2 files changed, 30 insertions, 30 deletions

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 824f6f77b..fb56497f4 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -6,7 +6,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: application.rb,v 1.21 2007-11-01 05:35:43 francis Exp $
+# $Id: application.rb,v 1.22 2007-11-01 14:45:56 francis Exp $
 
 
 class ApplicationController < ActionController::Base
@@ -21,9 +21,9 @@ class ApplicationController < ActionController::Base
     # Check the user is logged in
     def authenticated?
         unless session[:user]
-            session[:intended_uri] = request.request_uri
-            session[:intended_params] = params
-            redirect_to signin_url
+            post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params)
+            post_redirect.save!
+            redirect_to signin_url(:token => post_redirect.token)
             return false
         end
         return true
@@ -34,12 +34,13 @@ class ApplicationController < ActionController::Base
         return User.find(session[:user])
     end
 
-    # Do a POST redirect. This is a nasty hack - we store the posted values to
-    # the controller, and when the GET redirect with "?post_redirect=1"
-    # happens, load them in.
-    def post_redirect(uri, params)
+    # Do a POST redirect. This is a nasty hack - we store the posted values in
+    # the session, and when the GET redirect with "?post_redirect=1" happens,
+    # load them in.
+    def do_post_redirect(uri, params)
         session[:post_redirect_params] = params
-        # XXX what is built in Ruby URI munging function?
+        # XXX what is the built in Ruby URI munging function that can do this
+        # choice of & vs. ? more elegantly than this dumb if statement?
         if uri.include?("?")
             uri += "&post_redirect=1"
         else
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 084bbbc81..2f12c8319 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: user_controller.rb,v 1.7 2007-10-31 17:25:29 francis Exp $
+# $Id: user_controller.rb,v 1.8 2007-11-01 14:45:56 francis Exp $
 
 class UserController < ApplicationController
     # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below
@@ -16,31 +16,35 @@ class UserController < ApplicationController
     def signin
         # The explict signin link uses this to store where it is to go back to
         if params[:r]
-            session[:intended_uri] = params[:r]
-            session[:intended_params] = nil
+            post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {})
+            post_redirect.save!
+            params[:token] = post_redirect.token
         end
 
         if not params[:user] 
             # First time page is shown
-            render :template => 'user_accounts/signin' and return
+            render :template => 'user_accounts/signin' 
+            return
         else
             @user = User.authenticate(params[:user][:email], params[:user][:password])
             if @user
                 # Successful login
                 session[:user] = @user.id
-                post_redirect session[:intended_uri], session[:intended_params] and return
+                post_redirect = PostRedirect.find_by_token(params[:token])
+                do_post_redirect post_redirect.uri, post_redirect.post_params
+                return
             else
                 if User.find(:first, :conditions => [ "email = ?", params[:user][:email] ])
                     # Failed to authenticate
                     flash[:error] = "Password not correct, please try again"
                     @user = User.new(params[:user])
-                    render :template => 'user_accounts/signin' and return
+                    render :template => 'user_accounts/signin' 
+                    return
                 else 
-                    # "I am new to FOIFA"
-                    session[:email] = params[:user][:email]
-                    session[:password] = params[:user][:password]
-                    session[:first_time] = true
-                    redirect_to :action => 'signup' and return
+                    # Create a new account
+                    params[:first_time] = true
+                    self.signup
+                    return
                 end
             end
         end
@@ -48,25 +52,20 @@ class UserController < ApplicationController
 
     # Create new account form
     def signup
-        # Default to value saved from signin form
-        params[:user] ||= { :email => session[:email] }
-        params[:user] ||= { :password => session[:password] }
-
         # Make the user and try to save it
         @user = User.new(params[:user])
         if not @user.save
             # First time get to form (e.g. from signin) , don't show errors
-            if session[:first_time]
-                @first_time = true
-                @user.errors.clear
-                session[:first_time] = false
-            end
+            @first_time = params[:first_time]
+            @user.errors.clear if @first_time
             # Show the form
             render :template => 'user_accounts/signup'
         else
             # New user made, redirect back to where we were
             session[:user] = @user.id
-            post_redirect session[:intended_uri], session[:intended_params] and return
+            post_redirect = PostRedirect.find_by_token(params[:token])
+            do_post_redirect post_redirect.uri, post_redirect.post_params
+            return
         end
     end