#Generated by LoginGenerator: 
#  http://wiki.rubyonrails.org/rails/pages/LoginGenerator
class AccountController < ApplicationController
  # Be sure to include AuthenticationSystem in Application Controller instead
  include AuthenticatedSystem
  # If you want "remember me" functionality, add this before_filter to Application Controller
  before_filter :login_from_cookie
  before_filter :login_required, :only => [:manage, :change_email, :modify]
    
  def index
    return unless request.post?
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
	   if params[:remember_me] == "1"
        self.current_user.remember_me
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      end
      redirect_back_or_default( '/'  )
      flash[:notice] = "Logged in successfully"
    end   
  end

  def login
    return unless request.post?
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
      if params[:remember_me] == "1"
        self.current_user.remember_me
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      end
      redirect_back_or_default(:controller => '/account', :action => 'index')
      flash[:notice] = "Logged in successfully"
    end
  end

  def signup
  	usercount = User.count
  	  	
    if ((usercount != 0) && !(logged_in?))
	redirect_to :action => 'login'
    else
	    @user = User.new(params[:user])
	    return unless request.post?
	    @user.save!
	    self.current_user = @user
	    redirect_back_or_default(:controller => '/account', :action => 'index')
	    flash[:notice] = "Thanks for signing up!"
    end 
	  rescue ActiveRecord::RecordInvalid
	    render :action => 'signup'
  end
  
  def logout
    self.current_user.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
    flash[:notice] = "You have been logged out."
    redirect_back_or_default(:controller => '/account', :action => 'index')
  end
  
  def manage
  	if User.find_by_id(session[:user]).roles.include?("admin")
  		@users = User.find(:all)
  	else
  		redirect_to :action => 'overview'
  	end
  end
  
  def overview
  	@user = User.find_by_id(session[:user])
  end
  
  def modify
  	@user = User.find(params[:id])
  	render :partial => 'form'
  end
  
  def reset_password
  	@user = User.find(params[:id])
  	if ( (User.find_by_id(session[:user]).login == @user.login) || ( 
  		  User.find_by_id(session[:user]).roles.include?("admin")) )
  		render :partial => 'change_password'
  	else
  		render :inline => '<h2 style="background-color: #333; color: white;">No Access</h2>'
  	end
  end
  
  def change_email
  	@user = User.find(params[:id])
  		render :partial => 'change_email'
  end
  
  def update
  	  @user = User.find(params[:id])
  	
      respond_to do |format|
      if @user.update_attributes(params[:user])
      	#Regular Display      
        flash[:notice] = 'User was successfully updated.'
        format.html { redirect_to(:action => 'manage') }
        format.xml  { head :ok }
      end	
 	end
  end
  
  def destroy
  	if !permission_required :admin
  		return
  	end
  	
    @user = User.find(params[:id])
    @user.destroy

    respond_to do |format|
      format.html { redirect_to(:action => 'manage') }
      format.xml  { head :ok }
    end
  end
end