- •Утвержден
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •Исходный код шаблонов видов
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
- •02070743.00569-01 12 01
802070743.00569-01 12 01
#-------------------------------------------------------------------------------------application_controller.rb
class ApplicationController < ActionController::Base
# *Security Reminder: All actions listed here are still subject to authentication in the various
# controllers, so the user still has to be logged in to perform the particular action.
# These actions below should be secure.
# Pick а unique cookie name to distinguish our session data from others'
session :session_key => '_mystic_session_id'
#Global User Methods
def change_password
if request.post?
@user = session[:user]
if params[:user][:password].blank?#password is empty
flash[:message]= "<font color=red><image src=\"/images/icon_failure.png\"> Password cannot be blank!</font><br>"
redirect_to :controller => params[:controller] :action => 'edit_account'
else #password is filled
if params[:user][:password]!= params[:user][:password_confirmation] #password doesn't match!
flash[:message]= "<font color=red><image src=\"/images/icon_failure.png\"> Passwords do not match!</font><br>"
redirect_to :controller => params[:controller] :action => 'edit_account'
else#passwords match
@user.update_attributes(:password => params[:user][:password] :password_confirmation =>params[:user][:password_confirmation])
if @user.save
flash[:message]= "<font color=green><image src=\"/images/icon_success.png\"> Password changed successfully</font><br>"
redirect_to :controller => params[:controller] :action => 'edit_account'
end
end
end
end
end
def logout
session[:user]= nil
reset_session
flash[:message]= "<font color=green><image src=\"/images/icon_info.png\"> You have been logged out! Have а nice day.</font><br>"
redirect_to :controller => params[:controller] :action => "index" #redirect them to the controller they came from
end
def update_account
if request.post?
@user = User.find(session[:user][:id])
97
902070743.00569-01 12 01
if(@user.update_attribute(:first_name,
params[:user][:first_name]))
flash[:message] << "<font color=green><image src=\"/images/icon_success.png\"> Your first name was updated successfully!</font><br>"
end
if(@user.update_attribute(:last_name, params[:user][:last_name]))
flash[:message] << "<font color=green><image src=\"/images/icon_success.png\"> Your last name was updated successfully!</font><br>"
end
if(@user.update_attribute(:phone_number, params[:user][:phone_number]))
flash[:message] << "<font color=green><image src=\"/images/icon_success.png\"> Your phone number was updated successfully!</font><br>"
end
redirect_to :controller => params[:controller] :action => "edit_account"
end
end
end
#------------------------------------------------------------------------------------------admin_controller.rb
class AdminController < ApplicationController
before_filter :authenticate_user, :except => [:index :login, :create_new_user] #make sure the user is supposed to be here
def add_user
end
def ajax_post_box
render :layout => false
end
def ajax_edit_user
render :layout => false
end
def authenticate
#don't delete this action
end
def authenticate_user
if session[:user].nil? #There's definitely no user logged in
flash[:message]= "<font color=red><image src=\"/images/icon_failure.png\">You are not logged in or an admin!</font><br>"
redirect_to :action => "index"
else #there's а user logged in, but what type is he?
@user = User.find(session[:user][:id]) # make sure user is in db, make sure they're not spoofing а session id
if(@user.type_id == 0) #make sure user is an admin(0=admin)
98