tidier code

[rails.git] / app / controllers / user_controller.rb

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 3a0e0a14935c4fc5ae270610568f250be3820310..0c251492783f2b0dfbf444734e5f7b4b8aa69aea 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -318,16 +318,19 @@ class UserController < ApplicationController
     else
       user = User.find_by_display_name(params[:display_name])
 
     else
       user = User.find_by_display_name(params[:display_name])
 

-      redirect_to root_path if !user || user.active?
+      redirect_to root_path if user.nil? || user.active?

     end
   end
 
   def confirm_resend
     end
   end
 
   def confirm_resend

-    if user = User.find_by_display_name(params[:display_name])
+    user = User.find_by_display_name(params[:display_name])
+    token = UserToken.find_by_token(session[:token])
+
+    if user.nil? || token.nil? || token.user != user
+      flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name]
+    else

       Notifier.signup_confirm(user, user.tokens.create).deliver_now
       flash[:notice] = t "user.confirm_resend.success", :email => user.email
       Notifier.signup_confirm(user, user.tokens.create).deliver_now
       flash[:notice] = t "user.confirm_resend.success", :email => user.email

-    else
-      flash[:error] = t "user.confirm_resend.failure", :name => params[:display_name]

     end
 
     redirect_to :action => "login"
     end
 
     redirect_to :action => "login"


@@ -631,6 +634,8 @@ class UserController < ApplicationController
   ##
   #
   def unconfirmed_login(user)
   ##
   #
   def unconfirmed_login(user)

+    session[:token] = user.tokens.create.token
+

     redirect_to :action => "confirm", :display_name => user.display_name
 
     session.delete(:remember_me)
     redirect_to :action => "confirm", :display_name => user.display_name
 
     session.delete(:remember_me)