force anonymous users to verify their humanity before voting

2008-10-17 17:17:42 -05:00 · 2008-10-17 17:17:42 -05:00 · 0c86ec6841
parent 38c7e0fcef
commit 0c86ec6841
6 changed files with 41 additions and 0 deletions
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@ -19,6 +19,14 @@ class Application < Merb::Controller
    logged_in? and current_user and current_user.administrator?
  end
  
+  def valid_anonymous_user?
+    !session[:validated_anonymous_user].nil?
+  end
+  
+  def valid_anonymous_user!
+    session[:validated_anonymous_user] = true
+  end
+  
  def reset_session
    session[:user_id] = nil
  end
--- a/app/controllers/sessions.rb
+++ b/app/controllers/sessions.rb
@ -11,6 +11,7 @@ class Sessions < Application
    user = User.find_by_user_name params[:user_name]
    if user and user.authenticated_against?(params[:password])
      session[:user_id] = user.id
+      valid_anonymous_user!
      if request.xhr?
        render '', :status => 200
      else
--- a/app/controllers/users.rb
+++ b/app/controllers/users.rb
@ -54,4 +54,20 @@ class Users < Application
    end
    redirect url(:users)
  end
+  
+  def validate_anonymous_user
+    if logged_in? or valid_anonymous_user?
+      flash[:notice] = 'You are already good, doofus.'
+      redirect '/'
+    elsif request.post? and !verify_recaptcha
+      flash.now[:error] = 'That does not work. Try again.'
+      render
+    elsif request.post?
+      valid_anonymous_user!
+      flash[:notice] = 'Great success!'
+      redirect url(:new_vote)
+    else
+      render
+    end
+  end
 end
--- a/app/controllers/votes.rb
+++ b/app/controllers/votes.rb
@ -1,4 +1,5 @@
 class Votes < Application
+  before :validate_anonymous_user
  before :fetch_allowed_user, :only => [ :show ]
  
  def show
@ -51,4 +52,13 @@ class Votes < Application
      @photo = Photo.next_available_votable_photo current_user
    end
  end
+  
+  def validate_anonymous_user
+    if !logged_in? and !valid_anonymous_user?
+      flash[:notice] = 'You must prove that you are a human to continue.'
+      redirect '/validate_anonymous_user'
+    else
+      true
+    end
+  end
 end
--- a/app/views/users/validate_anonymous_user.html.haml
+++ b/app/views/users/validate_anonymous_user.html.haml
@ -0,0 +1,5 @@
+= form :action => '/validate_anonymous_user' do
+  %fieldset
+    %legend Anonymous Authentication
+    #recaptcha_container= recaptcha_tags
+    = submit 'Go'
--- a/config/router.rb
+++ b/config/router.rb
@ -5,6 +5,7 @@ Merb::Router.prepare do |r|
  r.match('/acceptable_use').to(:controller => 'home', :action => 'acceptable_use')
  r.match('/disclaimer').to(:controller => 'home', :action => 'disclaimer')
  r.match('/hall_of_fame').to(:controller => 'home', :action => 'hall_of_fame')
+  r.match('/validate_anonymous_user').to(:controller => 'users', :action => 'validate_anonymous_user')
  r.match('/photos/by_email').to(:controller => 'photos', :action => 'by_email')
  r.match('/photos/by_hash/:id').to(:controller => 'photos', :action => 'by_hash')