This is the font-code.
<%= form_for(:something, :html=> {:id => 'login'}, :url => 'login/create') do |form| %>
<h1>Log In</h1>
<fieldset id="inputs">
<%= form.text_field :username, :placeholder => 'Username', :autofocus=>true%>
<%= password_field_tag(:password, :placeholder => 'Password') %>
<%= password_field_tag :userpass1, placeholder: 'Password'%>
<%= password_field_tag :userpass, params[:userpass], placeholder: 'Password', class: 'input-small'%>
</fieldset>
<fieldset id="actions">
<input type="submit" id="submit" value="Log in">
Register
</fieldset>
<%end%>
and if i submit, it sends like this,
Processing by LoginController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"2RQKkdOZf2HL+dsY2peWYUIaY78WBZBvNveKKBvZv60=", "something"=>{"username
"=>"test"}, "password"=>"[FILTERED]", "userpass1"=>"test2", "userpass"=>"est3"}
in here, the first password field is sending with filtered, but the other two are just showing what the user typed.
what is the problem?
and the most big problem is, after i send this and check the request header,
it shows all the parameter, even the data what have been filetered like this,
Any good solution about this?!
You probably have line
config.filter_parameters += [:password]
in your config/application.rb. Modify it to:
config.filter_parameters += [:password, :userpass, :userpass1, :userpass2]
That causes filtering additional parameters in logs.
The second "problem" is not a problem at all. How do you suppose server to know what your parameters are if you want to filter them in request?
Related
I'm trying get a value of phone from input and pass it by url for so call a method to delete it. I have:
<div class="telefones">
<%= f.fields_for :phones do |p| %>
<div class="control-group">
<div class="controls">
<%= p.text_field :number, :name => 'phone', :class => 'text_field', :type => "text", :data => { :mask => "99 9999.9999"} %>
<%= link_to 'Delete Phone', "/admin/clinics/"+PHONE_NUMBER+"/delete-phone" %>
</div>
</div>
<% end %>
In PHONE_NUMBER, will be where I will spend the number of this input. Any idei how to fix it?
I don't think it's possible the way you're trying to do that. I would suggest to 2 another approachs:
Send that form to an particular action, and there, you get the value of phone number input, and delete it
You could use jquery to get the input value and send a http request to that "/admin/clinics/"+PHONE_NUMBER+"/delete-phone" URL, so you could replace the PHONE_NUMBER with the value you just got.
Anyway, since that value is being inputed by the user, you should do some checks and validations. It's not quite simple.
Hope this helps you. Good luck!
So after quite sometime and a slight headache. I was able to get a Rails versioned form working. Although I was able to get it working, I dont know if it is the best practice as it feels a little off. I have a website that has a form for signing up on the landing page. The landing page is static_pages#home. I have created a partial for my users controller _new.html.erb that has been included on my landing page. Here is the form that I have:
<!-- Main Form -->
<div class="login-form-1">
<!-- <form id="register-form" class="text-left"> -->
<div class="login-form-main-message"></div>
<div class="main-login-form">
<div class="login-group">
<%= form_for(#user) do |f| %>
<div class="form-group">
<%= f.text_field :first_name, :class => "form-control", :placeholder => "First Name" %>
</div>
<div class="form-group">
<%= f.text_field :last_name, :class => "form-control", :placeholder => "Last Name" %>
</div>
<div class="form-group">
<%= f.text_field :user_name, :class => "form-control", :placeholder => "User Name" %>
</div>
<div class="form-group">
<%= f.email_field :email, :class => "form-control", :placeholder => "Email" %>
</div>
</div>
<button class="login-button"><%= f.submit "", :class => "remove-button" %></button>
<% end %>
</div>
<div class="etc-login-form">
<p>already have an account? login here</p>
</div>
<!-- </form> -->
</div>
<!-- end:Main Form -->
It is a little messy because I have added a lot of styling. The thing to pay attention to is how I am presenting the form_for. I have passed to it an object of #user. Normally this #user would be found in the Users#new action; however, the only way to get this form to function properly is to have the Static_pages#home handle it by setting #user = User.new. Doing this seems incorrect, however, I cannot seem to find a better way of going about this. Initially all I'm looking to do is have this form when submitted, hit the Users#create action. I have tried passing form_for (:user, :users, "/users"), but when I try this it attempts to hit a Static_pages#create action.
