44 lines
1.0 KiB
Ruby
44 lines
1.0 KiB
Ruby
class UserSessionsController < ApplicationController
|
|
before_filter :require_no_user, :only => [:new, :create]
|
|
before_filter :require_user, :only => :destroy
|
|
|
|
def new
|
|
@title = t(:signin)
|
|
@user_session = UserSession.new
|
|
@mail_message = session[:mail_message] if !session[:mail_message].nil?
|
|
end
|
|
|
|
def show
|
|
redirect_to root_path
|
|
end
|
|
|
|
def create
|
|
if params[:userlogin].length > 0
|
|
render :text => ''
|
|
else
|
|
@user_session = UserSession.new(params[:user_session])
|
|
|
|
# remember user_id if checkbox is checked
|
|
if params[:user_session][:remember_id] == '1'
|
|
cookies['user_id'] = { :value => params[:user_session][:login], :expires => 1.month.from_now }
|
|
else
|
|
cookies.delete 'user_id'
|
|
end
|
|
|
|
if @user_session.save
|
|
redirect_to root_path and return
|
|
else
|
|
# prevent timing and brute force password attacks
|
|
sleep 1
|
|
@failed = true
|
|
render :action => :new
|
|
end
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
current_user_session.destroy
|
|
reset_session
|
|
redirect_to root_path
|
|
end
|
|
end |