ensl.org/app/controllers/users_controller.rb

class UsersController < ApplicationController
  before_filter :get_user, :only => [:show, :history, :popup, :agenda, :edit, :update, :destroy]
  respond_to :html, :js

  def index
    @users = User.search(params[:search]).paginate(:per_page => 40, :page => params[:page])
  end

  def show
    @page = "general"
    respond_to do |format|
      format.js do
        pages = ["general", "favorites", "computer", "articles", "movies", "teams", "matches", "predictions", "comments"]
        if pages.include?(params[:page])
          @page = params[:page]
        end
      end
      format.html {}
    end
  end

  def agenda
    @teamer = Teamer.new
    @teamer.user = @user
  end

  def history
    raise AccessError unless cuser and cuser.admin?
  end

  def popup
    render :layout => false
  end

  def new
    @user = User.new
    @user.profile = Profile.new
    @user.lastip = request.env['REMOTE_ADDR']
    @user.can_create? cuser
  end

  def edit
    raise AccessError unless @user.can_update? cuser
  end

  def create
    @user = User.new params[:user]
    @user.lastvisit = Date.today
    @user.lastip = request.env['REMOTE_ADDR']

    raise AccessError unless @user.can_create? cuser

    if @user.valid? and @user.save
      @user.profile = Profile.new
      @user.profile.user = @user
      @user.profile.save()
      redirect_to :action => :show, :id => @user.id
      save_session @user
    else
      render :action => "new"
    end
  end

  def update
    raise AccessError unless @user.can_update? cuser
    if @user.update_attributes params[:user]
      flash[:notice] = t(:users_update)
      redirect_to_back
    else
      render :action => "edit"
    end
  end

  def destroy
    raise AccessError unless @user.can_destroy? cuser
    @user.destroy
    redirect_to users_url
  end

  def login
    return unless request.post?

    if u = User.authenticate(params[:login][:username], params[:login][:password])
      raise Error, t(:accounts_locked) if u.banned? Ban::TYPE_SITE

      flash[:notice] = t(:login_successful)
      save_session u

      if session[:return_to]
        return_to
      else
        redirect_to_back
      end
    else
      flash[:error] = t(:login_unsuccessful)
      redirect_to_back
    end
  end

  def logout
    if request.post?
      session[:user] = nil
      flash[:notice] = t(:login_out)
      redirect_to :root
    end
  end

  def forgot
    if request.post?
      if u = User.first(:conditions => {:username => params[:username], :email => params[:email]}) and u.send_new_password
        flash[:notice] = t(:passwords_sent)
      else
        flash[:error] = t(:incorrect_information)
      end
    end
  end

  private

  def get_user
    @user = User.find(params[:id])
  end

  def save_session user
    session[:user] = user.id
    user.lastip = request.ip
    user.lastvisit = DateTime.now
    user.save()
  end
end
Purged git history and removed sensitive information. 2014-03-23 00:22:25 +00:00			`class UsersController < ApplicationController`
			`before_filter :get_user, :only => [:show, :history, :popup, :agenda, :edit, :update, :destroy]`
			`respond_to :html, :js`

			`def index`
			`@users = User.search(params[:search]).paginate(:per_page => 40, :page => params[:page])`
			`end`

			`def show`
			`@page = "general"`
			`respond_to do \|format\|`
			`format.js do`
			`pages = ["general", "favorites", "computer", "articles", "movies", "teams", "matches", "predictions", "comments"]`
			`if pages.include?(params[:page])`
			`@page = params[:page]`
			`end`
			`end`
			`format.html {}`
			`end`
			`end`

			`def agenda`
			`@teamer = Teamer.new`
			`@teamer.user = @user`
			`end`

			`def history`
			`raise AccessError unless cuser and cuser.admin?`
			`end`

			`def popup`
			`render :layout => false`
			`end`

			`def new`
			`@user = User.new`
			`@user.profile = Profile.new`
			`@user.lastip = request.env['REMOTE_ADDR']`
			`@user.can_create? cuser`
			`end`

			`def edit`
			`raise AccessError unless @user.can_update? cuser`
			`end`

			`def create`
			`@user = User.new params[:user]`
			`@user.lastvisit = Date.today`
			`@user.lastip = request.env['REMOTE_ADDR']`

			`raise AccessError unless @user.can_create? cuser`

			`if @user.valid? and @user.save`
			`@user.profile = Profile.new`
			`@user.profile.user = @user`
			`@user.profile.save()`
			`redirect_to :action => :show, :id => @user.id`
			`save_session @user`
			`else`
			`render :action => "new"`
			`end`
			`end`

			`def update`
			`raise AccessError unless @user.can_update? cuser`
			`if @user.update_attributes params[:user]`
			`flash[:notice] = t(:users_update)`
			`redirect_to_back`
			`else`
			`render :action => "edit"`
			`end`
			`end`

			`def destroy`
			`raise AccessError unless @user.can_destroy? cuser`
			`@user.destroy`
			`redirect_to users_url`
			`end`

			`def login`
			`return unless request.post?`

			`if u = User.authenticate(params[:login][:username], params[:login][:password])`
			`raise Error, t(:accounts_locked) if u.banned? Ban::TYPE_SITE`

			`flash[:notice] = t(:login_successful)`
			`save_session u`

			`if session[:return_to]`
			`return_to`
			`else`
			`redirect_to_back`
			`end`
			`else`
			`flash[:error] = t(:login_unsuccessful)`
			`redirect_to_back`
			`end`
			`end`

			`def logout`
			`if request.post?`
			`session[:user] = nil`
			`flash[:notice] = t(:login_out)`
			`redirect_to :root`
			`end`
			`end`

			`def forgot`
			`if request.post?`
			`if u = User.first(:conditions => {:username => params[:username], :email => params[:email]}) and u.send_new_password`
			`flash[:notice] = t(:passwords_sent)`
			`else`
			`flash[:error] = t(:incorrect_information)`
			`end`
			`end`
			`end`

			`private`

			`def get_user`
			`@user = User.find(params[:id])`
			`end`

			`def save_session user`
			`session[:user] = user.id`
			`user.lastip = request.ip`
			`user.lastvisit = DateTime.now`
			`user.save()`
			`end`
			`end`