app/controllers/sessions_controller.rb
# -*- encoding : utf-8 -*-
# Sessions Controller
#
# This controller handles the login/logout function of the site.
#
# Copyright:: (C) 2009 Knowerce, s.r.o.
#
# Author:: Vojto Rinik <vojto@rinik.net>
# Date: Sep 2009
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class SessionsController < ApplicationController
# Be sure to include AuthenticationSystem in Application Controller instead
include AuthenticatedSystem
before_filter :login_required, :except => [:new, :create]
# render new.rhtml
def new
end
def create
logout_keeping_session!
user = User.authenticate(params[:login], params[:password])
if user
# Protects against session fixation attacks, causes request forgery
# protection if user resubmits an earlier form using back
# button. Uncomment if you understand the tradeoffs.
# reset_session
self.current_user = user
# Set locale
I18n.locale = user.loc if user.loc?
new_cookie_flag = true
handle_remember_cookie! new_cookie_flag
flash[:notice] = t("users.logged_in")
flash[:user_signed_in] = true
if params[:return] && params[:return].starts_with?('/')
redirect_to params[:return]
else
redirect_to root_path
end
else
note_failed_signin
@login = params[:login]
@remember_me = params[:remember_me]
render :action => 'new'
end
end
def destroy
logout_killing_session!
flash[:notice] = "You have been logged out."
redirect_to :back
end
protected
# Track failed login attempts
def note_failed_signin
flash[:error] = I18n.t('session.note_failed_signin')
logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
end
end