From 0c86ec6841d300de7b68e659058cfebbef1cee2e Mon Sep 17 00:00:00 2001 From: Coleman Date: Fri, 17 Oct 2008 17:17:42 -0500 Subject: [PATCH] force anonymous users to verify their humanity before voting --- app/controllers/application.rb | 8 ++++++++ app/controllers/sessions.rb | 1 + app/controllers/users.rb | 16 ++++++++++++++++ app/controllers/votes.rb | 10 ++++++++++ .../users/validate_anonymous_user.html.haml | 5 +++++ config/router.rb | 1 + 6 files changed, 41 insertions(+) create mode 100644 app/views/users/validate_anonymous_user.html.haml diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 5971a60..515db2d 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -19,6 +19,14 @@ class Application < Merb::Controller logged_in? and current_user and current_user.administrator? end + def valid_anonymous_user? + !session[:validated_anonymous_user].nil? + end + + def valid_anonymous_user! + session[:validated_anonymous_user] = true + end + def reset_session session[:user_id] = nil end diff --git a/app/controllers/sessions.rb b/app/controllers/sessions.rb index ec0fc1c..0432b1e 100644 --- a/app/controllers/sessions.rb +++ b/app/controllers/sessions.rb @@ -11,6 +11,7 @@ class Sessions < Application user = User.find_by_user_name params[:user_name] if user and user.authenticated_against?(params[:password]) session[:user_id] = user.id + valid_anonymous_user! if request.xhr? render '', :status => 200 else diff --git a/app/controllers/users.rb b/app/controllers/users.rb index 8b7f9cd..4555084 100644 --- a/app/controllers/users.rb +++ b/app/controllers/users.rb @@ -54,4 +54,20 @@ class Users < Application end redirect url(:users) end + + def validate_anonymous_user + if logged_in? or valid_anonymous_user? + flash[:notice] = 'You are already good, doofus.' + redirect '/' + elsif request.post? and !verify_recaptcha + flash.now[:error] = 'That does not work. Try again.' + render + elsif request.post? + valid_anonymous_user! + flash[:notice] = 'Great success!' + redirect url(:new_vote) + else + render + end + end end diff --git a/app/controllers/votes.rb b/app/controllers/votes.rb index a1c0522..9a45a8a 100644 --- a/app/controllers/votes.rb +++ b/app/controllers/votes.rb @@ -1,4 +1,5 @@ class Votes < Application + before :validate_anonymous_user before :fetch_allowed_user, :only => [ :show ] def show @@ -51,4 +52,13 @@ class Votes < Application @photo = Photo.next_available_votable_photo current_user end end + + def validate_anonymous_user + if !logged_in? and !valid_anonymous_user? + flash[:notice] = 'You must prove that you are a human to continue.' + redirect '/validate_anonymous_user' + else + true + end + end end diff --git a/app/views/users/validate_anonymous_user.html.haml b/app/views/users/validate_anonymous_user.html.haml new file mode 100644 index 0000000..200abac --- /dev/null +++ b/app/views/users/validate_anonymous_user.html.haml @@ -0,0 +1,5 @@ += form :action => '/validate_anonymous_user' do + %fieldset + %legend Anonymous Authentication + #recaptcha_container= recaptcha_tags + = submit 'Go' diff --git a/config/router.rb b/config/router.rb index 3fb700f..a40a9ff 100644 --- a/config/router.rb +++ b/config/router.rb @@ -5,6 +5,7 @@ Merb::Router.prepare do |r| r.match('/acceptable_use').to(:controller => 'home', :action => 'acceptable_use') r.match('/disclaimer').to(:controller => 'home', :action => 'disclaimer') r.match('/hall_of_fame').to(:controller => 'home', :action => 'hall_of_fame') + r.match('/validate_anonymous_user').to(:controller => 'users', :action => 'validate_anonymous_user') r.match('/photos/by_email').to(:controller => 'photos', :action => 'by_email') r.match('/photos/by_hash/:id').to(:controller => 'photos', :action => 'by_hash')