barleysodas/app/controllers/sessions_controller.rb

class SessionsController < ApplicationController
  def new
    @content_title = 'Log In'
    @secondary_title = ''
  end
  
  def create
    @people = People.authenticate(params[:login], params[:password])
    if @people
      session[:people_title] = @people.title
      session[:people_id] = @people.id
      respond_to do |format|
        format.html {
          flash[:notice] = "Welcome, #{@people.title}"
          if session[:request_url]
            t_url = session[:request_url]
            session[:request_url] = nil
            redirect_to t_url
          else
            redirect_to pages_path
          end
        }
        format.xml { head :ok }
      end
    else
      respond_to do |format|
        format.html {
          @content_title = 'Log In'
          @secondary_title = ''
          flash.now[:error] = 'Login failed, try again.'
          render :action => 'new'
        }
        format.xml { render :xml => @beer.errors.to_xml, :status => 400 }
      end
    end
  end
  
  def destroy
    reset_session
    flash[:notice] = 'You have logged out.'
    redirect_to pages_path
  end
  
  protected
  
  ##
  # Always allow People to log in and out of the system.
  #
  def authorized?
    true
  end
end