Rails - Dec 2007 - Age Verify

Is this the best way to do this?

class ApplicationController < ActionController::Base
  before_filter :adult?

  def adult?
    session[:age] == true
  end

  def adult
    session[:age] = true
    redirect_to :back
  end
end

In view:
<%= button_to "Enter", { :action => "adult" } %>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I would store it as session[:adult] rather than [:age], but it seems like an
ok way to do it.

On Dec 21, 2007 5:02 PM, edberner
<eberner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> Is this the best way to do this?
>
> class ApplicationController < ActionController::Base
>  before_filter :adult?
>
>  def adult?
>    session[:age] == true
>  end
>
>  def adult
>    session[:age] = true
>    redirect_to :back
>  end
> end
>
> In view:
> <%= button_to "Enter", { :action => "adult" }
%>
>
> >
>

-- 
Ryan Bigg
http://www.frozenplague.net

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

What is preventing someone from doing a fake POST request on the adult
action?

On Dec 21, 1:34 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I would store it as session[:adult] rather than [:age], but it seems like
an
> ok way to do it.
>
> On Dec 21, 2007 5:02 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
>
>
> > Is this the best way to do this?
>
> > class ApplicationController < ActionController::Base
> >  before_filter :adult?
>
> >  def adult?
> >    session[:age] == true
> >  end
>
> >  def adult
> >    session[:age] = true
> >    redirect_to :back
> >  end
> > end
>
> > In view:
> > <%= button_to "Enter", { :action => "adult"
} %>
>
> --
> Ryan Bigghttp://www.frozenplague.net
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

What is preventing it? Whatever code you write for it. You didn''t say
anything about wanting to protect that action.
You could store another session variable on the previous page which says
that they visited that page before they visited the adult page. Check to see
if the variable is set before setting adult to true and forwarding them on.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Adding session[:check] to the view

<% session[:check] == true %>
<% button_to ........ %>

and an if statement to the ApplicationController does not seem like a
good solution.
This RESTful design has been posing many problems for me. Is there
something I''m missing about it? Why is it *so* good. It just makes
everything impossible to program for.

On Dec 21, 1:40 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> What is preventing it? Whatever code you write for it. You didn''t
say
> anything about wanting to protect that action.
> You could store another session variable on the previous page which says
> that they visited that page before they visited the adult page. Check to
see
> if the variable is set before setting adult to true and forwarding them on.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

This seems to work. Is this what I should be doing with my excess REST
actions???

module ApplicationHelper
def checked
    session[:check] == true
end

On Dec 21, 1:48 am, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Adding session[:check] to the view
>
> <% session[:check] == true %>
> <% button_to ........ %>
>
> and an if statement to the ApplicationController does not seem like a
> good solution.
> This RESTful design has been posing many problems for me. Is there
> something I''m missing about it? Why is it *so* good. It just makes
> everything impossible to program for.
>
> On Dec 21, 1:40 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > What is preventing it? Whatever code you write for it. You
didn''t say
> > anything about wanting to protect that action.
> > You could store another session variable on the previous page which
says
> > that they visited that page before they visited the adult page. Check
to see
> > if the variable is set before setting adult to true and forwarding
them on.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Scratch that it didn''t work.

On Dec 21, 1:48 am, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Adding session[:check] to the view
>
> <% session[:check] == true %>
> <% button_to ........ %>
>
> and an if statement to the ApplicationController does not seem like a
> good solution.
> This RESTful design has been posing many problems for me. Is there
> something I''m missing about it? Why is it *so* good. It just makes
> everything impossible to program for.
>
> On Dec 21, 1:40 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > What is preventing it? Whatever code you write for it. You
didn''t say
> > anything about wanting to protect that action.
> > You could store another session variable on the previous page which
says
> > that they visited that page before they visited the adult page. Check
to see
> > if the variable is set before setting adult to true and forwarding
them on.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

bump

On Dec 21, 1:40 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> What is preventing it? Whatever code you write for it. You didn''t
say
> anything about wanting to protect that action.
> You could store another session variable on the previous page which says
> that they visited that page before they visited the adult page. Check to
see
> if the variable is set before setting adult to true and forwarding them on.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

edberner wrote:
> bump
>   
killfile...

