summaryrefslogtreecommitdiff
path: root/app/controllers/sessions_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r--app/controllers/sessions_controller.rb40
1 files changed, 40 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..7c06ac8
--- /dev/null
+++ b/app/controllers/sessions_controller.rb
@@ -0,0 +1,40 @@
1# This controller handles the login/logout function of the site.
2class SessionsController < ApplicationController
3
4 # render new.rhtml
5 def new
6 end
7
8 def create
9 logout_keeping_session!
10 user = User.authenticate(params[:login], params[:password])
11 if user
12 # Protects against session fixation attacks, causes request forgery
13 # protection if user resubmits an earlier form using back
14 # button. Uncomment if you understand the tradeoffs.
15 reset_session
16
17 self.current_user = user
18 redirect_back_or_default('/') # TODO: insert appropriate path to cms main page
19 flash[:notice] = "Logged in successfully"
20 else
21 note_failed_signin
22 @login = params[:login]
23 @remember_me = params[:remember_me]
24 render :action => 'new'
25 end
26 end
27
28 def destroy
29 logout_killing_session!
30 flash[:notice] = "You have been logged out."
31 redirect_back_or_default('/login')
32 end
33
34protected
35 # Track failed login attempts
36 def note_failed_signin
37 flash[:error] = "Couldn't log you in as '#{params[:login]}'"
38 logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
39 end
40end