stevesohcot · January 30, 2016 19:18
diff --git a/application_controller.rb b/application_controller.rb
 class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  #protect_from_forgery with: :exception

  before_action :require_authentication # will happen for ALL controllers/actions
 
  private

  def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
  end

  # this is a macro (trick) to allow you to use the to use the method in the view
  helper_method(:current_user)

  def login(user)

    # used in both activate and sessions
    session[:user_id] = user.id

    # Track the user logged in - perhaps with Segment.IO / MixPanel

  end

  def logged_in?
    !logged_out?
  end

  def logged_out?
    current_user.nil?
  end

  def remember_me(user)
    cookies.signed[:user_id] = { value: user.id, expires: 6.months.from_now }
    cookies.signed[:user_hash] = { value: user.user_hash, expires: 6.months.from_now }
  end


  def check_if_remembered

    # If the user is logged out, but the cookies indicate they could be logged in,
    # then authenticate them
    user_id_attempted   = cookies.signed[:user_id]
    user_hash_attempted = cookies.signed[:user_hash]

    begin 
      u = User.find(user_id_attempted)
      real_hash = u.user_hash
    rescue StandardError
      real_hash = ''
    end

    if user_hash_attempted == real_hash then
      login(u)
    end
      
  end


  def forget_me
    cookies.delete :user_id
    cookies.delete :user_hash
  end


  def require_authentication
    
    if logged_out?
      check_if_remembered
    end

    if current_user
      # they're already logged in
    else
      # they're not logged in
      redirect_to signup_url, :alert => "Please sign up or log in first"
    end

  end


 end
	class ApplicationController < ActionController::Base
	# Prevent CSRF attacks by raising an exception.
	# For APIs, you may want to use :null_session instead.
	#protect_from_forgery with: :exception

	before_action :require_authentication # will happen for ALL controllers/actions

	private

	def current_user
	@current_user \|\|= User.find(session[:user_id]) if session[:user_id]
	end

	# this is a macro (trick) to allow you to use the to use the method in the view
	helper_method(:current_user)

	def login(user)

	# used in both activate and sessions
	session[:user_id] = user.id

	# Track the user logged in - perhaps with Segment.IO / MixPanel

	end

	def logged_in?
	!logged_out?
	end

	def logged_out?
	current_user.nil?
	end

	def remember_me(user)
	cookies.signed[:user_id] = { value: user.id, expires: 6.months.from_now }
	cookies.signed[:user_hash] = { value: user.user_hash, expires: 6.months.from_now }
	end


	def check_if_remembered

	# If the user is logged out, but the cookies indicate they could be logged in,
	# then authenticate them
	user_id_attempted = cookies.signed[:user_id]
	user_hash_attempted = cookies.signed[:user_hash]

	begin
	u = User.find(user_id_attempted)
	real_hash = u.user_hash
	rescue StandardError
	real_hash = ''
	end

	if user_hash_attempted == real_hash then
	login(u)
	end

	end


	def forget_me
	cookies.delete :user_id
	cookies.delete :user_hash
	end


	def require_authentication

	if logged_out?
	check_if_remembered
	end

	if current_user
	# they're already logged in
	else
	# they're not logged in
	redirect_to signup_url, :alert => "Please sign up or log in first"
	end

	end


	end