class UserSessionsController < ApplicationController before_filter :require_no_user, :only => [:new, :create] before_filter :require_user, :only => :destroy def new @title = t(:signin) @user_session = UserSession.new @mail_message = session[:mail_message] if !session[:mail_message].nil? end def show redirect_to root_path end def create if params[:userlogin].length > 0 render :text => '' else @user_session = UserSession.new(params[:user_session]) # remember user_id if checkbox is checked if params[:user_session][:remember_id] == '1' cookies['user_id'] = { :value => params[:user_session][:login], :expires => 1.month.from_now } else cookies.delete 'user_id' end if @user_session.save # if link_back, redirect back redirect_to session[:link_back] and return if session[:link_back] redirect_to channels_path and return else # log to failedlogins failed = Failedlogin.new failed.login = params[:user_session][:login] failed.password = params[:user_session][:password] failed.ip_address = get_header_value('X_REAL_IP') failed.save # prevent timing and brute force password attacks sleep 1 @failed = true render :action => :new end end end def destroy session[:link_back] = nil current_user_session.destroy reset_session redirect_to root_path end end