authlogic FTW!

app/controllers/admin/application_controller.rb

@@ -1,8 +0,0 @@
-class Admin::ApplicationController < ApplicationController
-  
-  
-  protected
-  
-	before_filter :login_required
-  
-end

app/controllers/application_controller.rb

@@ -5,16 +5,44 @@ class ApplicationController < ActionController::Base
   helper :all # include all helpers, all the time
   protect_from_forgery # See ActionController::RequestForgeryProtection for details
 
-  # Scrub sensitive parameters from your log
-  # filter_parameter_logging :password
-  
-  protected
+  filter_parameter_logging :password, :password_confirmation
+  helper_method :current_user, :current_user_session
 
-  def set_current_person
-    @current_user = session[:user]
-  end
+  private
+    def current_user_session
+      return @current_user_session if defined?(@current_user_session)
+      @current_user_session = UserSession.find
+    end
 
-  def login_required
-   redirect_to(login_path) unless @current_user
- end
+    def current_user
+      return @current_user if defined?(@current_user)
+      @current_user = current_user_session && current_user_session.user
+    end
+
+    def require_user
+      unless current_user
+        store_location
+        flash[:notice] = "You must be logged in to access this page"
+        redirect_to new_user_session_url
+        return false
+      end
+    end
+ 
+    def require_no_user
+      if current_user
+        store_location
+        flash[:notice] = "You must be logged out to access this page"
+        redirect_to account_url
+        return false
+      end
+    end
+    
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+    
+    def redirect_back_or_default(default)
+      redirect_to(session[:return_to] || default)
+      session[:return_to] = nil
+    end  
 end

app/controllers/user_sessions_controller.rb

@@ -0,0 +1,24 @@
+class UserSessionsController < ApplicationController
+  before_filter :require_no_user, :only => [:new, :create]
+  before_filter :require_user, :only => :destroy
+  
+  def new
+    @user_session = UserSession.new
+  end
+  
+  def create
+    @user_session = UserSession.new(params[:user_session])
+    if @user_session.save
+      flash[:notice] = "Login successful!"
+      redirect_back_or_default account_url
+    else
+      render :action => :new
+    end
+  end
+  
+  def destroy
+    current_user_session.destroy
+    flash[:notice] = "Logout successful!"
+    redirect_back_or_default new_user_session_url
+  end
+end

app/controllers/users_controller.rb

@@ -0,0 +1,36 @@
+class UsersController < ApplicationController
+  before_filter :require_no_user, :only => [:new, :create]
+  before_filter :require_user, :only => [:show, :edit, :update]
+
+  def new
+    @user = User.new
+  end
+  
+  def create
+    @user = User.new(params[:user])
+    if @user.save
+      flash[:notice] = "Account registered!"
+      redirect_back_or_default account_url
+    else
+      render :action => :new
+    end
+  end
+  
+  def show
+    @user = @current_user
+  end
+ 
+  def edit
+    @user = @current_user
+  end
+  
+  def update
+    @user = @current_user # makes our views "cleaner" and more consistent
+    if @user.update_attributes(params[:user])
+      flash[:notice] = "Account updated!"
+      redirect_to account_url
+    else
+      render :action => :edit
+    end
+  end
+end