# This controller handles the login/logout function of the site. class SessionsController < ApplicationController # Public layout 'admin' # render new.rhtml def new end def create logout_keeping_session! user = User.authenticate(params[:login], params[:password]) if user # Protects against session fixation attacks, causes request forgery # protection if user resubmits an earlier form using back # button. Uncomment if you understand the tradeoffs. reset_session self.current_user = user redirect_back_or_default('/de/admin') # TODO: insert appropriate path to cms main page flash[:notice] = "Logged in successfully" else note_failed_signin @login = params[:login] render :action => 'new' end end def destroy logout_killing_session! flash[:notice] = "You have been logged out." redirect_back_or_default('/login') end protected # Track failed login attempts def note_failed_signin flash[:error] = "login not successful" logger.warn "Failed login for '#{params[:login]}'" \ "from #{request.remote_ip} at #{Time.now.utc}" end end