5 files changed, 56 insertions, 102 deletions
diff --git a/app/assets/stylesheets/patch b/app/assets/stylesheets/patch
deleted file mode 100644
index 0997417..0000000
--- a/app/assets/stylesheets/patch
+++ /dev/null
@@ -1,54 +0,0 @@
-commit 10f01633176ca214e7aec6be61ed3344035ec77e
-Merge: 99dff7e 20f7b74
-Author: webb39 <webb39@purdue.edu>
-Date:   Mon Mar 10 20:41:27 2014 -0400
-
-    Merge branch 'master' of https://github.com/LukeShu/Leaguer
-
-commit 99dff7e01a65986338824804651367e97a0d1923
-Merge: 1f00553 f0c03cd
-Author: webb39 <webb39@purdue.edu>
-Date:   Mon Mar 10 20:41:16 2014 -0400
-
-    Merge https://github.com/LukeShu/Leaguer
-    
-    Conflicts:
-    	doc/Sprint1-Retrospective.md
-
-commit 1f00553cbc5d281efe3ac1b434d16537a17bc969
-Author: webb39 <webb39@purdue.edu>
-Date:   Mon Mar 10 20:36:31 2014 -0400
-
-    added match controller information
-
-diff --git a/doc/Sprint1-Retrospective.md b/doc/Sprint1-Retrospective.md
-index 3da3669..ae1b07a 100644
---- a/doc/Sprint1-Retrospective.md
-+++ b/doc/Sprint1-Retrospective.md
-@@ -97,13 +97,24 @@ f
- f
- 
- ## Login (UI) {#login-ui}
--
-+  
- ## Tournament settings {#tourney-settings}
--
-+  
- ## Tournament registration {#tourney-registration}
- 
- ## Match controller {#match-controller}
- 
-+The Match Controller creates the separate matches for a specific tournament.
-+When a tournament is started, it begins with an initial match that contains
-+no players.  Currently, a player must join a match by entering the specific
-+tournament (by clicking the 'show' button on the tournament), 
-+then they must enter the match (again by clicking the 'show' button but this
-+time on the match they desire to participate in) and then finally clicking
-+the 'join' button.  This updates the match with the user as a participant in
-+the matc and then finally clicking the 'join' button.  This updates the match
-+with the user as a participant in the match.  A match can also be destroyed 
-+by clicking the 'delete' button on the no longer desired match on the page.
-+
- ## Permissions system {#permissions}
- 
- ## Tournament view {#tourney-view}
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index dfaeebc..5d96b3e 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -2,26 +2,24 @@ class SessionsController < ApplicationController
 
 	# GET /sessions/new
 	def new
-		@user = User.new
-		#@session = Session.new
 	end
 
 	# POST /sessions
 	# POST /sessions.json
 	def create
 		# find the user...
-		@user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email])
+		user = User.find_by_email(params[:username_or_email].to_s) || User.find_by_user_name(params[:username_or_email].to_s)
 
 		#@session = Session.new(@user)
 		# ... and create a new session
 		respond_to do |format|
-			if @user && @user.authenticate(params[:session][:password])
-				sign_in @user
-				format.html { redirect_to root_path }
+			if user && user.authenticate(params[:password].to_s)
+				sign_in user
+				format.html { redirect_to root_path, notice: "Welcome, #{user.name}" } # TODO; previous URL
 				#format.json { # TODO }
 			else
 				format.html { render action: 'new' }
-				format.json { render json: @user.errors, status: :unprocessable_entity }
+				format.json { render json: user.errors, status: :unprocessable_entity }
 			end
 		end
 	end
@@ -38,14 +36,23 @@ class SessionsController < ApplicationController
 	end
 
 	private
-	# Use callbacks to share common setup or constraints between actions.
-	def set_session
-		@token = Session.hash_token(cookies[:remember_token])
-		@session = Session.find_by(token: @token)
+
+	# Only allow creating a session if not logged in.
+	def check_create
+		unless current_user.nil?
+			respond_to do |format|
+				format.html { redirect_to root_path, notice: "You are already logged in" } # TODO: previous URL
+				format.json { render json: {"errors" => ["already logged in"]}, status: :forbidden }
+			end
+		end
 	end
 
-	# Never trust parameters from the scary internet, only allow the white list through.
-	def session_params
-		params.require(:session).permit(:session_email, :session_user_name, :session_password)
+	def check_delete
+		unless signed_in?
+			respond_to do |format|
+				format.html { redirect_to root_path, notice: "You are not logged in" } # TODO: previous URL
+				format.json { render json: {"errors" => ["not logged in"]}, status: :forbidden }
+			end
+		end
 	end
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 499e988..7599a0a 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -2,25 +2,24 @@ require 'user'
 
 module SessionsHelper
 	def sign_in(user)
-		@session = Session.new(user: user)
-		raw_token = @session.create_token
-		@session.save # FIXME: error handling
+		session = Session.new(user: user)
+		raw_token = session.create_token
+		session.save!
 
