Purged git history and removed sensitive information.

app/controllers/users_controller.rb

@@ -0,0 +1,130 @@
+class UsersController < ApplicationController
+  before_filter :get_user, :only => [:show, :history, :popup, :agenda, :edit, :update, :destroy]
+  respond_to :html, :js
+
+  def index
+    @users = User.search(params[:search]).paginate(:per_page => 40, :page => params[:page])
+  end
+
+  def show
+    @page = "general"
+    respond_to do |format|
+      format.js do
+        pages = ["general", "favorites", "computer", "articles", "movies", "teams", "matches", "predictions", "comments"]
+        if pages.include?(params[:page])
+          @page = params[:page]
+        end
+      end
+      format.html {}
+    end
+  end
+
+  def agenda
+    @teamer = Teamer.new
+    @teamer.user = @user
+  end
+
+  def history
+    raise AccessError unless cuser and cuser.admin?
+  end
+
+  def popup
+    render :layout => false
+  end
+
+  def new
+    @user = User.new
+    @user.profile = Profile.new
+    @user.lastip = request.env['REMOTE_ADDR']
+    @user.can_create? cuser
+  end
+
+  def edit
+    raise AccessError unless @user.can_update? cuser
+  end
+
+  def create
+    @user = User.new params[:user]
+    @user.lastvisit = Date.today
+    @user.lastip = request.env['REMOTE_ADDR']
+
+    raise AccessError unless @user.can_create? cuser
+
+    if @user.valid? and @user.save
+      @user.profile = Profile.new
+      @user.profile.user = @user
+      @user.profile.save()
+      redirect_to :action => :show, :id => @user.id
+      save_session @user
+    else
+      render :action => "new"
+    end
+  end
+
+  def update
+    raise AccessError unless @user.can_update? cuser
+    if @user.update_attributes params[:user]
+      flash[:notice] = t(:users_update)
+      redirect_to_back
+    else
+      render :action => "edit"
+    end
+  end
+
+  def destroy
+    raise AccessError unless @user.can_destroy? cuser
+    @user.destroy
+    redirect_to users_url
+  end
+
+  def login
+    return unless request.post?
+
+    if u = User.authenticate(params[:login][:username], params[:login][:password])
+      raise Error, t(:accounts_locked) if u.banned? Ban::TYPE_SITE
+
+      flash[:notice] = t(:login_successful)
+      save_session u
+
+      if session[:return_to]
+        return_to
+      else
+        redirect_to_back
+      end
+    else
+      flash[:error] = t(:login_unsuccessful)
+      redirect_to_back
+    end
+  end
+
+  def logout
+    if request.post?
+      session[:user] = nil
+      flash[:notice] = t(:login_out)
+      redirect_to :root
+    end
+  end
+
+  def forgot
+    if request.post?
+      if u = User.first(:conditions => {:username => params[:username], :email => params[:email]}) and u.send_new_password
+        flash[:notice] = t(:passwords_sent)
+      else
+        flash[:error] = t(:incorrect_information)
+      end
+    end
+  end
+
+  private
+
+  def get_user
+    @user = User.find(params[:id])
+  end
+
+  def save_session user
+    session[:user] = user.id
+    user.lastip = request.ip
+    user.lastvisit = DateTime.now
+    user.save()
+  end
+end