blob: e115b35c67ced39fadb30ed627b72f18d3d2cb88 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# This controller handles the login/logout function of the site.
class SessionsController < ApplicationController
# Public
layout 'admin'
# render new.rhtml
def new
end
def create
logout_keeping_session!
user = User.authenticate(params[:login], params[:password])
if user
# Protects against session fixation attacks, causes request forgery
# protection if user resubmits an earlier form using back
# button. Uncomment if you understand the tradeoffs.
reset_session
self.current_user = user
redirect_back_or_default('/de/admin') # TODO: insert appropriate path to cms main page
flash[:notice] = "Logged in successfully"
else
note_failed_signin
@login = params[:login]
render :action => 'new'
end
end
def destroy
logout_killing_session!
flash[:notice] = "You have been logged out."
redirect_back_or_default('/login')
end
protected
# Track failed login attempts
def note_failed_signin
flash[:error] = "login not successful"
logger.warn "Failed login for '#{params[:login]}'" \
"from #{request.remote_ip} at #{Time.now.utc}"
end
end
|