Untitled

class Panelist < ActiveRecord::Base

  def before_create
    self.hashed_password = Panelist.hash_password(self.password)
  end

  def after_create
    @password = nil
  end

  def confirmation_key
    Panelist.hash_password(hashed_password + created_at.to_s + id.to_s)
  end

  def password_reset_key
    Panelist.hash_password(hashed_password + created_at.to_s + id.to_s + email)
  end

  def try_to_login
    logged_in_panelist = Panelist.login(email,password)
    if logged_in_panelist
      logged_in_panelist.update_attribute(:last_ip, last_ip)
      return logged_in_panelist
    else
      return nil
    end
  end

  def password_reset(key)
    if key != self.password_reset_key
      return 'Password reset key is not valid: ' + key + " is not " + self.password_reset_key
    else
      if self.password.length < 4
        return 'Password must be at least 4 characters'
      elsif self.password != self.password_confirmation
        return 'Password does not match confirmation'
      else
        self.hashed_password = Panelist.hash_password(self.password)
        self.update
        return nil
      end
    end
  end


  private
  def self.login(email, password)
    hashed_password = Panelist.hash_password(password || "")
    find(:first, :conditions => ["email = ? and hashed_password = ?", email, hashed_password])
  end

  def self.hash_password(password)
    Digest::SHA1.hexdigest(password)
  end
end

class PanelistManagerController < ApplicationController
  def create
    @panelist = Panelist.new(params[:panelist])
    @panelist.last_ip = request.remote_ip
    if @panelist.save
      flash[:notice] = 'Panelist was successfully created.'
      confirmurl = url_for( :controller => "panelist_manager", :action => "confirm", :id => @panelist.id, :key => @panelist.confirmation_key)
      email = PanelistMailer.create_confirmemail(@panelist, confirmurl)
      render(:text => "<pre>" + email.encoded + "</pre>")
     # PanelistMailer.deliver_confirmemail(@panelist, confirmurl)
     # redirect_to :action => 'list'
    else
      render :action => 'new'
    end
  end
  def confirm
    panelist = Panelist.find(params[:id])
    if panelist == nil
      redirect_to :action => 'index'
    else
      key = params[:key]
      if key == panelist.confirmation_key
        panelist.email_confirmed = 'y'
        panelist.update
        flash[:notice] = 'Your e-mail address has been confirmed, and you are now an active panelist.'
        redirect_to :action => 'index'
      else
        redirect_to :action => 'index'
      end
    end
  end

  def login
    if request.get?
      session[:panelist_id] = nil
      @panelist = Panelist.new
    else
      @panelist = Panelist.new(params[:panelist])
      @panelist.last_ip = request.remote_ip
      logged_in_panelist = @panelist.try_to_login
      if logged_in_panelist
        session[:panelist_id] = logged_in_panelist.id
        flash[:notice] = "You have been logged in."
        if params[:redirect]
          redirect_to(params[:redirect])
        else
          redirect_to(:action => "index")
        end
      else
        flash[:notice] = "Invalid e-mail/password combination"
      end
    end
  end

  def passwordreset
    if request.get?
      @panelist = Panelist.new
    else
      @panelist = Panelist.new(params[:panelist])
      reset_panelist = Panelist.find_by_email(@panelist.email)
      if reset_panelist
        reseturl = url_for(:action => 'tryreset', :id => reset_panelist.id, :key => reset_panelist.password_reset_key)
        email = PanelistMailer.create_resetemail(reset_panelist,reseturl)
        render(:text => "<pre>" + email.encoded + "</pre>")
      else
        flash[:notice] = 'No panelist with that e-mail address was found'
      end
    end
  end

  def tryreset
    if request.get?
      @panelist = Panelist.find_by_id(params[:id])
      @key = params[:key]
      if @panelist == nil or @panelist.password_reset_key != @key
        redirect_to :action => 'index'
      end
    else
      @panelist = Panelist.new(params[:panelist])
      @panelist.id = params[:id]
      reset_panelist = Panelist.find_by_id(@panelist.id)
      if reset_panelist == nil
        redirect_to :action => 'index'
      else
        reset_panelist.password = @panelist.password
        reset_panelist.password_confirmation = @panelist.password_confirmation
        @key = params[:key]
        if !(flash[:notice] = reset_panelist.password_reset(@key))
          flash[:notice] = "Your password has been reset"
          redirect_to :action => 'login'
        end
      end
    end
  end
end