## acounts_controlerclass AccountsController < ApplicationController be

1. ## acounts_controler
2. class AccountsController < ApplicationController
3.  
4. before_filter :login_required, :except => :show
5. before_filter :not_logged_in_required, :only => :show
6.  
7. # Activate action
8. def show
9. # Uncomment and change paths to have user logged in after activation - not recommended
10. #self.current_user = User.find_and_activate!(params[:id])
11. User.find_and_activate!(params[:id])
12. flash[:notice] = 'Your account has been activated! You can now login.'
13. redirect_to login_path
14. rescue User::ArgumentError
15. flash[:notice] = 'Activation code not found. Please try creating a new account.'
16. redirect_to new_user_path
17. rescue User::ActivationCodeNotFound
18. flash[:notice] = 'Activation code not found. Please try creating a new account.'
19. redirect_to new_user_path
20. rescue User::AlreadyActivated
21. flash[:notice] = 'Your account has already been activated. You can log in below.'
22. redirect_to login_path
23. end
24.  
25. def edit
26. end
27.  
28. # Change password action
29. def update
30. return unless request.post?
31. if User.authenticate(current_user.login, params[:old_password])
32. if ((params[:password] == params[:password_confirmation]) && !params[:password_confirmation].blank?)
33. current_user.password_confirmation = params[:password_confirmation]
34. current_user.password = params[:password]
35. if current_user.save
36. flash[:notice] = "Password successfully updated."
37. redirect_to root_path #profile_url(current_user.login)
38. else
39. flash[:error] = "An error occured, your password was not changed."
40. render :action => 'edit'
41. end
42. else
43. flash[:error] = "New password does not match the password confirmation."
44. @old_password = params[:old_password]
45. render :action => 'edit'
46. end
47. else
48. flash[:error] = "Your old password is incorrect."
49. render :action => 'edit'
50. end
51. end
52.  
53. end
54.  
55. ##aplication.rb
56. # Filters added to this controller apply to all controllers in the application.
57. # Likewise, all the methods added will be available for all controllers.
58.  
59. class ApplicationController < ActionController::Base
60. helper :all # include all helpers, all the time
61. include AuthenticatedSystem
62. # See ActionController::RequestForgeryProtection for details
63. # Uncomment the :secret if you're not using the cookie session store
64. protect_from_forgery # :secret => 'e2cff4756d4a087f2f0fe972811c4abe'
65. end
66.  
67. ##pass_controller
68. class PasswordsController < ApplicationController
69.  
70. before_filter :not_logged_in_required, :only => [:new, :create]
71.  
72. # Enter email address to recover password
73. def new
74. end
75.  
76. # Forgot password action
77. def create
78. return unless request.post?
79. if @user = User.find_for_forget(params[:email])
80. @user.forgot_password
81. @user.save
82. flash[:notice] = "A password reset link has been sent to your email address."
83. redirect_to login_path
84. else
85. flash[:notice] = "Could not find a user with that email address."
86. render :action => 'new'
87. end
88. end
89.  
90. # Action triggered by clicking on the /reset_password/:id link recieved via email
91. # Makes sure the id code is included
92. # Checks that the id code matches a user in the database
93. # Then if everything checks out, shows the password reset fields
94. def edit
95. if params[:id].nil?
96. render :action => 'new'
97. return
98. end
99. @user = User.find_by_password_reset_code(params[:id]) if params[:id]
100. raise if @user.nil?
101. rescue
102. logger.error "Invalid Reset Code entered."
103. flash[:notice] = "Sorry - That is an invalid password reset code. Please check your code and try again. (Perhaps your email client inserted a carriage return?)"
104. #redirect_back_or_default('/')
105. redirect_to new_user_path
106. end
107.  
108. # Reset password action /reset_password/:id
109. # Checks once again that an id is included and makes sure that the password field isn't blank
110. def update
111. if params[:id].nil?
112. render :action => 'new'
113. return
114. end
115. if params[:password].blank?
116. flash[:notice] = "Password field cannot be blank."
117. render :action => 'edit', :id => params[:id]
118. return
119. end
120. @user = User.find_by_password_reset_code(params[:id]) if params[:id]
121. raise if @user.nil?
122. return if @user unless params[:password]
123. if (params[:password] == params[:password_confirmation])
124. #Uncomment and comment lines with @user to have the user logged in after reset - not recommended
125. #self.current_user = @user #for the next two lines to work
126. #current_user.password_confirmation = params[:password_confirmation]
127. #current_user.password = params[:password]
128. #@user.reset_password
129. #flash[:notice] = current_user.save ? "Password reset" : "Password not reset"
130. @user.password_confirmation = params[:password_confirmation]
131. @user.password = params[:password]
132. @user.reset_password
133. flash[:notice] = @user.save ? "Password reset." : "Password not reset."
