From 48000eb09ad072e83789c1efb002c259222ae91a Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 29 May 2008 20:43:58 +0000 Subject: [PATCH] Require a form post to finally confirm an account to stop accidental confirmations. --- app/controllers/user_controller.rb | 24 +++++++++++++----------- app/views/user/confirm.rhtml | 9 +++++++++ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index e998e83c6..31955d019 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -143,17 +143,19 @@ class UserController < ApplicationController end def confirm - token = UserToken.find_by_token(params[:confirm_string]) - if token and !token.user.active? - @user = token.user - @user.active = true - @user.save! - token.destroy - flash[:notice] = 'Confirmed your account, thanks for signing up!' - session[:user] = @user.id - redirect_to :action => 'account', :display_name => @user.display_name - else - flash[:notice] = 'Something went wrong confirming that user.' + if params[:confirm_action] + token = UserToken.find_by_token(params[:confirm_string]) + if token and !token.user.active? + @user = token.user + @user.active = true + @user.save! + token.destroy + flash[:notice] = 'Confirmed your account, thanks for signing up!' + session[:user] = @user.id + redirect_to :action => 'account', :display_name => @user.display_name + else + flash[:notice] = 'Something went wrong confirming that user.' + end end end diff --git a/app/views/user/confirm.rhtml b/app/views/user/confirm.rhtml index 8b1378917..5577b7068 100644 --- a/app/views/user/confirm.rhtml +++ b/app/views/user/confirm.rhtml @@ -1 +1,10 @@ +

Confirm a user account

+ +

Press the confirm button below to activate your account.

+ +
+ + +
+ -- 2.43.2