def authorise
    unless User.find_by_id(session[:user_id])
      flash[:notice] = "Please log in"
      redirect_to :controller => :account, :action => :login
    end
  end

  def fetch_user_details
    begin
    # Only attempt to fetch user object if user_id is valid:
    if User.find_by_id(session[:user_id])
      @user = User.find(session[:user_id])
    end
    rescue Exception => ex
      @user = nil
    end
  end

class AccountController < ApplicationController

  #  Before filter
  before_filter :authorise, :except => [:registration, :login]


  # Allows the blog owner to login
  def login

    # Has the form been posted yet?
    if request.post?

      # Check if the user details are valid:
      user = User.authenticate(params[:username], params[:password])
      # Check if current user has their account locked:
      user_locked = AccessLock.is_account_locked?(request.remote_ip)
      # Valid user object returned?
      if user and !user_locked
        # Store the user's id in a session variable:
        session[:user_id] = user.id
        # Ensure that the account lock is clean:
        AccessLock.clear_account request.remote_ip
        # Redirect to the main page
        redirect_to :controller => :post, :action => :view

      else
        # Want to increase the login attempt count, three attempts and the
        # user is locked out.
        if AccessLock.update_login_attempt(request.remote_ip)
          # The user has been locked for a short while...
          flash.now[:notice] = "Account has been locked."
        else
          flash.now[:notice] = "Invalid username or password, please try again."  
        end
      end
    end

  end

end

class PostController < ApplicationController

  # Setup filter
  before_filter :fetch_user_details
  before_filter :authorise, :only => [:create, :edit, :view, :preview]


  # #####################################################################################
  # Allows user to view all posts
  # #####################################################################################
  def view
    @all_posts = Post.paginate :page => params[:page], :per_page => 5, :order => "created_at DESC"
    @all_categories = Category.find(:all)
  end 
end

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<%= stylesheet_link_tag 'admin_master' %>
<title>96 Methods - User Login</title>
</head>


<body>
  <div id="wrapper">
    <div id="branding">
      <h1><span></span>96 methods</h1>
      <ul></ul>
    </div>
    <div id="content">
      <h2>Login</h2>
      <% if flash[:notice] -%>
        <p class="warning"><%= flash[:notice] %></p>
      <% end -%>
      <% form_tag do %>
        <p>
          <label for="username">Username:</label>
          <%= text_field_tag :username, params[:username], :class => 'textfield' %>
        </p>
        <p>
          <label for="password">Password:</label>
          <%= password_field_tag :password, nil, :class => 'textfield' %>
        </p>
        <p>
          <%= submit_tag 'Login' %>
        </p>
      <% end %>
      <p class="last"></p>
    </div>
    <div id="sideContent">
      <!--<h2></h2>-->

      <p class="info">You are currently logged out</p>

      <p class="last"></p>
    </div>

  </div> <!-- wrapper -->
</body>
</html>

<% @title = "View Posts" %>

<div id="content">
  <h2>All Posts</h2>
  <% if flash[:notice] %>
    <div id="notice">
      <%= flash[:notice] %>
    </div>
  <% end %>
  <table>
    <thead>
      <tr>
        <th class="title">Title</th>
        <th class="category">Categories</th>        
        <th class="status">Status</th>
        <th class="date">Date</th>
        <th colspan="2" class="comment">Comments Waiting</th>
        <th colspan="2" class="action">Actions</th>

      </tr>
    </thead>
    <tbody>
      <% for post in @all_posts %>
        <tr class="<%= cycle('odd', 'even') %>">
          <td class="title"><%= h(post.title)%></td>
          <td><%= post.categories.collect(&:title).join(", ") %></td>
          <% if post.published %>
            <td>PUBLISHED</td>
          <% else %>
            <td>DRAFT</td>
          <% end %>
          <td><%= post.get_formatted_creation_date %></td>
          <td><%= post.get_count_of_pending_comments %></td>
          <td><%= link_to "View", :controller => :comment, :action => :view, :post_id => post %></td>    
          <td><%= link_to "Edit", :controller => :post, :action => :edit, :post_id => post %></td>
          <td><%= link_to "Preview", :controller => :post, :action => :preview, :post_id => post %></td>    
        </tr>  
      <% end %>
    </tbody>
  </table>
  <%= will_paginate @all_posts %>

  <p class="last"></p>
</div> <!-- content -->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<%= stylesheet_link_tag 'admin_master' %>
<title>96 Methods - <%= @title %></title>
</head>


<body>
  <div id="wrapper">
    <div id="branding">
      <h1><span></span>96 methods</h1>
      <ul>
        <li><a href="/admin/blog" class="menu1test"><span></span>BLOG</a></li>
        <li><a href="/admin/news" class="menu2test"><span></span>NEWS</a></li>
        <li><a href="#" class="menu3test"><span></span>ABOUT</a></li>
      </ul>
    </div>

    <%= yield :layout %>
    <div id="sideContent">
      <h2><span></span>Actions</h2>
      <ul>
        <li><%= link_to "Write a new post",
          :controller => :post,
          :action => :create %></li>
        <li><%= link_to "Create a new category",
          :controller => :category,
          :action => :create %></li>    
      </ul>
      <p></p>
      <ul>
        <li><%= link_to "Logout",
          :controller => :account,
          :action => :logout %></li>
      </ul>
      <p class="last"></p>
    </div>
  </div> <!-- wrapper -->
</body>
</html>

ActionController::Routing::Routes.draw do |map|
  # The priority is based upon order of creation: first created -> highest priority.
  map.connect "blog", :controller => "post", :action => "view_recent_posts"
  map.connect "blog/category/:id", :controller => "post", :action => "view_by_category", :id => /\d+/  
  map.connect "blog/:id", :controller => "post", :action => "view_post"  

  map.connect "admin/blog", :controller => "post", :action => "view"
  map.connect "admin/blog/edit/:post_id", :controller => "post", :action => "edit"
  map.connect "admin/blog/preview/:post_id", :controller => "post", :action => "preview"
  map.connect "admin/blog/comment/view/:post_id", :controller => "comment", :action => "view"

  map.connect "admin/blog/comment/add/:post_id", :controller => "comment", :action => "add"


  map.connect "admin/news", :controller => "news", :action => "view"
  map.connect "admin/news/edit/:article_id", :controller => "news", :action => "edit"
  map.connect "admin/new/preview/:article_id", :controller => "news", :action => "preview" 


  map.connect "account/registration", :controller => "account", :action => "registration"
  map.connect "account/login", :controller => "account", :action => "login"
  map.connect "account/logout", :controller => "account", :action => "logout"


  map.connect "news", :controller => "news", :action => "view_recent_articles"
  map.connect "news/:id", :controller => "news", :action => "view_article" 

  map.connect "about", :controller => "about", :action => "about"

  map.connect "post/create", :controller => "post", :action => "create"
  map.connect "category/create", :controller => "category", :action => "create"

  map.connect '', :controller => "post" , :action => "view_recent_posts"
end