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

bump bumpity

On Dec 21, 1:40 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> What is preventing it? Whatever code you write for it. You didn''t
say
> anything about wanting to protect that action.
> You could store another session variable on the previous page which says
> that they visited that page before they visited the adult page. Check to
see
> if the variable is set before setting adult to true and forwarding them on.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Jesus!

Could you explain your problem a little more, possibly with less bumping.
On Dec 22, 2007 7:01 PM, edberner
<eberner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> bump bumpity
>
> On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > What is preventing it? Whatever code you write for it. You
didn''t say
> > anything about wanting to protect that action.
> > You could store another session variable on the previous page which
says
> > that they visited that page before they visited the adult page. Check
to
> see
> > if the variable is set before setting adult to true and forwarding
them
> on.
> >
>

-- 
Ryan Bigg
http://www.frozenplague.net

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Sorry about that.
I thought I had had it well explained.
The problem is I don''t know where to set session[:checked] for when we
know the user has been to the check page. Setting it in the view seems
to not be functional, as does throwing a method into the helper. This
is the functionality I want:

ApplicationController
before_filter :adult?
def adult?
session[:adult] == true
end

def adult # a method from a form on the page that sets the
session[:checked] (just makes sure the user has in fact been to that
page

if session[:checked] == true # how do i set this to *be* true?????
session[:adult] = true
end



On Dec 22, 4:12 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Jesus!
>
> Could you explain your problem a little more, possibly with less bumping.
> On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
> > bump bumpity
>
> > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > What is preventing it? Whatever code you write for it. You
didn''t say
> > > anything about wanting to protect that action.
> > > You could store another session variable on the previous page
which says
> > > that they visited that page before they visited the adult page.
Check to
> > see
> > > if the variable is set before setting adult to true and
forwarding them
> > on.
>
> --
> Ryan Bigghttp://www.frozenplague.net
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Put it in the check action, so it''s set when they go to that page.

On Dec 22, 2007 7:54 PM, edberner
<eberner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> Sorry about that.
> I thought I had had it well explained.
> The problem is I don''t know where to set session[:checked] for
when we
> know the user has been to the check page. Setting it in the view seems
> to not be functional, as does throwing a method into the helper. This
> is the functionality I want:
>
> ApplicationController
> before_filter :adult?
> def adult?
> session[:adult] == true
> end
>
> def adult # a method from a form on the page that sets the
> session[:checked] (just makes sure the user has in fact been to that
> page
>
> if session[:checked] == true # how do i set this to *be* true?????
> session[:adult] = true
> end
>
>
>
> On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Jesus!
> >
> > Could you explain your problem a little more, possibly with less
> bumping.
> > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >
> >
> > > bump bumpity
> >
> > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > What is preventing it? Whatever code you write for it. You
didn''t
> say
> > > > anything about wanting to protect that action.
> > > > You could store another session variable on the previous
page which
> says
> > > > that they visited that page before they visited the adult
page.
> Check to
> > > see
> > > > if the variable is set before setting adult to true and
forwarding
> them
> > > on.
> >
> > --
> > Ryan Bigghttp://www.frozenplague.net
> >
>

-- 
Ryan Bigg
http://www.frozenplague.net

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ok. As it stands I have a <% unless session[:adult] %> PAGE <%else
%>
actual <%=yield%>content <%end%>

set up in my application.html.erb
is this not a good idea? where should i check template?


