The Classified section is rolling right along. Right now, I need to fix up something with the login & security.
The first issue is that anyone can edit an advertisement – and that anyone can delete any advertisement as well. This is because several functions (destroy, create, etc..) are not password protected. This clearly needs to change. Advertisements need to be associated with a certain user account, and only editable by that user – or by an administrator. I believe the first place I need to turn to is the Salted Hash Login Generator on the Ruby on Rails website.
The second issue is that there needs to be some way to prevent spammed listings. I need to implement some form of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart). I think I have managed to google one over here. Let’s see how it goes. (I only intend to implement the first part today)