All in all, my question revolves around if this is a correct way of handling this, and if not what would be a more appropriate way. Again, I was able to get this to work, but that is by setting #user = User.new every time the Static_pages#home, my landing page, is visited. Thank you for your time in answering this.
This is ok and perfectly acceptable. I would even be tempted to write form_for User.new.
Please remember that in most "realistic" pages, more than 1 resource can be found. E.g. a login form on the about page, a tag-cloud on the posts page, so a controller might need to retrieve more than 1 type of object.
Theoretically, if your page is made up of disconnected/independent areas (e.g. 1 area=a post and its comments, and another is the list of most recent comments), you could also consider using cells.
Background
I am creating a search field in my header. This code in my view:
<% if signed_in? %>
<%=f orm_tag( "/search", method: "get", :class=>"navbar-form navbar-left", :role => "search") do %>
<div class="form-group">
<%=t ext_field_tag :q, nil, :class=>"form-control", :placeholder => 'Domain/IP Search' %>
</div>
<%=b utton_tag "Search", :type=>'submit', :class=> "btn btn-primary" do %>
<span class="glyphicon glyphicon-search"></span>
<% end %>
<% end %>
creates this output:
<form accept-charset="UTF-8" action="/search" class="navbar-form navbar-left" method="get" role="search">
<div style="display:none">
<input name="utf8" type="hidden" value="✓">
</div>
<div class="form-group">
<input class="form-control" id="q" name="q" placeholder="Domain/IP Search" type="text">
</div>
<button class="btn btn-primary" name="button" type="submit">
<span class="glyphicon glyphicon-search"></span>
</button>
</form>
Here is a picture:
The issue
The problem is when I search, I get this in my url:
/search?utf8=✓&q=test&button=
Ideally, I'd like it to be more like:
/search?q=test
tl;dr:
How do I get rid of the button parameter (and hopefully the utf one as well).
Extra info:
routes.rb
resources :search
search_controller.rb
class SearchController < ApplicationController
def index
#results = params[:q]
puts #results.to_s
end
end
search\index.html.erb
<%=#results.to_s %>
EDIT, answer
Adding this because while the accepted answer helped me get to the solution; it didn't have the exact code for my circumstance. I made these changes:
1) routes:
match '/search', to: 'search#index', via: 'post'
2) form in my header:
<%= form_tag search_path, method: "post", :class => "navbar-form navbar-left", :id=> "SearchForm", :role => "search" do %>
<div class="form-group">
<%= text_field_tag :q, nil, :class => "form-control", :placeholder => 'Domain/IP Search' %>
</div>
<%= button_tag "Search", :type=> 'submit', :class=> "btn btn-primary" do %>
<span class="glyphicon glyphicon-search"></span>
<% end %>
<% end %>
GET
The bottom line, as I wrote in another answer, is that you're using GET:
Essentially, when you submit a GET form, it appends the parameters to your URL, whilst a POST form will append the data to the request body (or somewhere hidden).
The difference is just that the GET request expects a response to be returned immediately, and so you have to pass the parameters in the URL to ensure the server knows how to construct it. The best example being if you use a GET request to load a page.
The POST method is used primarily used for forms, where a response is not expected immediately; thus allowing you to keep the params hidden in the request.
Fix
We've actually created a basic search feature here (the actual search doesn't work for some reason, but the live search does)
The way we did it was as follows:
match 'search(/:search)', :to => 'products#search', :as => :search, via: [:get, :post]
This will firstly allow you to access the search action by typing domain.com/search/your-query-here
In terms of submitting via a form, you'll be able to use JQuery to amend the URL with the input from the text field:
#app/views/elements/_nav.html.erb
<%= form_tag search_path, :method => :post, :id => "SearchForm" do %>
<%= text_field_tag :search, params[:search], placeholder: 'Search your favourite products or brands', :autocomplete => :off, :id => 'SearchSearch' %>
<%= image_submit_tag('nav_bar/search.png', title: 'Search', class: 'search_submit', data: { "placement" => "bottom" }) %>
<% end %>
#app/assets/javascripts/application.js
//Search Submit
$(document).ready(function() {
$('#SearchForm').submit(function(e) {
e.preventDefault();
if( $('#SearchSearch').val().length > 0 ) {
var search_params = '/' + $('#SearchSearch').val().toLowerCase();
}else{
var search_params = ''
}
window.location.href = $(this).attr('action') + search_params
});
});
If you are not doing with the Utf8 parameter but, Rails is & but its needed. It's to correct some issues in IE's parameter encoding, This parameter was added to forms in order to force Internet Explorer 5, 6, 7 and 8 to encode its parameters as unicode.Its fixes encodeing issue of IE.