On Dec 22, 4:25 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Put it in the check action, so it''s set when they go to that page.
>
> On Dec 22, 2007 7:54 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
>
>
> > Sorry about that.
> > I thought I had had it well explained.
> > The problem is I don''t know where to set session[:checked]
for when we
> > know the user has been to the check page. Setting it in the view seems
> > to not be functional, as does throwing a method into the helper. This
> > is the functionality I want:
>
> > ApplicationController
> > before_filter :adult?
> > def adult?
> > session[:adult] == true
> > end
>
> > def adult # a method from a form on the page that sets the
> > session[:checked] (just makes sure the user has in fact been to that
> > page
>
> > if session[:checked] == true # how do i set this to *be* true?????
> > session[:adult] = true
> > end
>
> > On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > Jesus!
>
> > > Could you explain your problem a little more, possibly with less
> > bumping.
> > > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > > bump bumpity
>
> > > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > What is preventing it? Whatever code you write for it.
You didn''t
> > say
> > > > > anything about wanting to protect that action.
> > > > > You could store another session variable on the
previous page which
> > says
> > > > > that they visited that page before they visited the
adult page.
> > Check to
> > > > see
> > > > > if the variable is set before setting adult to true and
forwarding
> > them
> > > > on.
>
> > > --
> > > Ryan Bigghttp://www.frozenplague.net
>
> --
> Ryan Bigghttp://www.frozenplague.net
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

So you want to render one thing if they''re an adult and another if
they''re
not? Why not employ the use of a before_filter.

class Controller
before_filter :is_adult?, :only => [:page]


private
def is_adult?
redirect_to some_other_page_controller_path unless session[:adult]
end
end

On Dec 22, 2007 7:58 PM, edberner
<eberner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> Ok. As it stands I have a <% unless session[:adult] %> PAGE <%else
%>
> actual <%=yield%>content <%end%>
>
> set up in my application.html.erb
> is this not a good idea? where should i check template?
>
>
> On Dec 22, 4:25am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Put it in the check action, so it''s set when they go to that
page.
> >
> > On Dec 22, 2007 7:54 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >
> >
> >
> >
> > > Sorry about that.
> > > I thought I had had it well explained.
> > > The problem is I don''t know where to set
session[:checked] for when we
> > > know the user has been to the check page. Setting it in the view
seems
> > > to not be functional, as does throwing a method into the helper.
This
> > > is the functionality I want:
> >
> > > ApplicationController
> > > before_filter :adult?
> > > def adult?
> > > session[:adult] == true
> > > end
> >
> > > def adult # a method from a form on the page that sets the
> > > session[:checked] (just makes sure the user has in fact been to
that
> > > page
> >
> > > if session[:checked] == true # how do i set this to *be*
true?????
> > > session[:adult] = true
> > > end
> >
> > > On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > Jesus!
> >
> > > > Could you explain your problem a little more, possibly with
less
> > > bumping.
> > > > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> > > > > bump bumpity
> >
> > > > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > > What is preventing it? Whatever code you write for
it. You
> didn''t
> > > say
> > > > > > anything about wanting to protect that action.
> > > > > > You could store another session variable on the
previous page
> which
> > > says
> > > > > > that they visited that page before they visited
the adult page.
> > > Check to
> > > > > see
> > > > > > if the variable is set before setting adult to
true and
> forwarding
> > > them
> > > > > on.
> >
> > > > --
> > > > Ryan Bigghttp://www.frozenplague.net
> >
> > --
> > Ryan Bigghttp://www.frozenplague.net
> >
>

-- 
Ryan Bigg
http://www.frozenplague.net

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I guess I''m not making myself clear. I am using a before_filter and
everything works Fine.
However, my code is not secure. Should someone go make a PUT request
on to /controller/adult they would be verified as an adult without
seeing the page I want them to see before that. That''s the page I want
to put the session[:checked] on. And currently that page lives in an
unless statement.

