class ApplicationControlle ActionController Base protect_from_forgery

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :authorize
skip_before_filter :login
def authorize
unless session[:user_id]
redirect_to(:controller => 'application', :action => 'login')
return false
else
# set current_user by the current user object
@current_user = User.find (session[:user_id])
return true
end
end
def login
authorized_user = User.authenticate(params[:username_or_email],params[:login_password])
if authorized_user
session[:user_id] = authorized_user.id
session[:user] = authorized_user
flash[:notice] = "Wow Welcome again, you logged in as #{authorized_user.username}"
redirect_to(:action => 'home')
else
flash[:notice] = "Invalid Username or Password"
flash[:color]= "invalid"
render "login"
end
end
def logout
session[:user_id] = nil
session[:user] = nil
redirect_to :action => 'login'
end
end