Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## acounts_controler
- class AccountsController < ApplicationController
- before_filter :login_required, :except => :show
- before_filter :not_logged_in_required, :only => :show
- # Activate action
- def show
- # Uncomment and change paths to have user logged in after activation - not recommended
- #self.current_user = User.find_and_activate!(params[:id])
- User.find_and_activate!(params[:id])
- flash[:notice] = 'Your account has been activated! You can now login.'
- redirect_to login_path
- rescue User::ArgumentError
- flash[:notice] = 'Activation code not found. Please try creating a new account.'
- redirect_to new_user_path
- rescue User::ActivationCodeNotFound
- flash[:notice] = 'Activation code not found. Please try creating a new account.'
- redirect_to new_user_path
- rescue User::AlreadyActivated
- flash[:notice] = 'Your account has already been activated. You can log in below.'
- redirect_to login_path
- end
- def edit
- end
- # Change password action
- def update
- return unless request.post?
- if User.authenticate(current_user.login, params[:old_password])
- if ((params[:password] == params[:password_confirmation]) && !params[:password_confirmation].blank?)
- current_user.password_confirmation = params[:password_confirmation]
- current_user.password = params[:password]
- if current_user.save
- flash[:notice] = "Password successfully updated."
- redirect_to root_path #profile_url(current_user.login)
- else
- flash[:error] = "An error occured, your password was not changed."
- render :action => 'edit'
- end
- else
- flash[:error] = "New password does not match the password confirmation."
- @old_password = params[:old_password]
- render :action => 'edit'
- end
- else
- flash[:error] = "Your old password is incorrect."
- render :action => 'edit'
- end
- end
- end
- ##aplication.rb
- # Filters added to this controller apply to all controllers in the application.
- # Likewise, all the methods added will be available for all controllers.
- class ApplicationController < ActionController::Base
- helper :all # include all helpers, all the time
- include AuthenticatedSystem
- # See ActionController::RequestForgeryProtection for details
- # Uncomment the :secret if you're not using the cookie session store
- protect_from_forgery # :secret => 'e2cff4756d4a087f2f0fe972811c4abe'
- end
- ##pass_controller
- class PasswordsController < ApplicationController
- before_filter :not_logged_in_required, :only => [:new, :create]
- # Enter email address to recover password
- def new
- end
- # Forgot password action
- def create
- return unless request.post?
- if @user = User.find_for_forget(params[:email])
- @user.forgot_password
- @user.save
- flash[:notice] = "A password reset link has been sent to your email address."
- redirect_to login_path
- else
- flash[:notice] = "Could not find a user with that email address."
- render :action => 'new'
- end
- end
- # Action triggered by clicking on the /reset_password/:id link recieved via email
- # Makes sure the id code is included
- # Checks that the id code matches a user in the database
- # Then if everything checks out, shows the password reset fields
- def edit
- if params[:id].nil?
- render :action => 'new'
- return
- end
- @user = User.find_by_password_reset_code(params[:id]) if params[:id]
- raise if @user.nil?
- rescue
- logger.error "Invalid Reset Code entered."
- flash[:notice] = "Sorry - That is an invalid password reset code. Please check your code and try again. (Perhaps your email client inserted a carriage return?)"
- #redirect_back_or_default('/')
- redirect_to new_user_path
- end
- # Reset password action /reset_password/:id
- # Checks once again that an id is included and makes sure that the password field isn't blank
- def update
- if params[:id].nil?
- render :action => 'new'
- return
- end
- if params[:password].blank?
- flash[:notice] = "Password field cannot be blank."
- render :action => 'edit', :id => params[:id]
- return
- end
- @user = User.find_by_password_reset_code(params[:id]) if params[:id]
- raise if @user.nil?
- return if @user unless params[:password]
- if (params[:password] == params[:password_confirmation])
- #Uncomment and comment lines with @user to have the user logged in after reset - not recommended
- #self.current_user = @user #for the next two lines to work
- #current_user.password_confirmation = params[:password_confirmation]
- #current_user.password = params[:password]
- #@user.reset_password
- #flash[:notice] = current_user.save ? "Password reset" : "Password not reset"
- @user.password_confirmation = params[:password_confirmation]
- @user.password = params[:password]
- @user.reset_password
- flash[:notice] = @user.save ? "Password reset." : "Password not reset."
