class AuthController < ApplicationController
  def login
    unless session_get_user.blank?
      flash[:notice] = ""
      redirect_to(top_url)
      return
    end

    @display_type = DISPLAY_TYPE_SIMPLE

    if request.post?
      begin
        user = User.authenticate(params[:id], params[:password])
        raise if user.blank?
        session_set_user(user)
Log.create(:user_id => user.id, :action => action_name)
        redirect_to(top_url)
      rescue => e
        flash.now[:notice] = t(:error_login)
Log.create(:user_id => 0, :action => action_name, :error => params[:id] + " " + t(:error_login) + " " + e.message)
      end
    end
  end

  def logout
    begin
      user = session[:user_id]
Log.create(:user_id => user.id, :action => action_name) unless user.blank?
    rescue
    end
    session_reset
    redirect_to(root_url)
  end

  def password
    @display_type = DISPLAY_TYPE_SIMPLE
    @user = User.find(session[:user_id])
  end

  def change
    @display_type = DISPLAY_TYPE_SIMPLE

    begin
      @user = User.find(params[:user][:id])
#      redirect_to(:action => :password, :id => @app.user.id) and return unless updated?

      if request.put?
        @user.attributes=params[:user]

        if params[:user][:password] != params[:user][:password_confirmation]
          flash[:notice] = t(:error_pwd_match);
          render :action => :password, :status => 400 and return
        end

        if User.authenticate( @user.account, params[:user][:password_required] ).blank?
          flash[:notice] = t(:error_login)
          render :action => :password, :status => 400 and return
        end

        User.transaction do
          @update_flag = @user.save!
          flash[:notice] = t(:success_updated, :id => @user.name)
        end
      end

    rescue
      render :action => :password, :status => 400 and return
    end
    render :action => :password
  end

  def open_close
    session_set_msg_opn(params[:flag])
    render :text => "" and return
  end

protected
  def authorize
  end
end