-		@token = Session.hash_token(raw_token)
+		token = Session.hash_token(raw_token)
 		cookies.permanent[:remember_token] = { value: raw_token, expires: 20.minutes.from_now.utc }
+	end
 
-		#set the current user to be the given user
-		@current_user = user
+	def current_session
+		Session.find_by(token: Session.hash_token(cookies[:remember_token]))
 	end
 
-	# sets the @current_user instance virable to the user corresponding
+	# sets the @current_user instance varable to the user corresponding
 	# to the remember token, but only if @current_user is undefined
 	# since the remember token is hashed, we need to hash the cookie
 	# to find match the remember token
 	def current_user
-		@token ||= Session.hash_token(cookies[:remember_token])
-		@session ||= Session.find_by(token: @token)
-		@current_user ||= (@session.nil? ? User::NilUser.new : @session.user)
+		return (current_session.nil? ? User::NilUser.new : current_session.user)
 	end
 
 	# checks if someone is currently signed in
@@ -30,9 +29,8 @@ module SessionsHelper
 
 	def sign_out
 		if signed_in?
-			@session.destroy
+			current_session.destroy
 		end
-		@current_user = User::NilUser.new
 		cookies.delete(:remember_token)
 	end
 
diff --git a/app/models/match.rb b/app/models/match.rb
index 65e2047..cdfa0d7 100644
--- a/app/models/match.rb
+++ b/app/models/match.rb
@@ -19,7 +19,7 @@ class Match < ActiveRecord::Base
 	# such that the match may be considered finished.
 	def finished?
 		ok = true
-		tournament_stage.scoring.stats_needed.each do |stat|
+		tournament_stage.scoring.stats_needed(self).each do |stat|
 			self.users.each do |user|
 				ok &= statistics.where(match: self, user: user, name: stat)
 			end
@@ -87,7 +87,7 @@ class Match < ActiveRecord::Base
 	def figure_sampling_methods
 		if @sampling_methods.nil?
 			data = {}
-			needed = self.tournament_stage.scoring.stats_needed
+			needed = self.tournament_stage.scoring.stats_needed(self)
 			methods_names = self.tournament_stage.tournament.sampling_methods
 			methods_names.each do |method_name|
 				method_class = "Sampling::#{method_name.camelcase}".constantize
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index ff27762..97f09b6 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -1,23 +1,26 @@
 <h1>Sign in</h1>
-<% if @user.nil? %>
-  <p class="errors"> The email/username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current email/username and password. </p>
-<% end %>
 
-  <div class="span6 offset3">
-    <%= form_for(:session, url: sessions_path) do |f| %>
-    <p>
-      <%= f.label(:username_or_email, "Username/Email") %><br/>
-      <%= f.text_field :username_or_email%>
-    </p>
-    <p>
-      <%= f.label :password %><br/>
-      <%= f.password_field :password %>
-    </p>
-    <p>
-      <%= f.submit "Log in", class: "signin" %>
-    </p>
-    <% end %>
-
-    <p>New user? <%= link_to("Sign up now!", new_user_path) %></p>
-  </div>
+<div>
+	<%= form_tag(sessions_path, method: :post, id: :new_session) do %>
+		<% if params[:action] == "create" %>
+			<div id="error_explanation">
+				<p>The username/password pair you entered did
+				not match our records.  Check your typing and
+				try again.</p>
+			</div>
+		<% end %>
+		<p>
+			<%= label_tag(:username_or_email, "Username/Email") %><br/>
+			<%= text_field_tag(:username_or_email) %>
+		</p>
+		<p>
+			<%= label_tag(:password) %><br/>
+			<%= password_field_tag(:password) %>
+		</p>
+		<p>
+			<%= submit_tag("Log in", class: :signin) %>
+		</p>
+	<% end %>
 
+	<p>New user? <%= link_to("Sign up now!", new_user_path) %></p>
+</div>