class UsersController < ApplicationController

  def signup
    if request.post?
      # do user create logic
      redirect_to root_url
    end
  end

  def login
    if request.post?
      if params[:email].blank? || params[:password].blank?
        flash.now[:alert] = 'Both an email and a password are required.'
        render 'login' and return
      end

      user = User.find_by(email: params[:email])
      if user.nil? || !user.authenticate(params[:password])
        flash.now[:alert] = 'Incorrect email address or password.'
        render 'login' and return
      end

      allow_non_corp = AdminSetting.get_bool(:allow_non_corp)
      if !allow_non_corp && !user.in_corp? && !user.admin?
        corp_name = AdminSetting.get(:corp_name)
        flash[:alert] = "You are not a member of #{corp_name}, and access to "\
                        "this site is disallowed for non-corp members."
        redirect_to root_url and return
      end

      session[:user_id] = user.id
      flash[:notice] = 'Login successful!'
      redirect_to root_url
    end
  end

  def logout
    if request.post?
      session.delete(:user_id)
      flash[:notice] = 'Logout successful!'
      redirect_to root_url
    end
  end

  def reset
    if request.post?
      # do user reset logic
    end
  end

  def settings
    if request.post?
      # do settings save logic
    end
  end
end