app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
skip_before_action :authorize
def new
end
def create
user = User.find_by(name: params[:session][:name].downcase)
if user and user.authenticate(params[:session][:password])
log_in user
redirect_back_or events_path
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
log_out if logged_in?
redirect_to root_path
end
end