I can't seem to figure out what I am doing wrong here. I have implemented the Super Simple Authentication from Ryan Bates tutorial and while the login portion is functioning correctly, I can't get an error message and redirect to happen correctly for a bad login.

Ryan Bates admits in his comments he left this out but can't seem to implement his recommendation. Basically what is happening is that when someone logs in correctly it works. When a bad password is entered it does the same redirect and flashes 'successfully logged in' thought they are not. The admin links do not show (which is correct and are the links protected by the <% if admin? %>) but I need it to say 'failed login' and redirect to login path. Here is my code:

SessionsController

class SessionsController < ApplicationController
   def create
      if 
      session[:password] = params[:password]
      flash[:notice] = 'Successfully logged in'
      redirect_to posts_path
    else
      flash[:notice] = "whoops"
      redirect_to login_path
    end
  end

    def destroy
      reset_session
      flash[:notice] = 'Successfully logged out'
      redirect_to posts_path
    end
  end

ApplicationController

class ApplicationController < ActionController::Base

  helper_method :admin?

  protected

  def authorize
    unless admin?
      flash[:error] = "unauthorized request"
      redirect_to posts_path
      false
    end
  end

  def admin?
    session[:password] == "123456"
  end

  helper :all # include all helpers, all the time
  protect_from_forgery # See ActionController::RequestForgeryProtection for details
  # 
end