summaryrefslogtreecommitdiff
path: root/app/controllers/sessions_controller.rb
blob: e115b35c67ced39fadb30ed627b72f18d3d2cb88 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController
  
  # Public
  
  layout 'admin'
  
  # render new.rhtml
  def new
  end

  def create
    logout_keeping_session!
    user = User.authenticate(params[:login], params[:password])
    if user
      # Protects against session fixation attacks, causes request forgery
      # protection if user resubmits an earlier form using back
      # button. Uncomment if you understand the tradeoffs.
      reset_session
      
      self.current_user = user
      redirect_back_or_default('/de/admin')   # TODO: insert appropriate path to cms main page
      flash[:notice] = "Logged in successfully"
    else
      note_failed_signin
      @login = params[:login]
      render :action => 'new'
    end
  end

  def destroy
    logout_killing_session!
    flash[:notice] = "You have been logged out."
    redirect_back_or_default('/login')
  end

protected
  # Track failed login attempts
  def note_failed_signin
    flash[:error] = "login not successful"
    logger.warn "Failed login for '#{params[:login]}'" \
                "from #{request.remote_ip} at #{Time.now.utc}"
  end
end