Implement full login logic.

app/controllers/users_controller.rb

@@ -9,20 +9,28 @@ class UsersController < ApplicationController
 
   def login
     if request.post?
-      if params[:username].nil? || params[:username].empty? ||
-         params[:password].nil? || params[:password].empty?
+      if params[:username].blank? || params[:password].blank?
         flash.now[:alert] = 'Both a character name and password are required.'
         render 'login' and return
       end
+
       user = User.find_by(name: params[:username])
       if user.nil? || !user.authenticate(params[:password])
         flash.now[:alert] = 'Incorrect character name or password.'
         render 'login' and return
       end
 
-      flash.now[:alert] = 'Login successful.'
-      render 'login' and return
-      # redirect_to root_url
+      allow_non_corp = AdminSettings.get_bool(:allow_non_corp)
+      if !allow_non_corp && !user.in_corp? && !user.admin?
+        corp_name = AdminSettings.get_bool(:corp_name)
+        flash[:alert] = "You are not a member of #{corp_name}, and access to "\
+                        "this site is disallowed for non-corp members."
+        redirect_to root_url and return
+      end
+
+      session[:user_id] = user.id
+      flash[:notice] = 'Login successful!'
+      redirect_to root_url
     end
   end
 

app/models/admin_setting.rb

@@ -28,9 +28,10 @@ class AdminSetting < ActiveRecord::Base
 
   def self.set(key, value)
     existing = self.get(key)
-    return if existing.nil? || existing == value
+    return false if existing.nil? || existing == value
     self.find_by(key: key).update(value: value)
     Rails.cache.write("admin_setting/#{key}", value)
+    true
   end
 
   def self.set_bool(key, value)

app/models/user.rb

@@ -14,7 +14,7 @@ class User < ActiveRecord::Base
   end
 
   def in_corp?
-    member_of? AdminSettings.get(:corp_id)
+    member_of? AdminSettings.get(:corp_id).to_i
   end
 
   def member_of?(corp_id)