kplandes/_form.html

## _form.html
    <h2>Sign up</h2>
    <%= form_for @user do |f| %>
      <% if @user.errors.any? %>
      <div id="error_explanation">
        <h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
        <ul>
        <% @user.errors.full_messages.each do |msg| %>
          <li><%= msg %></li>
        <% end %>
        </ul>
      </div>
      <% end %>
        <%= f.text_field :username, placeholder: 'User Name' %>
        <%= f.password_field :password, placeholder: 'Password' %>
        <%= f.password_field :password_confirmation, placeholder: 'Confirm Password' %>
        <%= f.text_field :first_name, placeholder: 'First Name' %>
        <%= f.text_field :last_name, placeholder: 'Last Name' %>
        <%= f.text_field :email, placeholder: 'Email' %>
        <%= f.text_field :location, placeholder: 'Location' %>
        <%= f.submit "Sign Up", class: "button" %>
    <% end %>


      <h2>Log In</h2>
      <%= form_tag login_path do %>
        <%= text_field_tag :username, nil, placeholder: 'User Name' %>
        <%= password_field_tag :password, nil, placeholder: 'Password' %>
        <%= submit_tag "Log In", class: "button" %>
      <% end %>

## application.html.erb
  ...

  <% if current_user %>
    <div>Welcome back, <%= current_user.username %></div>
    <%= link_to "Log Out", logout_path, method: :delete, class: "button" %>
  <%end %>

  <% flash.each do | name, message | %>
    <div class="<%= name %>"><%= message %></div>
  <% end %>

    ...

## application_controller.rb
class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  # Access methods in views (erb)
  helper_method :current_user

  def current_user
    if session[:current_user_id]
      User.find session[:current_user_id]
    else
      nil
    end
  end

end

## index.html.erb
<%= render 'form' %>

## routes.rb
Rails.application.routes.draw do
  root 'welcome#index'

  post "/login" => "sessions#create"
  delete "/logout" => "sessions#destroy"

  resources :users

end

## sessions_controller.rb
class SessionsController < ApplicationController
  def new
    # my login form
  end

  def create
    @user = User.find_by :username => params[:username]

    if @user.nil?
    	flash[:error] = "Username does not exist, try again."
      redirect_to users_path
    elsif @user.authenticate(params[:password])
    	session[:current_user_id] = @user.id
    	redirect_to root_url, :success => "You are logged in. Welcome!"
    else
    	flash[:error] = "Password is incorrect, try again."
      redirect_to users_path
    end
  end

  def destroy
    session[:current_user_id] = nil
    redirect_to users_path, :success => "You are logged out. See you later!"
  end
end

## user.rb
class User < ActiveRecord::Base

  has_secure_password

end
	<h2>Sign up</h2>
	<%= form_for @user do \|f\| %>
	<% if @user.errors.any? %>
	<div id="error_explanation">
	<h2><%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:</h2>
	<ul>
	<% @user.errors.full_messages.each do \|msg\| %>
	<li><%= msg %></li>
	<% end %>
	</ul>
	</div>
	<% end %>
	<%= f.text_field :username, placeholder: 'User Name' %>
	<%= f.password_field :password, placeholder: 'Password' %>
	<%= f.password_field :password_confirmation, placeholder: 'Confirm Password' %>
	<%= f.text_field :first_name, placeholder: 'First Name' %>
	<%= f.text_field :last_name, placeholder: 'Last Name' %>
	<%= f.text_field :email, placeholder: 'Email' %>
	<%= f.text_field :location, placeholder: 'Location' %>
	<%= f.submit "Sign Up", class: "button" %>
	<% end %>


	<h2>Log In</h2>
	<%= form_tag login_path do %>
	<%= text_field_tag :username, nil, placeholder: 'User Name' %>
	<%= password_field_tag :password, nil, placeholder: 'Password' %>
	<%= submit_tag "Log In", class: "button" %>
	<% end %>
	...

	<% if current_user %>
	<div>Welcome back, <%= current_user.username %></div>
	<%= link_to "Log Out", logout_path, method: :delete, class: "button" %>
	<%end %>

	<% flash.each do \| name, message \| %>
	<div class="<%= name %>"><%= message %></div>
	<% end %>

	...
	class ApplicationController < ActionController::Base
	# Prevent CSRF attacks by raising an exception.
	# For APIs, you may want to use :null_session instead.
	protect_from_forgery with: :exception

	# Access methods in views (erb)
	helper_method :current_user

	def current_user
	if session[:current_user_id]
	User.find session[:current_user_id]
	else
	nil
	end
	end

	end
	Rails.application.routes.draw do
	root 'welcome#index'

	post "/login" => "sessions#create"
	delete "/logout" => "sessions#destroy"

	resources :users

	end
	class SessionsController < ApplicationController
	def new
	# my login form
	end

	def create
	@user = User.find_by :username => params[:username]

	if @user.nil?
	flash[:error] = "Username does not exist, try again."
	redirect_to users_path
	elsif @user.authenticate(params[:password])
	session[:current_user_id] = @user.id
	redirect_to root_url, :success => "You are logged in. Welcome!"
	else
	flash[:error] = "Password is incorrect, try again."
	redirect_to users_path
	end
	end

	def destroy
	session[:current_user_id] = nil
	redirect_to users_path, :success => "You are logged out. See you later!"
	end
	end