class SessionsController < ApplicationController
  layout "authentication"
  
  def new
  end

  def create
    user = User.find_by(user_name: params[:user_name]) rescue nil
    if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true))
      if user.is_approved?
        session[:user_id] = user.id
        redirect_to admin_dashboards_path, :notice => "Logged in!"
      elsif user.is_admin?
        session[:user_id] = user.id
        redirect_to admin_dashboards_path, :notice => "Logged in!"
      else
        flash.now.alert = "User not approved."
        render "new"
      end
    else
      flash.now.alert = "Invalid username or password"
      render "new"
    end
  end

  def destroy
    log_user_action
    session[:user_id] = nil
    redirect_to root_url, :notice => "Logged out!"
  end
end