class SessionsController < ApplicationController
  layout "authentication"
  
  def new
    if session[:user_id]
      redirect_to admin_dashboards_path
    end
  end

  def create
    user = User.find_by(user_name: params[:user_name]) rescue nil
    if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true))
      if user.is_approved? || user.is_admin?
        session[:user_id] = user.id
        session[:login_referer] = nil
        if params[:referer_url]
          redirect_to URI.parse(params[:referer_url]).path
        else
          redirect_to admin_dashboards_path
        end
      else
        flash.now.alert = "User not approved."
        render "new"
      end
    else
      flash.now.alert = "Invalid username or password"
      render "new"
    end
  end

  def destroy
    log_user_action
    session[:user_id] = nil
    redirect_to root_url
  end
end