## aplication.rb# Filters added to this controller apply to all controllers in

1. ## aplication.rb
2. # Filters added to this controller apply to all controllers in the application.
3. # Likewise, all the methods added will be available for all controllers.
4.  
5. class ApplicationController < ActionController::Base
6. helper :all # include all helpers, all the time
7. include AuthenticatedSystem
8. # See ActionController::RequestForgeryProtection for details
9. # Uncomment the :secret if you're not using the cookie session store
10. protect_from_forgery # :secret => 'e2cff4756d4a087f2f0fe972811c4abe'
11. end
12. ##passwords_controller.rb
13. class PasswordsController < ApplicationController
14.  
15. before_filter :not_logged_in_required, :only => [:new, :create]
16.  
17. # Enter email address to recover password
18. def new
19. end
20.  
21. # Forgot password action
22. def create
23. return unless request.post?
24. if @user = User.find_for_forget(params[:email])
25. @user.forgot_password
26. @user.save
27. flash[:notice] = "A password reset link has been sent to your email address."
28. redirect_to login_path
29. else
30. flash[:notice] = "Could not find a user with that email address."
31. render :action => 'new'
32. end
33. end
34.  
35. # Action triggered by clicking on the /reset_password/:id link recieved via email
36. # Makes sure the id code is included
37. # Checks that the id code matches a user in the database
38. # Then if everything checks out, shows the password reset fields
39. def edit
40. if params[:id].nil?
41. render :action => 'new'
42. return
43. end
44. @user = User.find_by_password_reset_code(params[:id]) if params[:id]
45. raise if @user.nil?
46. rescue
47. logger.error "Invalid Reset Code entered."
48. flash[:notice] = "Sorry - That is an invalid password reset code. Please check your code and try again. (Perhaps your email client inserted a carriage return?)"
49. #redirect_back_or_default('/')
50. redirect_to new_user_path
51. end
52.  
53. # Reset password action /reset_password/:id
54. # Checks once again that an id is included and makes sure that the password field isn't blank
55. def update
56. if params[:id].nil?
57. render :action => 'new'
58. return
59. end
60. if params[:password].blank?
61. flash[:notice] = "Password field cannot be blank."
62. render :action => 'edit', :id => params[:id]
63. return
64. end
65. @user = User.find_by_password_reset_code(params[:id]) if params[:id]
66. raise if @user.nil?
67. return if @user unless params[:password]
68. if (params[:password] == params[:password_confirmation])
69. #Uncomment and comment lines with @user to have the user logged in after reset - not recommended
70. #self.current_user = @user #for the next two lines to work
71. #current_user.password_confirmation = params[:password_confirmation]
72. #current_user.password = params[:password]
73. #@user.reset_password
74. #flash[:notice] = current_user.save ? "Password reset" : "Password not reset"
75. @user.password_confirmation = params[:password_confirmation]
76. @user.password = params[:password]
77. @user.reset_password
78. flash[:notice] = @user.save ? "Password reset." : "Password not reset."
79. else
80. flash[:notice] = "Password mismatch."
81. render :action => 'edit', :id => params[:id]
82. return
83. end
84. redirect_to login_path
85. rescue
86. logger.error "Invalid Reset Code entered"
87. flash[:notice] = "Sorry - That is an invalid password reset code. Please check your code and try again. (Perhaps your email client inserted a carriage return?)"
88. redirect_to new_user_path
89. end
90.  
91. end