]> projects.mako.cc - selectricity/blobdiff - app/controllers/site_controller.rb
HTML escape description to prevent code injection onto page
[selectricity] / app / controllers / site_controller.rb
index f6b36a774b141fb4cc0c8ddd07084ed65120f6fb..a33a1fa16707403589ce4caebd0bb36161bb30d9 100644 (file)
@@ -1,23 +1,25 @@
 class SiteController < ApplicationController
-  layout 'hc'
+  layout 'main'
   model :user, :election, :account
 
   def index
-    @quickvotes = QuickVote.find(:all, ["quickvote = 1"]).sort {|a,b| b.enddate <=> a.enddate}[0..1]
+    @quickvotes = QuickVote.find(:all).sort {|a,b| b.enddate <=> a.enddate}[0..1]
     # if the person claims they are logged in
-    if session[:user]
-
+   
+    if logged_in?
       # check to see that we actually have record of them
-      if User.find(:all, ["id = ?", session[:user].id]).length == 1
+      if User.exists?(session[:user])
+        username = User.find(session[:user]).login
         # if we have record of them, grab the list of their elections
         session[:user] = User.find(session[:user])
         @current_elections = session[:user].elections.sort do |a,b|
           b.enddate <=> a.enddate
         end
       else
-        # if we have no record of them, set the session id back to
-       # nothing and start again
+        # if we have no record of them, set the user back to
+             # nothing and start again
         session[:user] = nil
+        
       end
     end
   end

Benjamin Mako Hill || Want to submit a patch?