Method: Cms::SessionsController#create

Defined in:
app/controllers/cms/sessions_controller.rb

#createObject 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'app/controllers/cms/sessions_controller.rb', line 12

def create
  logout_keeping_session!
  user = User.authenticate(params[:login], params[:password])
  if user
    # Protects against session fixation attacks, causes request forgery
    # protection if user resubmits an earlier form using back
    # button. Uncomment if you understand the tradeoffs.
    # reset_session
    self.current_user = user
    new_cookie_flag = (params[:remember_me] == "1")
    handle_remember_cookie! new_cookie_flag
    flash[:notice] = "Logged in successfully"
    if params[:success_url] # Coming from login portlet
      redirect_to((!params[:success_url].blank? && params[:success_url]) || session[:return_to] || "/")
      session[:return_to] = nil
    else
      redirect_back_or_default(cms.home_url)
    end
  else
    
    @login       = params[:login]
    @remember_me = params[:remember_me]
    flash[:login_error] = "Log in failed"
    if params[:success_url] # Coming from login portlet
      if params[:success_url].blank?
        success_url = session[:return_to] || "/"
      else
        success_url = params[:success_url]
      end
      flash[:login] = params[:login]
      flash[:remember_me] = params[:remember_me]
      flash[:success_url] = success_url
      redirect_to request.referrer
    else
      render :action => "new"
    end
  end
end