On Dec 22, 4:25 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Put it in the check action, so it''s set when they go to that page.
>
> On Dec 22, 2007 7:54 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
>
>
> > Sorry about that.
> > I thought I had had it well explained.
> > The problem is I don''t know where to set session[:checked]
for when we
> > know the user has been to the check page. Setting it in the view seems
> > to not be functional, as does throwing a method into the helper. This
> > is the functionality I want:
>
> > ApplicationController
> > before_filter :adult?
> > def adult?
> > session[:adult] == true
> > end
>
> > def adult # a method from a form on the page that sets the
> > session[:checked] (just makes sure the user has in fact been to that
> > page
>
> > if session[:checked] == true # how do i set this to *be* true?????
> > session[:adult] = true
> > end
>
> > On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > Jesus!
>
> > > Could you explain your problem a little more, possibly with less
> > bumping.
> > > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > > bump bumpity
>
> > > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > What is preventing it? Whatever code you write for it.
You didn''t
> > say
> > > > > anything about wanting to protect that action.
> > > > > You could store another session variable on the
previous page which
> > says
> > > > > that they visited that page before they visited the
adult page.
> > Check to
> > > > see
> > > > > if the variable is set before setting adult to true and
forwarding
> > them
> > > > on.
>
> > > --
> > > Ryan Bigghttp://www.frozenplague.net
>
> --
> Ryan Bigghttp://www.frozenplague.net
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

That''s why you put the method adult underneath a private definition, so
if
someone DOES do a request to adult the controller plays it stupid.

On Dec 22, 2007 8:10 PM, edberner
<eberner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> I guess I''m not making myself clear. I am using a before_filter
and
> everything works Fine.
> However, my code is not secure. Should someone go make a PUT request
> on to /controller/adult they would be verified as an adult without
> seeing the page I want them to see before that. That''s the page I
want
> to put the session[:checked] on. And currently that page lives in an
> unless statement.
>
> On Dec 22, 4:25am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Put it in the check action, so it''s set when they go to that
page.
> >
> > On Dec 22, 2007 7:54 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >
> >
> >
> >
> > > Sorry about that.
> > > I thought I had had it well explained.
> > > The problem is I don''t know where to set
session[:checked] for when we
> > > know the user has been to the check page. Setting it in the view
seems
> > > to not be functional, as does throwing a method into the helper.
This
> > > is the functionality I want:
> >
> > > ApplicationController
> > > before_filter :adult?
> > > def adult?
> > > session[:adult] == true
> > > end
> >
> > > def adult # a method from a form on the page that sets the
> > > session[:checked] (just makes sure the user has in fact been to
that
> > > page
> >
> > > if session[:checked] == true # how do i set this to *be*
true?????
> > > session[:adult] = true
> > > end
> >
> > > On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > Jesus!
> >
> > > > Could you explain your problem a little more, possibly with
less
> > > bumping.
> > > > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> > > > > bump bumpity
> >
> > > > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > > What is preventing it? Whatever code you write for
it. You
> didn''t
> > > say
> > > > > > anything about wanting to protect that action.
> > > > > > You could store another session variable on the
previous page
> which
> > > says
> > > > > > that they visited that page before they visited
the adult page.
> > > Check to
> > > > > see
> > > > > > if the variable is set before setting adult to
true and
> forwarding
> > > them
> > > > > on.
> >
> > > > --
> > > > Ryan Bigghttp://www.frozenplague.net
> >
> > --
> > Ryan Bigghttp://www.frozenplague.net
> >
>

-- 
Ryan Bigg
http://www.frozenplague.net
Feel free to add me to MSN and/or GTalk as this email.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I understand that too, but now I can''t make a request to adult to set
session[:adult] true
This is so frustrating. Thanks for your help.