134. else
135. flash[:notice] = "Password mismatch."
136. render :action => 'edit', :id => params[:id]
137. return
138. end
139. redirect_to login_path
140. rescue
141. logger.error "Invalid Reset Code entered"
142. flash[:notice] = "Sorry - That is an invalid password reset code. Please check your code and try again. (Perhaps your email client inserted a carriage return?)"
143. redirect_to new_user_path
144. end
145.  
146. end
147. ##Roles Controler
148. class RolesController < ApplicationController
149.  
150. before_filter :check_administrator_role
151.  
152. def index
153. @user = User.find(params[:user_id])
154. @all_roles = Role.find(:all)
155. end
156.  
157. def update
158. @user = User.find(params[:user_id])
159. @role = Role.find(params[:id])
160. unless @user.has_role?(@role.rolename)
161. @user.roles << @role
162. end
163. redirect_to :action => 'index'
164. end
165.  
166. def destroy
167. @user = User.find(params[:user_id])
168. @role = Role.find(params[:id])
169. if @user.has_role?(@role.rolename)
170. @user.roles.delete(@role)
171. end
172. redirect_to :action => 'index'
173. end
174.  
175. end
176.  
177. ##Sessions controler
178.  
179. # This controller handles the login/logout function of the site.
180. class SessionsController < ApplicationController
181. layout 'application'
182. before_filter :login_required, :only => :destroy
183. before_filter :not_logged_in_required, :only => [:new, :create]
184.  
185. # render new.rhtml
186. def new
187. end
188.  
189. def create
190. password_authentication(params[:login], params[:password])
191. end
192.  
193. def destroy
194. self.current_user.forget_me if logged_in?
195. cookies.delete :auth_token
196. reset_session
197. flash[:notice] = 'You have been logged out.'
198. redirect_to login_path
199. end
200.  
201. protected
202.  
203. # Updated 2/20/08
204. def password_authentication(login, password)
205. user = User.authenticate(login, password)
206. if user == nil
207. failed_login('Your username or password is incorrect.')
208. elsif user.activated_at.blank?
209. failed_login('Your account is not active, please check your email for the activation code.')
210. elsif user.enabled == false
211. failed_login('Your account has been disabled.')
212. else
213. self.current_user = user
214. successful_login
215. end
216. end
217.  
218. private
219.  
220. def failed_login(message)
221. flash.now[:error] = message
222. render :action => 'new'
223. end
224.  
225. def successful_login
226. if params[:remember_me] == "1"
227. self.current_user.remember_me
228. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
229. end
230. flash[:notice] = 'Logged in successfully'
231. return_to = session[:return_to]
232. if return_to.nil?
233. redirect_to user_path(self.current_user)
234. else
235. redirect_to return_to
236. end
237. end
238.  
239. end
240.  
241. ##User Controler
242.  
243. class UsersController < ApplicationController
244.  
245. before_filter :not_logged_in_required, :only => [:new, :create]
246. before_filter :login_required, :only => [:show, :edit, :update]
247. before_filter :check_administrator_role, :only => [:index, :destroy, :enable]
248.  
249. def index
250. @users = User.find(:all)
251. end
252.  
253. #This show action only allows users to view their own profile
254. def show
255. @user = current_user
256. end
257.  
258. # render new.rhtml
259. def new
260. @user = User.new
261. end
262.  
263. def create
264. cookies.delete :auth_token
265. @user = User.new(params[:user])
266. @user.save!
267. #Uncomment to have the user logged in after creating an account - Not Recommended
268. #self.current_user = @user
269. flash[:notice] = "Thanks for signing up! Please check your email to activate your account before logging in."
270. redirect_to login_path
271. rescue ActiveRecord::RecordInvalid
272. flash[:error] = "There was a problem creating your account."
273. render :action => 'new'
274. end
275.  
276. def edit
277. @user = current_user
278. end
279.  
280. def update
281. @user = User.find(current_user)
282. if @user.update_attributes(params[:user])
283. flash[:notice] = "User updated"
284. redirect_to :action => 'show', :id => current_user
285. else
286. render :action => 'edit'
287. end
288. end
289.  
290. def destroy
291. @user = User.find(params[:id])
292. if @user.update_attribute(:enabled, false)
293. flash[:notice] = "User disabled"
294. else
295. flash[:error] = "There was a problem disabling this user."
296. end
297. redirect_to :action => 'index'
298. end
299.  
300. def enable
301. @user = User.find(params[:id])
302. if @user.update_attribute(:enabled, true)
303. flash[:notice] = "User enabled"
304. else
305. flash[:error] = "There was a problem enabling this user."
306. end
307. redirect_to :action => 'index'
308. end
309.  
310. end