ensl.org/app/controllers/users_controller.rb

class UsersController < ApplicationController
  before_filter :get_user, only: [:show, :history, :popup, :agenda, :edit, :update, :destroy]
  respond_to :html, :js

  def index
    @users = User.search(params[:search]).paginate(per_page: 40, page: params[:page])
  end

  def show
    @page = "general"
    respond_to do |format|
      format.js do
        pages = ["general", "favorites", "computer", "articles", "movies", "teams", "matches", "predictions", "comments"]
        if pages.include?(params[:page])
          @page = params[:page]
        end
      end
      format.html {}
    end
  end

  def agenda
    @teamer = Teamer.new
    @teamer.user = @user
  end

  def history
    raise AccessError unless cuser and cuser.admin?
  end

  def popup
    render layout: false
  end

  def new
    @user = User.new
    @user.profile = Profile.new
    @user.lastip = request.env['REMOTE_ADDR']
    @user.can_create? cuser
  end

  def edit
    raise AccessError unless @user.can_update? cuser
  end

  def create
    @user = User.new params[:user]
    @user.lastvisit = Date.today
    @user.lastip = request.env['REMOTE_ADDR']

    raise AccessError unless @user.can_create? cuser

    if @user.valid? and @user.save
      @user.profile = Profile.new
      @user.profile.user = @user
      @user.profile.save!
      redirect_to action: :show, id: @user.id
      save_session @user
    else
      render :new
    end
  end

  def update
    raise AccessError unless @user.can_update? cuser
    if @user.update_attributes params[:user]
      flash[:notice] = t(:users_update)
      redirect_to_back
    else
      render :edit
    end
  end

  def destroy
    raise AccessError unless @user.can_destroy? cuser
    @user.destroy
    redirect_to users_url
  end

  def login
    return unless request.post?

    if u = User.authenticate(params[:login][:username].downcase, params[:login][:password])
      raise Error, t(:accounts_locked) if u.banned? Ban::TYPE_SITE

      flash[:notice] = t(:login_successful)
      save_session u

      if session[:return_to]
        return_to
      else
        redirect_to_back
      end
    else
      flash[:error] = t(:login_unsuccessful)
      redirect_to_back
    end
  end

  def logout
    if request.post?
      session[:user] = nil
      flash[:notice] = t(:login_out)
      redirect_to :root
    end
  end

  def forgot
    if request.post?
      if u = User.first(:conditions => {:username => params[:username], :email => params[:email]}) and u.send_new_password
        flash[:notice] = t(:passwords_sent)
      else
        flash[:error] = t(:incorrect_information)
      end
    end
  end

  private

  def get_user
    @user = User.find(params[:id])
  end

  def save_session user
    session[:user] = user.id
    user.lastip = request.ip
    user.lastvisit = DateTime.now
    user.save()
  end
end