# just display the form and wait for user to
  # enter a name and password
  #START:login
  def login
    if request.post?
      user = User.authenticate(params[:name], params[:password])
      if user
        session[:user_id] = user.id
        redirect_to(admin_url)
      else
        flash.now[:notice] = "Invalid user/password combination"
      end
    end
  end
  #END:login

  #START:logout
  def logout
    session[:user_id] = nil
    flash[:notice] = "Logged out"
    redirect_to(login_url)
  end
  #END:logout

  #START:admin
  def admin
    @total_orders = Order.count
  end
  #END:admin