Please refer following link:
What is the _snowman param in Ruby on Rails 3 forms for?
This parameter is a feature of rails.
It was previously the snowman.
It helps IE to really use utf-8.
Avoid using form_tag and it works:
<form action="<%= search_path %>" method="get" >
<%= text_field_tag 'query' %>
<%= submit_tag "Search", :name => nil%>
</form>
Now style your form as you want
Using a new/unchanged installation of simple_form 3.0.0.rc on rails 4.0.0.rc1, this view code
<%= simple_form_for #order do |f| %>
<%= f.input_field :email %>
<%= end %>
produces this output
<input class="string email optional" id="order_email" maxlength="255" name="order[email]" size="255" type="text" />
but I had expected the output not to include maxlength and to set type to 'email', much like the #input method does:
<input class="string email optional" id="order_email" name="order[email]" type="email" />
My expectations come from the fact that simple_form.rb includes the following default values:
b.use :html5
b.optional :maxlength
What do I need to do to make the input attributes from #input_field default to the same as #input?
Input field helper method will take hash you pass to it in second argument and turn them info html attributes. Look at the code below, should do the trick:
<%= simple_form_for #order do |f| %>
<%= f.input_field :email, :type => :email, :maxlength => nil %>
<% end %>
According to the docs input_field method takes all the options as input_html option except :as, :collection, :label_method, :value_method keys. I tried adding :as => :email but no avail. But you could use :type => :email to get type="email" in the rendered html. And according to the source of the method it uses some defaults as well.
So for getting the email field:
<%= simple_form_for #order do |f| %>
<%= f.input_field :email, :type => :email %>
<% end %>
I think its related to your database field... I think you have set the databasefield as string, which hast 255 maximum length in general.. This could be the reason why it adds 255 automatically?
I am trying to restrict some of my user's action with their user account password.
I have a transfer controller, and users can transfer money using the create method in the transfer controller.
I would like to require the password everytime the user click on the transfer button to validate the transfer but I could not find anything related to that on the web.
I want to add a password field to the views and process the transfer only if the password is the user account password.
I am using devise for managing my users account.
How could I do that ?
Thanks,
Form :
<%= form_for current_user.transfers.build do |f| %>
<div class="amount">
<h5>Select an amount</h5>
<div class="amount-btns">
<a class="amount-btn" href="#"><span data-amount="10">10$</span></a>
<a class="amount-btn" href="#"><span data-amount="20">20$</span></a>
<a class="amount-btn" href="#"><span data-amount="30">30$</span></a>
<a class="amount-btn" href="#"><span data-amount="50">50$</span></a>
<%= f.hidden_field :amount, :id => :amount %>
<%#= f.hidden_field :teen_id , :id => :user_id_auto_donation %>
</div>
</div>
<div class="choose-amount">
<div class="choose-amnt" action="#">
<div class="form-row choose-lnk">
<%= f.collection_select :teen_id, current_user.followed_users, :id, :first_name , include_blank: false, :prompt => 'Select a Teen' %>
</div>
<%= hidden_field_tag :no_card if !current_user.customer_id? %>
<%= password_field(:password, :password, :size => 20, :class => 'form_input') %>
<%= f.submit 'Send', :class => "orange-btn", :id => "send_donation"%>
<% end %>
Transfer_Controller :
def create
Rails.logger.debug(params[:password])
Rails.logger.debug(current_user.valid_password?(params[:password]))
if current_user.valid_password?(params[:password])
....
else
redirect_to :back
end
Rails.logger.debug(params[:password]) return the password I entered and the one that is correct.
Rails.logger.debug(current_user.valid_password?(params[:password])) return false but if I relplace the params[:password] with the actual password it return true
Thanks for your help !
I found this link that shows you how to check user credentials,
for your case you will do something like the following (given that you send the password as a parameter named 'password'):
# use the return value to determine if the user inserted the correct password
if(current_user.valid_password?(params[:password]))
# create transfer
else
# tell user password is invalid
end