On Dec 22, 5:25 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> That''s why you put the method adult underneath a private
definition, so if
> someone DOES do a request to adult the controller plays it stupid.
>
> On Dec 22, 2007 8:10 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
>
>
> > I guess I''m not making myself clear. I am using a
before_filter and
> > everything works Fine.
> > However, my code is not secure. Should someone go make a PUT request
> > on to /controller/adult they would be verified as an adult without
> > seeing the page I want them to see before that. That''s the
page I want
> > to put the session[:checked] on. And currently that page lives in an
> > unless statement.
>
> > On Dec 22, 4:25am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > Put it in the check action, so it''s set when they go to
that page.
>
> > > On Dec 22, 2007 7:54 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > > Sorry about that.
> > > > I thought I had had it well explained.
> > > > The problem is I don''t know where to set
session[:checked] for when we
> > > > know the user has been to the check page. Setting it in the
view seems
> > > > to not be functional, as does throwing a method into the
helper. This
> > > > is the functionality I want:
>
> > > > ApplicationController
> > > > before_filter :adult?
> > > > def adult?
> > > > session[:adult] == true
> > > > end
>
> > > > def adult # a method from a form on the page that sets the
> > > > session[:checked] (just makes sure the user has in fact been
to that
> > > > page
>
> > > > if session[:checked] == true # how do i set this to *be*
true?????
> > > > session[:adult] = true
> > > > end
>
> > > > On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > Jesus!
>
> > > > > Could you explain your problem a little more, possibly
with less
> > > > bumping.
> > > > > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > > > > bump bumpity
>
> > > > > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > > > What is preventing it? Whatever code you
write for it. You
> > didn''t
> > > > say
> > > > > > > anything about wanting to protect that
action.
> > > > > > > You could store another session variable on
the previous page
> > which
> > > > says
> > > > > > > that they visited that page before they
visited the adult page.
> > > > Check to
> > > > > > see
> > > > > > > if the variable is set before setting adult
to true and
> > forwarding
> > > > them
> > > > > > on.
>
> > > > > --
> > > > > Ryan Bigghttp://www.frozenplague.net
>
> > > --
> > > Ryan Bigghttp://www.frozenplague.net
>
> --
> Ryan Bigghttp://www.frozenplague.net
> Feel free to add me to MSN and/or GTalk as this email.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ok. I can''t make it any simpler than this. I''m saying across
the Whole
site, if the user has not seen this one page, (the first part of that
unless statement) they can''t get to the rest of the page and are
consequently redirected to that page.

On Dec 22, 5:27 am, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I understand that too, but now I can''t make a request to adult to
set
> session[:adult] true
> This is so frustrating. Thanks for your help.
>
> On Dec 22, 5:25 am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > That''s why you put the method adult underneath a private
definition, so if
> > someone DOES do a request to adult the controller plays it stupid.
>
> > On Dec 22, 2007 8:10 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > I guess I''m not making myself clear. I am using a
before_filter and
> > > everything works Fine.
> > > However, my code is not secure. Should someone go make a PUT
request
> > > on to /controller/adult they would be verified as an adult
without
> > > seeing the page I want them to see before that. That''s
the page I want
> > > to put the session[:checked] on. And currently that page lives in
an
> > > unless statement.
>
> > > On Dec 22, 4:25am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > Put it in the check action, so it''s set when they
go to that page.
>
> > > > On Dec 22, 2007 7:54 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > > > Sorry about that.
> > > > > I thought I had had it well explained.
> > > > > The problem is I don''t know where to set
session[:checked] for when we
> > > > > know the user has been to the check page. Setting it in
the view seems
> > > > > to not be functional, as does throwing a method into
the helper. This
> > > > > is the functionality I want:
>
> > > > > ApplicationController
> > > > > before_filter :adult?
> > > > > def adult?
> > > > > session[:adult] == true
> > > > > end
>
> > > > > def adult # a method from a form on the page that sets
the
> > > > > session[:checked] (just makes sure the user has in fact
been to that
> > > > > page
>
> > > > > if session[:checked] == true # how do i set this to
*be* true?????
> > > > > session[:adult] = true
> > > > > end
>
> > > > > On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > > Jesus!
>
> > > > > > Could you explain your problem a little more,
possibly with less
> > > > > bumping.
> > > > > > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > > > > > bump bumpity
>
> > > > > > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > > > > What is preventing it? Whatever code you
write for it. You
> > > didn''t
> > > > > say
> > > > > > > > anything about wanting to protect that
action.
> > > > > > > > You could store another session variable
on the previous page
> > > which
> > > > > says
> > > > > > > > that they visited that page before they
visited the adult page.
> > > > > Check to
> > > > > > > see
> > > > > > > > if the variable is set before setting
adult to true and
> > > forwarding
> > > > > them
> > > > > > > on.
>
> > > > > > --
> > > > > > Ryan Bigghttp://www.frozenplague.net
>
> > > > --
> > > > Ryan Bigghttp://www.frozenplague.net
>
> > --
> > Ryan Bigghttp://www.frozenplague.net
> > Feel free to add me to MSN and/or GTalk as this email.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Alrighty,

How about putting a file in lib called custom_methods.rb or something and
define this in it:

def adult
session[:adult] = true
end

That way NOBODY can make a request to it, you should be able to call it
whenever you like and there''s not another action in the controller.

