1

我的用户.rb

class User

include Mongoid::Document
  include Mongoid::MultiParameterAttributes
  include Mongoid::Timestamps

  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable

  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable

  ## Database authenticatable
  field :name,               :type => String, :default => ""
  field :gender
  field :mobnum,             :type => String, :default => ""

  field :area,              :type => String, :default => ""
  field :state,             :type => String, :default => ""
  field :ngo,             :type => String, :default => ""

  field :username,           :type => String, :default => ""
  field :email,              :type => String, :default => ""
  field :encrypted_password, :type => String, :default => ""

  # State fields

  ## Recoverable
  field :reset_password_token,   :type => String
  field :reset_password_sent_at, :type => Time

  ## Rememberable
  field :remember_created_at, :type => Time

  ## Trackable
  field :sign_in_count,      :type => Integer, :default => 0
  field :current_sign_in_at, :type => Time
  field :last_sign_in_at,    :type => Time
  field :current_sign_in_ip, :type => String
  field :last_sign_in_ip,    :type => String
  ## Confirmable
  # field :confirmation_token,   :type => String
  # field :confirmed_at,         :type => Time
  # field :confirmation_sent_at, :type => Time
  # field :unconfirmed_email,    :type => String # Only if using reconfirmable

  ## Lockable
  # field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts
  # field :unlock_token,    :type => String # Only if unlock strategy is :email or :both
  # field :locked_at,       :type => Time

  ## Token authenticatable
  # field :authentication_token, :type => String
  attr_accessible :name, :gender, :area, :state,:ngo,:mobnum, :username , :email ,:password ,:password_confirmation

  validates_presence_of :username
  validates_uniqueness_of :username

end  

我有一个ManagedbController,其中包含我的家庭和个人记录的搜索表单。搜索动作
是这样 的。(我知道,这不是搜索的rails方式。我只是在修复别人的网站):

def search
            if request.post?
                    if params[:dosearch1] 
                            searchHash = Hash.new
                            if params[:onoff1] && params[:onoff1]["famid"]&& params[:search][:famid]
                                    searchHash[:famid] = params[:search][:famid]

                                    fam  = Family.where(searchHash).first
                                    if fam 
                                        @r1 = fam.persons.paginate(:page => params[:page], :per_page => 50)
                                    else
                                        @r1 = Array.new
                                    end
                                    render :search
                                    return
                            else

                                    if params[:onoff1]
                                            params[:onoff1].each do |key,val|
                                                    searchHash[key] = params[:search][key]
                                            end
                                    end
                                    @r1 = Person.where(searchHash).paginate(:page => params[:page], :per_page => 50)
                                    render :search 
                                    return

                            end     


                    end
            else
                    render :search 
                    return
            end
    end  

我也在before_filter :authenticate_user!**managedb 控制器中处于领先地位

搜索表单的来源是这样的:

<form method="post">    
    <fieldset><br>
       <input type="hidden" name="dosearch1" value="1">
         <input type="checkbox" name ="onoff1[famid]"><b><big> Family ID : </big></b><input type="text" name="search[famid]"><br>
         <input type="checkbox" name ="onoff1[name]"><b><big> Full name: </big></b><input type="text" name="search[name]"><br>
         <input type="checkbox" name ="onoff1[mobnum]"><b><big> Member mobile number: </big></b><input type="text" name="search[mobnum]"><br>
                        <br>
         <input type="submit" value ="Search" class="btn btn-success">
         <input type="button" value = "Back" onclick="javascript:window.location.href='/managedb'" class="btn btn-inverse">
    </fieldset>
</form>  

现在,当我单击搜索表单的提交按钮时,设备将我注销并重定向到sign_in页面

为什么会这样?帮助!!

路线.rb

root to: "home#index"

devise_for :users

  match '/home', to: "home#home"
  match '/features', to: "home#features"
  match '/contact', to: "home#contact"
  match '/howtouse', to: "home#howtouse"

  match '/map', to: "managedb#map"
  match '/search', to: "managedb#search"

  match ':controller(/:action)'
4

2 回答 2

1

从. protect_from_forgery_Application Controller

或者,如果您只想对某些操作禁用它,请执行以下操作:

protect_from_forgery :except => [:action1,:action2]

这里action1action2可以是任何的Controller,因为所有其他控制器都是Application Controller.

于 2013-09-25T14:43:46.240 回答
0

您生成的表单没有,crsf因此无法验证此请求,并且您已注销。

请查看您的表单生成代码。我猜你直接使用了原始 HTML。如果使用 Rails 助手,crsf 代码将自动生成。

于 2013-09-25T14:40:25.023 回答