89 lines
2.2 KiB
Ruby
89 lines
2.2 KiB
Ruby
class UsersController < ApplicationController
|
|
before_filter :require_no_user, :only => [:new, :create, :forgot_password]
|
|
before_filter :require_user, :only => [:show, :edit, :update, :change_password]
|
|
|
|
def new
|
|
@title = t(:signup)
|
|
@user = User.new
|
|
end
|
|
|
|
def create
|
|
# protect against bots
|
|
render :text => '' and return if params[:userlogin].length > 0
|
|
|
|
@user = User.new(params[:user])
|
|
|
|
# save user
|
|
if @user.valid?
|
|
if @user.save
|
|
redirect_back_or_default account_path and return
|
|
end
|
|
else
|
|
render :action => :new
|
|
end
|
|
|
|
end
|
|
|
|
def show
|
|
@menu = 'account'
|
|
@user = @current_user
|
|
end
|
|
|
|
def edit
|
|
@menu = 'account'
|
|
@user = @current_user
|
|
end
|
|
|
|
# displays forgot password page
|
|
def forgot_password
|
|
@user = User.new
|
|
end
|
|
|
|
# this action is called from an email link when a password reset is requested
|
|
def reset_password
|
|
# if user has been logged in (due to previous form submission)
|
|
if !current_user.nil?
|
|
@user = current_user
|
|
@user.errors.add_to_base(t(:password_problem))
|
|
@valid_link = true
|
|
else
|
|
@user = User.find_by_id(params[:id])
|
|
# make sure tokens match and password reset is within last 10 minutes
|
|
if @user.perishable_token == params[:token] && @user.updated_at > 600.seconds.ago
|
|
@valid_link = true
|
|
# log the user in
|
|
@user_session = UserSession.new(@user)
|
|
@user_session.save
|
|
end
|
|
end
|
|
end
|
|
|
|
# do the actual password change
|
|
def change_password
|
|
# protect against bots
|
|
render :text => '' and return if params[:userlogin].length > 0
|
|
|
|
@user = current_user
|
|
# if no password entered, redirect
|
|
redirect_to reset_password_path and return if params[:user][:password].empty?
|
|
# check current password and update
|
|
if @user.update_attributes(params[:user])
|
|
redirect_to account_path
|
|
else
|
|
redirect_to reset_password_path
|
|
end
|
|
end
|
|
|
|
def update
|
|
@menu = 'account'
|
|
@user = @current_user # makes our views "cleaner" and more consistent
|
|
# check current password and update
|
|
if @user.valid_password?(params[:password_current]) && @user.update_attributes(params[:user])
|
|
redirect_to account_path
|
|
else
|
|
@user.errors.add_to_base(t(:password_incorrect))
|
|
render :action => :edit
|
|
end
|
|
end
|
|
|
|
end |