- else
- flash[:notice] = "Password mismatch."
- render :action => 'edit', :id => params[:id]
- return
- end
- redirect_to login_path
- rescue
- logger.error "Invalid Reset Code entered"
- flash[:notice] = "Sorry - That is an invalid password reset code. Please check your code and try again. (Perhaps your email client inserted a carriage return?)"
- redirect_to new_user_path
- end
- end
- ##Roles Controler
- class RolesController < ApplicationController
- before_filter :check_administrator_role
- def index
- @user = User.find(params[:user_id])
- @all_roles = Role.find(:all)
- end
- def update
- @user = User.find(params[:user_id])
- @role = Role.find(params[:id])
- unless @user.has_role?(@role.rolename)
- @user.roles << @role
- end
- redirect_to :action => 'index'
- end
- def destroy
- @user = User.find(params[:user_id])
- @role = Role.find(params[:id])
- if @user.has_role?(@role.rolename)
- @user.roles.delete(@role)
- end
- redirect_to :action => 'index'
- end
- end
- ##Sessions controler
- # This controller handles the login/logout function of the site.
- class SessionsController < ApplicationController
- layout 'application'
- before_filter :login_required, :only => :destroy
- before_filter :not_logged_in_required, :only => [:new, :create]
- # render new.rhtml
- def new
- end
- def create
- password_authentication(params[:login], params[:password])
- end
- def destroy
- self.current_user.forget_me if logged_in?
- cookies.delete :auth_token
- reset_session
- flash[:notice] = 'You have been logged out.'
- redirect_to login_path
- end
- protected
- # Updated 2/20/08
- def password_authentication(login, password)
- user = User.authenticate(login, password)
- if user == nil
- failed_login('Your username or password is incorrect.')
- elsif user.activated_at.blank?
- failed_login('Your account is not active, please check your email for the activation code.')
- elsif user.enabled == false
- failed_login('Your account has been disabled.')
- else
- self.current_user = user
- successful_login
- end
- end
- private
- def failed_login(message)
- flash.now[:error] = message
- render :action => 'new'
- end
- def successful_login
- if params[:remember_me] == "1"
- self.current_user.remember_me
- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
- end
- flash[:notice] = 'Logged in successfully'
- return_to = session[:return_to]
- if return_to.nil?
- redirect_to user_path(self.current_user)
- else
- redirect_to return_to
- end
- end
- end
- ##User Controler
- class UsersController < ApplicationController
- before_filter :not_logged_in_required, :only => [:new, :create]
- before_filter :login_required, :only => [:show, :edit, :update]
- before_filter :check_administrator_role, :only => [:index, :destroy, :enable]
- def index
- @users = User.find(:all)
- end
- #This show action only allows users to view their own profile
- def show
- @user = current_user
- end
- # render new.rhtml
- def new
- @user = User.new
- end
- def create
- cookies.delete :auth_token
- @user = User.new(params[:user])
- @user.save!
- #Uncomment to have the user logged in after creating an account - Not Recommended
- #self.current_user = @user
- flash[:notice] = "Thanks for signing up! Please check your email to activate your account before logging in."
- redirect_to login_path
- rescue ActiveRecord::RecordInvalid
- flash[:error] = "There was a problem creating your account."
- render :action => 'new'
- end
- def edit
- @user = current_user
- end
- def update
- @user = User.find(current_user)
- if @user.update_attributes(params[:user])
- flash[:notice] = "User updated"
- redirect_to :action => 'show', :id => current_user
- else
- render :action => 'edit'
- end
- end
- def destroy
- @user = User.find(params[:id])
- if @user.update_attribute(:enabled, false)
- flash[:notice] = "User disabled"
- else
- flash[:error] = "There was a problem disabling this user."
- end
- redirect_to :action => 'index'
- end
- def enable
- @user = User.find(params[:id])
- if @user.update_attribute(:enabled, true)
- flash[:notice] = "User enabled"
- else
- flash[:error] = "There was a problem enabling this user."
- end
- redirect_to :action => 'index'
- end
- end
Add Comment
Please, Sign In to add comment