class AccountController < ApplicationController before_filter :login_required

1. class AccountController < ApplicationController
2. before_filter :login_required, :only => [:delete, :change_account_subdomain]
3.  
4. layout 'account', :except => [:leftlogin, :signup, :login]
5. # say something nice, you goof! something sweet.
6. def index
7. redirect_to (:action => 'signup') unless logged_in? || User.count > 0
8. end
9. # User login
10. def login
11. redirect_to :controller => 'map', :action => 'index' and return if logged_in?
12.  
13. if request.post?
14. # Find account by subdomain param
15. @account = Account.find_by_subdomain(params[:subdomain])
16. self.current_user = User.authenticate(params[:login], params[:password], @account ? @account.id : 0)
17. if current_user
18. if params[:remember_me] == "1"
19. self.current_user.remember_me
20. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
21. end
22.  
23. # Redirect to settings if current user's last login is nil
24. # (User redirected to settings first login)
25. redirect_to_settings = self.current_user.last_login.nil?
26.  
27. self.current_user.last_login = Time.now
28. self.current_user.save(false)
29.  
30. if redirect_to_settings
31. flash[:notice] = "Welcome to csip. This is your first login, please verify your information."
32.  
33. end
34.  
35. flash[:notice] = "Hello again!"
36. redirect_to :controller => 'map', :action => 'index'
37. else
38. account = Account.find_by_subdomain(params[:subdomain])
39. if !account.nil? && account.disabled?
40. flash[:notice] = "Account disabled"
41. else
42. flash[:notice] = "The user name and/or password is invalid."
43. end
44. end
45. end
46. end
47.  
48. def forgot_password
49. @accounts = Account.find(:all)
50. if request.post?
51. @user = User.find_by_email(params[:email])
52. if @user.nil?
53. flash[:notice] = "Email address does not match our records."
54. redirect_to :action => 'forgot_password' and return
55. end
56.  
57. @user.reset_password!
58.  
59. #new_password = @user.reset_password!
60. #Notifier::deliver_reset_password(@user, new_password)
61. flash[:notice] = "A new temporary password has been sent to your email address."
62. redirect_to :action => 'login' and return
63. end
64. end
65. #changing password
66. def change_password
67.  
68. self.current_user = User.find(params[:user_id])
69.  
70. if request.post?
71. if User.authenticate(@user.username,
72. params[:password][:old_password]) == @user
73. @user.password = params[:password][:new_password]
74. @user.password_confirmation =
75. params[:password][:new_password_confirmation]
76. if @user.save
77. flash[:notice] = 'Your password has been changed'
78. redirect_to :controller => 'map' , :action => 'index'
79. else
80. flash[:error] = 'Unable to change your password'
81. end
82. else
83. flash[:error] = 'Invalid password'
84. end
85. end
86. end
87.  
88. # Account signup
89. def signup
90. @account = Account.new(params[:account])
91. @user = User.new(params[:user])
92.  
93. return unless request.post?
94.  
95. # Populate user parameters with selected account parameters
96. [:fullname, :email].each { |a| params[:account][a] = params[:user][a] }
97.  
98. @user = User.new(params[:user])
99. @account = Account.new(params[:account])
100.  
101. # Have to run valid? across both user and account model before we can obtain error messages.
102. # The if condition below doesn't do this for us (strange..).
103. [@user, @account].each { |o| o.send('valid?') }
104.  
105. if @account.valid? && @user.valid?
106. begin
107. @account.users << @user
108. @account.save!
109. @user.roles << Role.find_by_title('admin')
110. rescue
111. flash[:error] = 'A fatal error has occurred. Please try again later.'
112. redirect_to :action => 'signup', :fatal => 'true' and return
113. end
114.  
115. self.current_user = @user
116.  
117. flash[:notice] = "Welcome to SafetyPin. Thanks for creating your new account. This is your first login, please verify your information."
118. redirect_to user_settings_url and return
119. else
120. render :action => 'signup' and return false
121. end
122. end
123.  
124.  
125.  
126. def logout
127. self.current_user.forget_me if logged_in?
128. cookies.delete :auth_token
129. reset_session
130. flash[:notice] = "You have been logged out."
131. redirect_to :action => 'login'
132. end
133.  
134. #delete account (doesnot actually delete, just disable)
135. def delete
136. @errors = []
137.  
138. if request.post?
139. @errors << "Please tell us why you are leaving?" if params[:reason].to_s.empty?
140. @errors << "Password is incorrect" unless User.authenticate(current_user.login, params[:password], current_user.account_id)
141.  
142. # Flag the account as deleted and create account closure record
143. if @errors.empty?
144. current_account.disable!
145. AccountClosure.create!(:account_id => current_user.account_id, :reason => params[:reason])
146.  
147. logout
148. end
149. end
150. end
151.  
152. def leftlogin
153. @account = Account.find_by_subdomain(params[:subdomain])
154. flash[:notice] = ""
155. return unless request.post?
156. self.current_user = User.authenticate(params[:login], params[:password])
157. if logged_in?
158. if params[:remember_me] == "1"
159. self.current_user.remember_me
160. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
161. end
162. #redirect_back_or_default(:controller => '/map', :action => 'index')
163. flash[:notice] = "Logged in successfully"
164. end
165. end
166.  
167. # Change account name
168. def change_account_subdomain
169. @account = Account.find(current_account.id)
170. @account.subdomain = params[:account_subdomain]
171.  
172. # Redirect back if no change was made
173. if current_account.subdomain == params[:account_subdomain]
174. redirect_to subscription_url and return
175. end
176.  
177. if @account.save
178. logout
179. else
180. flash[:error] = "Invalid subdomain"
181. redirect_to subscription_url
182. end
183. end
184. end