Confirm confirmation with hidden field Rails 4
I have an SMS payment system that works just fine. Now I am facing a problem.
When a user clicks on a new ad:
def new
@advertisement = Advertisement.new
retries = 0
loop do
@advertisement.identifier = ('0'..'9').to_a.shuffle.first(5).join
retries += 1
break if retries == 5 || Advertisement.find_by(identifier: @advertisement.identifier)
end
@int = @advertisement.identifier.to_i
@compare_identifier = ((@int + 99)*7)+2
respond_with(@advertisement)
end
Identifier and compare_identifier is identified .
Before a user can create a new ad, he needs to pay via sms.
The SMS looks like this: ABC 12345 . ABC is the service ID, 12345 is the advertisement ID.
Incoming payments will be processed in the SMS # RECEIVE controller, where the advertisement will be identified first, and then a compare_identifier will be generated using the same function as in the # new advertisement:
@int = @advertisement.identifier.to_i
@compare_identifier = ((@int + 99)*7)+2
This compare_identifier is then sent back to the user who sent the SMS. He then enters this code, and if it matches, he can create this ad.
In Advertising # _form:
<%= form_for @advertisement,:html => {:multipart => true, :class => "form-horizontal advertisement" } do |f| %>
.....
<%= f.hidden_field :smsidentifier, :value => @compare_identifier%>
<%= f.text_field :smsidentifier_confirmation %>
<%= f.submit nil, :class => 'btn btn-primary' %>
<%= link_to t('.cancel', :default => t("helpers.links.cancel")),
advertisements_path, :class => 'btn btn-default' %>
<% end %>
Advertisement.rb
validates :smsidentifier, confirmation: true
validates :smsidentifier_confirmation, presence: true
Then I got this error: Smsidentifier confirmation translation missing: lv.activerecord.errors.models.advertisement.attributes.smsidentifier_confirmation.blank
I believe this is because of this hidden_field? It is very important to keep this field hidden so that there is no security breach.
Params hash when I try to create an ad:
Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZIevYutJzBvZoAxseuaAvIqhqKWfL2Qr4PBxsO4zvJs=", "advertisement"=>{"user_id"=>"24", "name"=>"liu", "country_id"=>"1", "region_id"=>"4", "age"=>"41", "height"=>"152", "phone_number"=>"2222222", "weight"=>"58", "email"=>"operins@gmail.com", "description"=>"4141", "provaider"=>"ipo", "your_ip"=>"i;", "terms_of_service"=>"1", "smsidentifier"=>"588807", "smsidentifier_confirmation"=>"588807"}, "hour_ids"=>["1"], "service_ids"=>["2", "7"], "images"=>[#<ActionDispatch::Http::UploadedFile:0x00000005e8d078 @tempfile=#<Tempfile:/tmp/RackMultipart20141217-13535-1glcbic>, @original_filename="sludinajums_ruby1.jpg", @content_type="image/jpeg", @headers="Content-Disposition: form-data; name=\"images[]\"; filename=\"sludinajums_ruby1.jpg\"\r\nContent-Type: image/jpeg\r\n">], "commit"=>"Create Advertisement", "locale"=>"lv"}
Is there any other way to do this? Or is my approach bad?
source to share
Did you bleach this field in Strong Paramas?
https://github.com/rails/strong_parameters
If not, it will be nullified in the controller.
source to share