+ def login
+ if params[:user]
+ email = params[:user][:email]
+ pass = params[:user][:password]
+ u = User.authenticate(email, pass)
+ if u
+ u.token = User.make_token
+ u.timeout = 1.day.from_now
+ u.save
+ session[:token] = u.token
+ redirect_to :controller => 'site', :action => 'index'
+ return
+ else
+ flash[:notice] = "Couldn't log in with those details"
+ end
+ end
+ end
+
+ def logout
+ if session[:token]
+ u = User.find_by_token(session[:token])
+ if u
+ u.token = User.make_token
+ u.timeout = Time.now
+ u.save
+ end
+ end
+ session[:token] = nil
+ redirect_to :controller => 'site', :action => 'index'
+ end
+
+ def confirm
+ @user = User.find_by_token(params[:confirm_string])
+ if @user && @user.active == 0
+ @user.active = true
+ @user.save
+ flash[:notice] = 'Confirmed your account, thanks for signing up!'
+
+ #FIXME: login the person magically
+
+ redirect_to :action => 'login'
+ else
+ flash[:notice] = 'Something went wrong confirming that user'
+ end
+ end
+
+ def preferences
+ if request.get?
+ render_text @user.preferences
+ elsif request.post? or request.put?
+ @user.preferences = request.raw_post
+ @user.save!
+ render :nothing => true
+ else
+ render :status => 400, :nothing => true
+ end