This repository has been archived by the owner on Mar 27, 2022. It is now read-only.
/
sessions_controller.rb
78 lines (71 loc) · 2.3 KB
/
sessions_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
class SessionsController < ApplicationController
skip_before_filter :authenticate_user
before_filter :check_ssl, :except => %w(destroy)
def show
redirect_to new_session_path
end
# sign in form
def new
if Person.count > 0
generate_encryption_key
else
@show_help = local_request?
render :action => 'no_users'
end
end
# sign in
def create
if Rails.env == 'test' and params[:password]
password = params[:password]
else
password = decrypt_password(params[:encrypted_password])
end
if person = Person.authenticate(params[:email], password)
reset_session
unless person.can_sign_in?
redirect_to page_for_public_path('system/unauthorized')
return
end
session[:logged_in_id] = person.id
session[:logged_in_name] = person.first_name + ' ' + person.last_name
session[:ip_address] = request.remote_ip
flash[:notice] = "Welcome, #{person.first_name}."
if params[:from].to_s.any?
redirect_to 'http://' + request.host + ([80, 443].include?(request.port) ? '' : ":#{request.port}") + params[:from]
else
redirect_to person
end
elsif person == nil
if family = Family.find_by_email(params[:email])
flash[:warning] = 'That email address was found, but you must verify it before you can sign in.'
redirect_to new_account_path(:email => params[:email])
else
flash[:warning] = 'That email address cannot be found in our system. Please try another email.'
new; render :action => 'new'
end
else
flash[:warning] = "The password you entered doesn't match our records. Please try again."
new; render :action => 'new'
end
end
# sign out
def destroy
#session[:logged_in_id] = nil
reset_session
redirect_to new_session_path
end
private
def check_ssl
unless request.ssl? or RAILS_ENV != 'production' or !Setting.get(:features, :ssl)
redirect_to :protocol => 'https://', :from => params[:from]
return
end
end
def session_salt
unless session[:salt] and session[:salt_generated] > 5.minutes.ago
session[:salt] = (0..25).inject('') { |r, i| r << rand(93) + 33 }
session[:salt_generated] = Time.now
end
session[:salt]
end
end