If the method doesn''t work, restart your server. If it doesn''t
work after
that, then put it in a module:

module CustomMethods
def adult
session[:adult] = true
end
end

and "include CustomMethods" in your application controller, but it
should
never get to this.

On Dec 22, 2007 9:09 PM, edberner
<eberner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> Ok. I can''t make it any simpler than this. I''m saying
across the Whole
> site, if the user has not seen this one page, (the first part of that
> unless statement) they can''t get to the rest of the page and are
> consequently redirected to that page.
>
> On Dec 22, 5:27am, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > I understand that too, but now I can''t make a request to
adult to set
> > session[:adult] true
> > This is so frustrating. Thanks for your help.
> >
> > On Dec 22, 5:25am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> > > That''s why you put the method adult underneath a private
definition,
> so if
> > > someone DOES do a request to adult the controller plays it
stupid.
> >
> > > On Dec 22, 2007 8:10 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> > > > I guess I''m not making myself clear. I am using a
before_filter and
> > > > everything works Fine.
> > > > However, my code is not secure. Should someone go make a PUT
request
> > > > on to /controller/adult they would be verified as an adult
without
> > > > seeing the page I want them to see before that.
That''s the page I
> want
> > > > to put the session[:checked] on. And currently that page
lives in an
> > > > unless statement.
> >
> > > > On Dec 22, 4:25am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > Put it in the check action, so it''s set when
they go to that page.
> >
> > > > > On Dec 22, 2007 7:54 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> > > > > > Sorry about that.
> > > > > > I thought I had had it well explained.
> > > > > > The problem is I don''t know where to set
session[:checked] for
> when we
> > > > > > know the user has been to the check page. Setting
it in the view
> seems
> > > > > > to not be functional, as does throwing a method
into the helper.
> This
> > > > > > is the functionality I want:
> >
> > > > > > ApplicationController
> > > > > > before_filter :adult?
> > > > > > def adult?
> > > > > > session[:adult] == true
> > > > > > end
> >
> > > > > > def adult # a method from a form on the page that
sets the
> > > > > > session[:checked] (just makes sure the user has in
fact been to
> that
> > > > > > page
> >
> > > > > > if session[:checked] == true # how do i set this
to *be*
> true?????
> > > > > > session[:adult] = true
> > > > > > end
> >
> > > > > > On Dec 22, 4:12am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > > > > > Jesus!
> >
> > > > > > > Could you explain your problem a little more,
possibly with
> less
> > > > > > bumping.
> > > > > > > On Dec 22, 2007 7:01 PM, edberner
<eber...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> > > > > > > > bump bumpity
> >
> > > > > > > > On Dec 21, 1:40am, "Ryan Bigg"
<radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
> > > > > > > > > What is preventing it? Whatever
code you write for it. You
> > > > didn''t
> > > > > > say
> > > > > > > > > anything about wanting to protect
that action.
> > > > > > > > > You could store another session
variable on the previous
> page
> > > > which
> > > > > > says
> > > > > > > > > that they visited that page before
they visited the adult
> page.
> > > > > > Check to
> > > > > > > > see
> > > > > > > > > if the variable is set before
setting adult to true and
> > > > forwarding
> > > > > > them
> > > > > > > > on.
> >
> > > > > > > --
> > > > > > > Ryan Bigghttp://www.frozenplague.net
> >
> > > > > --
> > > > > Ryan Bigghttp://www.frozenplague.net
> >
> > > --
> > > Ryan Bigghttp://www.frozenplague.net
> > > Feel free to add me to MSN and/or GTalk as this email.
> >
>

-- 
Ryan Bigg
http://www.frozenplague.net
Feel free to add me to MSN and/or GTalk as this email.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---