class LoginController < ApplicationController

  def index
  end

  def logout
    reset_session
    flash[:notice] = "You have logged out"
    redirect_to :controller => 'people'
  end
  
  def check_credentials
    if params[:login]
      username = params[:login][:username]
      passwd = params[:login][:passwd]
    else
      username = passwd = nil
    end
    
    # Default state is NOT to be logged in.
    session[:logged_in] = false

    user = User.authenticate(username, passwd)
    unless user.nil?
      # Set a marker in the session to show user is logged in.
      session[:logged_in] = true
      
      # Set a login success notice.
      flash[:notice] = "You have logged in successfully"
      
      # Store the login date and time.
      user.last_login = Time.now
      user.save

      # Store the user in the session.
      session[:user] = user

      # Set the destination to the protected page originally 
      # requested, or to the list of people if coming in fresh.
      destination = session[:destination] || 
        {:controller => 'people'}
    else
      # Redirect back to the login form.
      destination = {:controller => 'login'}
      
      # Set a login failure notice.
      flash[:notice] = "Your username and/or password were not recognised"
    end

    redirect_to destination
  end
end