require_dependency 'login_system' class AccountController < ApplicationController before_filter :login_required, :except => [:login, :signup, :recover, :reset] def show @account = Account.find params[:id] end def index render :action => 'welcome' end def list security_check nil @account_pages, @accounts = paginate :accounts, :per_page => 40, :order => "admin DESC, name" end def new security_check nil @account = Account.new end def create security_check nil @account = Account.new(params[:account]) if @account.save flash[:notice] = 'Account was successfully created.' redirect_to :action => 'list' else render :action => 'new' end end def toggleadmin security_check nil @account = Account.find params[:id] @account.admin = !@account.admin? @account.save redirect_to :action => 'show', :id => @account end def edit @account = Account.find(params[:id]) security_check @account end def update @account = Account.find(params[:id]) security_check @account existing = Account.find_by_login params[:account][:login] if existing and existing.id != params[:id].to_i flash[:notice] = "#{existing.login} has already been taken by another account." render :action => 'edit' return end if @account.update_attributes(params[:account]) flash[:notice] = 'Account was successfully updated.' session[:user] = @account redirect_to :action => 'show', :id => @account else render :action => 'edit' end end def destroy account = Account.find(params[:id]) security_check account account.destroy flash[:notice] = "Account deleted: #{account.login}" redirect_to :action => 'list' end def login case request.method when :post if session[:user] = Account.authenticate( params[:user_login], params[:user_password]) flash[:notice] = "Login successful." if params[:remember_me].eql?('1') set_login_cookie(params[:user_login], Account.hash_password(params[:user_password])) end redirect_back_or_default :action => "welcome" else flash.now['notice'] = "Login unsuccessful." @login = params[:user_login] end end end def signup @account = Account.new(params[:account]) unless Account.find_by_admin(true) @account.admin = true end if request.post? and @account.save session[:user] = Account.authenticate(@account.login, params[:account][:password]) flash[:notice] = "You have signed up successfully." if @account.admin? flash[:notice] += " Also, you have been automatically promoted as" + "the first administrator of this site." end redirect_back_or_default :action => "welcome" end end def logout reset_session delete_login_cookie end def welcome end def recover if params[:user_login] if user = Account.find_by_login(params[:user_login].strip) recovery_link = url_for :only_path => false, :controller => :account, :action => :reset, :login => params[:user_login], :token => user.password AccountMailer.deliver_password_reset(recovery_link, params[:user_login]) flash[:notice] = "An email with information on how " + "to reset your account has been sent to: #{params[:user_login]}" else flash[:notice] = params[:user_login].blank? ? "Please enter an email address to recover password." : "Your email address '#{params[:user_login]}' is not in the" + " database. Did you previously sign up under a different email?" end end end def reset user = Account.find_by_login_and_password(params[:login], params[:token]) @show_form = false if user case @request.method when :get flash[:notice] = "Please enter your new password below." @show_form = true when :post user.password = params[:password] user.save! session[:user] = user set_login_cookie(user.login, user.password) flash[:notice] = "Your password has been changed." redirect_back_or_default :action => "welcome" end else flash[:notice] = "There is a problem with your password reset link (wrong token). " + "Your link may be truncated or stale. " + "Please request a password reset from the login page again." @show_form = false end end end