb

@@ -1,5 +1,5 @@
 class ArticlesController < ApplicationController
-  http_basic_authenticate_with name: "dhh", password: "secret", except: [:index, :show]
+  before_action :require_user, except: [:show, :index]
 
   def index
     @articles = Article.all
@@ -15,6 +15,7 @@ class ArticlesController < ApplicationController
 
   def create
     @article = Article.new(article_params)
+    @article.user_id = current_user.id
 
     if @article.save
       redirect_to @article

app/controllers/comments_controller.rb

@@ -1,21 +1,31 @@
 class CommentsController < ApplicationController
-  http_basic_authenticate_with name: "dhh", password: "secret", only: :destroy
+  before_action :require_user
 
   def create
     @article = Article.find(params[:article_id])
-    @comment = @article.comments.create(comment_params)
+    @comment = @article.comments.new(comment_params)
+    @comment.commenter = current_user.username
+
+    if @comment.save
+      flash[:notice] = "Comment added successfully."
+    else
+      flash[:alert] = "Failed to add comment."
+    end
+
     redirect_to article_path(@article)
   end
 
   def destroy
     @article = Article.find(params[:article_id])
     @comment = @article.comments.find(params[:id])
-    comment.destroy
+    if @article.user_id == current_user.id || @comment.commenter == current_user.username
+      @comment.destroy
+    end
     redirect_to article_path(@article), status: :see_other
   end
 
   private
     def comment_params
-      params.require(:comment).permit(:commenter, :body, :status)
+      params.require(:comment).permit(:body, :status)
     end
 end

app/controllers/sessions_controller.rb

@@ -0,0 +1,23 @@
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    user = User.find_by(email: params[:email].downcase)
+    if user && user.authenticate(params[:password])
+      session[:user_id] = user.id
+      flash[:notice] = "Logged in successfully."
+      redirect_to root_path
+    else
+      flash[:alert] = "Invalid email or password"
+      render :new
+    end
+  end
+
+  def destroy
+    session[:user_id] = nil
+    reset_session
+    flash[:notice] = "Logged out successfully."
+    redirect_to root_path
+  end
+end

app/controllers/users_controller.rb

@@ -0,0 +1,22 @@
+class UsersController < ApplicationController
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      session[:user_id] = @user.id
+      flash[:notice] = "Welcome! You have successfully signed up."
+      redirect_to root_path
+    else
+      render :new
+    end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:username, :email, :password, :password_confirmation)
+  end
+end