moved some stuff from account-controller to session-controller & user…

…s-controller, since restful_authentication is now used
bakkdoor · Sep 5, 2008 · e98585b · e98585b
1 parent 360a08d
commit e98585b
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 7 deletions.
diff --git a/src/app/controllers/account_controller.rb b/src/app/controllers/account_controller.rb
@@ -43,6 +43,7 @@ def update
     end
   end
 
+=begin (old, now taken care of in SessionsController)
   #######################################
   # => Login/logout specific actions #
   #######################################
@@ -111,5 +112,6 @@ def logout
     flash[:notice] = (l :logout_successful_notice)
     redirect_back_or_default(:controller => '/', :action => 'index')
   end
+=end
 
 end
diff --git a/src/app/controllers/sessions_controller.rb b/src/app/controllers/sessions_controller.rb
@@ -18,8 +18,24 @@ def create
       self.current_user = user
       new_cookie_flag = (params[:remember_me] == "1")
       handle_remember_cookie! new_cookie_flag
-      redirect_back_or_default('/')
-      flash[:notice] = "Logged in successfully"
+
+      last_login = user.last_login
+      user.last_login = Time.now
+      user.save
+
+      last_login ||= Time.now
+
+      session[:last_login] = last_login
+
+      if user.failed_logins > 0
+        flash[:error] = "#{l :failed_logins}: #{user.failed_logins}"
+        user.failed_logins = 0 # reset, since successfully logged in now.
+        user.save
+      end
+
+      redirect_back_or_default(:controller => '/account', :action => 'index')
+      flash[:notice] = (l :login_successful_notice)
+
     else
       note_failed_signin
       @login       = params[:login]
@@ -30,14 +46,15 @@ def create
 
   def destroy
     logout_killing_session!
-    flash[:notice] = "You have been logged out."
+    flash[:notice] = (l :logout_successful_notice)
     redirect_back_or_default('/')
   end
 
 protected
   # Track failed login attempts
   def note_failed_signin
-    flash[:error] = "Couldn't log you in as '#{params[:login]}'"
+    #flash[:error] = "Couldn't log you in as '#{params[:login]}'"
+    flash[:error] = (l :login_failed_error)
     logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
   end
 end
diff --git a/src/app/controllers/users_controller.rb b/src/app/controllers/users_controller.rb
@@ -27,6 +27,7 @@ def create
     if success && @user.errors.empty?
       redirect_back_or_default('/')
       flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+      #flash[:notice] = (l :signup_successful_notice)
     else
       flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
       render :action => 'new'

diff --git a/src/app/models/user.rb b/src/app/models/user.rb
@@ -40,7 +40,18 @@ class User < ActiveRecord::Base
   def self.authenticate(login, password)
     return nil if login.blank? || password.blank?
     u = find_in_state :first, :active, :conditions => {:login => login} # need to get the salt
-    u && u.authenticated?(password) ? u : nil
+    loggeg_in_user = u && u.authenticated?(password) ? u : nil
+
+    # if not correctly logged in, increase failed_logins counter 
+    unless (loggeg_in_user)
+      failed_user = User.find_by_login(login)
+      if failed_user
+        failed_user.failed_logins += 1
+        failed_user.save
+      end
+    end
+
+    loggeg_in_user # return logged_in user
   end
 
   def login=(value)

diff --git a/src/app/views/sessions/new.html.erb b/src/app/views/sessions/new.html.erb
@@ -7,10 +7,9 @@
 <p><%= label_tag 'password' %><br/>
 <%= password_field_tag 'password', nil %></p>
 
-<!-- Uncomment this if you want this functionality
 <p><%= label_tag 'remember_me', 'Remember me' %>
 <%= check_box_tag 'remember_me', '1', @remember_me %></p>
--->
+
 
 <p><%= submit_tag 'Log in' %></p>
 <% end -%>