I have several questions and i need clear understanding on how i should
approach them, my target is for creating something called "fakebook",
facebooks copy but not going live at all (uni project).
Security Question
This is the code that helps me protect my "user/index"..
private
def protect
unless session[:user_id]
flash[:notice] = "Please Login to view this page, or Register if
you do not have an account!"
redirect_to :action => :login
return false
end
end
It works perfectly, as it checks for the session ID and when it finds
the user is logged in, he can view the user/index (another code is
placed on top with this).
Otherwise, they cannot view it and it takes them to the login page and a
flash message is displayed.
When the user is logged in, i want it to redirect the "user/register"
and "user/login" to the "user/index", and if they are NOT logged in,
they can view them. I have done this with the IF command in my menu but
physically they can type the address aka user/register or user/login and
view them again.
I'd strongly suggest you to take a look at Authlogic[1] gem. Even when
this is a very simple/personal project, and implement this gem might
look too much overhead for you, you'll get very interesting concepts
for authentication.
You have already shown us how you redirect from index to login if the
user is not logged in. You are asking how to redirect from register
and login if not logged in. Just use basically the same technique but
the test will be the the other way round ('if' instead of 'unless').
� � �flash[:notice] = "Please Login to view this page, or Register if
flash message is displayed.
When the user is logged in, i want it to redirect the "user/register"
and "user/login" to the "user/index", and if they are NOT logged in,
they can view them. I have done this with the IF command in my menu but
physically they can type the address aka user/register or user/login and
view them again.
You have already shown us how you redirect from index to login if the
user is not logged in. You are asking how to redirect from register
and login if not logged in. Just use basically the same technique but
the test will be the the other way round ('if' instead of 'unless').
Colin
Thank you very much Colin,
Simple code:
if session[:user_id]
flash[:notice] = "Already registed and logged in! You cannot view
the register or login!"
redirect_to :action => :index
end
end
