Age Verify

Is this the best way to do this?

class ApplicationController < ActionController::Base
before_filter :adult?

def adult?
session[:age] == true
end

def adult
session[:age] = true
redirect_to :back
end
end

In view:
<%= button_to “Enter”, { :action => “adult” } %>

I would store it as session[:adult] rather than [:age], but it seems
like an
ok way to do it.

On Dec 21, 2007 5:02 PM, edberner [email protected] wrote:

def adult
session[:age] = true
redirect_to :back
end
end

In view:
<%= button_to “Enter”, { :action => “adult” } %>


Ryan B.
http://www.frozenplague.net

What is preventing someone from doing a fake POST request on the adult
action?

What is preventing it? Whatever code you write for it. You didn’t say
anything about wanting to protect that action.
You could store another session variable on the previous page which says
that they visited that page before they visited the adult page. Check to
see
if the variable is set before setting adult to true and forwarding them
on.

Adding session[:check] to the view

<% session[:check] == true %>
<% button_to … %>

and an if statement to the ApplicationController does not seem like a
good solution.
This RESTful design has been posing many problems for me. Is there
something I’m missing about it? Why is it so good. It just makes
everything impossible to program for.

This seems to work. Is this what I should be doing with my excess REST
actions???

module ApplicationHelper
def checked
session[:check] == true
end

bump

Scratch that it didn’t work.

bump bumpity

Jesus!

Could you explain your problem a little more, possibly with less
bumping.
On Dec 22, 2007 7:01 PM, edberner [email protected] wrote:

on.


Ryan B.
http://www.frozenplague.net

Sorry about that.
I thought I had had it well explained.
The problem is I don’t know where to set session[:checked] for when we
know the user has been to the check page. Setting it in the view seems
to not be functional, as does throwing a method into the helper. This
is the functionality I want:

ApplicationController
before_filter :adult?
def adult?
session[:adult] == true
end

def adult # a method from a form on the page that sets the
session[:checked] (just makes sure the user has in fact been to that
page

if session[:checked] == true # how do i set this to be true???
session[:adult] = true
end

Put it in the check action, so it’s set when they go to that page.

On Dec 22, 2007 7:54 PM, edberner [email protected] wrote:

def adult?

see

if the variable is set before setting adult to true and forwarding
them

on.


Ryan B.http://www.frozenplague.net


Ryan B.
http://www.frozenplague.net

Ok. As it stands I have a <% unless session[:adult] %> PAGE <%else %>
actual <%=yield%>content <%end%>

set up in my application.html.erb
is this not a good idea? where should i check template?

So you want to render one thing if they’re an adult and another if
they’re
not? Why not employ the use of a before_filter.

class Controller
before_filter :is_adult?, :only => [:page]

private
def is_adult?
redirect_to some_other_page_controller_path unless session[:adult]
end
end

On Dec 22, 2007 7:58 PM, edberner [email protected] wrote:

to not be functional, as does throwing a method into the helper. This
page

On Dec 22, 2007 7:01 PM, edberner [email protected] wrote:
says


Ryan B.http://www.frozenplague.net


Ryan B.
http://www.frozenplague.net

edberner wrote:

bump

killfile…

I guess I’m not making myself clear. I am using a before_filter and
everything works Fine.
However, my code is not secure. Should someone go make a PUT request
on to /controller/adult they would be verified as an adult without
seeing the page I want them to see before that. That’s the page I want
to put the session[:checked] on. And currently that page lives in an
unless statement.

That’s why you put the method adult underneath a private definition, so
if
someone DOES do a request to adult the controller plays it stupid.

On Dec 22, 2007 8:10 PM, edberner [email protected] wrote:

Put it in the check action, so it’s set when they go to that page.

know the user has been to the check page. Setting it in the view seems
session[:checked] (just makes sure the user has in fact been to that
bumping.
which

Ryan B.http://www.frozenplague.net


Ryan B.http://www.frozenplague.net


Ryan B.
http://www.frozenplague.net
Feel free to add me to MSN and/or GTalk as this email.

Ok. I can’t make it any simpler than this. I’m saying across the Whole
site, if the user has not seen this one page, (the first part of that
unless statement) they can’t get to the rest of the page and are
consequently redirected to that page.

I understand that too, but now I can’t make a request to adult to set
session[:adult] true
This is so frustrating. Thanks for your help.

Alrighty,

How about putting a file in lib called custom_methods.rb or something
and
define this in it:

def adult
session[:adult] = true
end

That way NOBODY can make a request to it, you should be able to call it
whenever you like and there’s not another action in the controller.

If the method doesn’t work, restart your server. If it doesn’t work
after
that, then put it in a module:

module CustomMethods
def adult
session[:adult] = true
end
end

and “include CustomMethods” in your application controller, but it
should
never get to this.

On Dec 22, 2007 9:09 PM, edberner [email protected] wrote:

However, my code is not secure. Should someone go make a PUT request

ApplicationController
if session[:checked] == true # how do i set this to be

On Dec 22, 2007 7:01 PM, edberner [email protected] wrote:
page


Ryan B.
http://www.frozenplague.net
Feel free to add me to MSN and/or GTalk as this email.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs