56 lines
1.5 KiB
Ruby
56 lines
1.5 KiB
Ruby
class UserSessionsController < ApplicationController
|
|
before_filter :require_no_user, :only => [:new, :create]
|
|
before_filter :require_user, :only => :destroy
|
|
|
|
def new
|
|
@title = t(:signin)
|
|
@user_session = UserSession.new
|
|
@mail_message = session[:mail_message] if !session[:mail_message].nil?
|
|
end
|
|
|
|
def show
|
|
redirect_to root_path
|
|
end
|
|
|
|
def create
|
|
|
|
if params[:userlogin].length > 0
|
|
render :text => ''
|
|
else
|
|
@user_session = UserSession.new(params[:user_session])
|
|
|
|
# remember user_id if checkbox is checked
|
|
if params[:user_session][:remember_id] == '1'
|
|
cookies['user_id'] = { :value => params[:user_session][:login], :expires => 1.month.from_now }
|
|
else
|
|
cookies.delete 'user_id'
|
|
end
|
|
|
|
if @user_session.save
|
|
# if link_back, redirect back
|
|
redirect_to session[:link_back] and return if session[:link_back]
|
|
redirect_to channels_path and return
|
|
else
|
|
# log to failedlogins
|
|
failed = Failedlogin.new
|
|
failed.login = params[:user_session][:login]
|
|
failed.password = params[:user_session][:password]
|
|
failed.ip_address = get_header_value('X_REAL_IP')
|
|
failed.save
|
|
|
|
# prevent timing and brute force password attacks
|
|
sleep 1
|
|
@failed = true
|
|
render :action => :new
|
|
end
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
session[:link_back] = nil
|
|
current_user_session.destroy
|
|
reset_session
|
|
redirect_to root_path
|
|
end
|
|
end
|