class UsersController < ApplicationController skip_before_filter :verify_authenticity_token, :only => [:login_form, :login] # allow login from anywhere before_filter :login_required, :only=>[:details, :change_form, :change, :pswd_change_form, :pswd_change] def login_form if logged_in? flash[:success] = "User already logged in" redirect_to(root_path) end end def login user_params = params[:user] || {} user = User.authenticate_by_email(user_params[:name], user_params[:password]) || User.authenticate_by_login(user_params[:name], user_params[:password]) unless user.nil? if (user.access_level == User::ACCESS_LEVEL_DISABLED) flash[:error] = "User access disabled" redirect_to(root_path) else self.current_user = user if params[:remember_me] == "1" current_user.set_remember_token cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at } end redirect_to(session[:return_to] || root_path) end else flash.now[:error] = "Unable to login user" render :action => 'login_form' end end def logout self.current_user.reset_remember_token if logged_in? cookies.delete :auth_token reset_session redirect_to(user_login_path) end def details @user = current_user end def change_form @user = current_user end def change @user=current_user if @user.update_attributes(params[:user].except(:access_level, :password)) flash[:success]="User Details Changed" redirect_to user_details_path else render :action => 'change_form' end end def pswd_change_form @user=current_user end def pswd_change user_params = params[:user] || {} @user=current_user if user_params[:old_password].blank? || user_params[:password].blank? || user_params[:password_confirmation].blank? flash.now[:error] = "Old and New Password Required" render :action => 'pswd_change_form' elsif !User.authenticate_by_email(@user.email, user_params[:old_password]) flash.now[:error] = "Invalid Old Password" render :action => 'pswd_change_form' elsif @user.update_attributes(:password => user_params[:password], :password_confirmation => user_params[:password_confirmation]) flash[:success]="Password Changed" redirect_to user_details_path else flash.now[:error] = "Could not change password" render :action => 'pswd_change_form' end end def pswd_forgot_form end def pswd_forgot user_params = params[:user] || {} user = User.set_reset_token(user_params[:email]) if user flash[:success] = "An email has been sent with the password reset details." redirect_to user_login_path else flash.now[:error] = "Could not reset password" render :action => 'pswd_forgot_form' end end def pswd_reset_form @token = params[:token] if @token.blank? # flash[:error]="Reset Token Required" redirect_to user_pswd_forgot_path return end user = User.authenticate_by_reset_token(@token) unless user flash[:error]="Could not reset password" redirect_to user_pswd_forgot_path return end end def pswd_reset user_params = params[:user] || {} @token = params[:token] if @token.blank? # flash.now[:error] = "Reset Token Expired" render :action => 'pswd_forgot_form' return end if user_params[:email].blank? || user_params[:password].blank? flash.now[:error] = "Email and Password Required" render :action => 'pswd_reset_form' return end if user_params[:password] != user_params[:password_confirmation] flash.now[:error] = "Password Confirmation does not match" render :action => 'pswd_reset_form' return end @token = params[:token] user = User.authenticate_by_reset_token(@token) unless user && user.email == user_params[:email] flash.now[:error] = "Invalid Email" render :action => 'pswd_reset_form' return end if !user.update_attributes(:password=>user_params[:password], :password_confirmation=>user_params[:password]) flash.now[:error] = "Could not change password" render :action => 'pswd_reset_form' return end flash[:success]="Password Changed" self.current_user = user redirect_to root_path end def welcome_form @token = params[:token] if @token.blank? # flash[:error]="Welcome Token Required" redirect_to user_pswd_forgot_path return end user = User.authenticate_by_reset_token(@token) unless user flash[:error]="Unable to validate user details" redirect_to user_pswd_forgot_path return end end def welcome user_params = params[:user] || {} @token = params[:token] if @token.blank? flash.now[:error] = "Welcome Token Expired" render :action => 'pswd_forgot_form' return end if user_params[:email].blank? || user_params[:password].blank? flash.now[:error] = "Email and Password Required" render :action => 'welcome_form' return end if user_params[:password] != user_params[:password_confirmation] flash.now[:error] = "Password Confirmation does not match" render :action => 'welcome_form' return end @token = params[:token] user = User.authenticate_by_reset_token(@token) unless user && user.email == user_params[:email] flash.now[:error] = "Invalid Email" render :action => 'welcome_form' return end if user.update_attributes(:password=>user_params[:password], :password_confirmation=>user_params[:password]) flash[:success]="Password Created" self.current_user = user redirect_to root_path else flash.now[:error] = "Could not change password" render :action => 'welcome_form' end end end