Ruby on Rails - Checking if Submitted Form Data matches Database data

Question

I have a form in which a user ('member') submits a 4-digit pin, which is then saved to a session variable called :submitted_pin. For some reason, the quick if/else statement isn't working properly, and I am assuming it is a silly mistake on my part, but if your willing to take a look I would really appreciate it!

View

<%= form_for :member_pin, :url => { :action => "verify_pin", :id => member.id } do |f| %>`
  <%= f.label :pin %>
  <%= f.text_field :pin %>
<%= f.submit 'Submit' %>

Controller

Before Filter

before_filter :validate_pin, :only => :show

Action (POST Route)

def verify_pin
  @member = Member.find(params[:id])

  session[:submitted_pin] = params[:member_pin][:pin]
  redirect_to @member
end

Filter

def validate_pin
  @member = Member.find(params[:id])
  @member_pin = @member.pin

  if session[:submitted_pin] == @member_pin
    render @member
  else
    redirect_to '/'
  end
end

And the result of all of this is a redirect to my root_url no matter what, even if the Pin entered does match the pin in the database for that user. Help! Thanks :)

Answer 1

Based on the results of the raise we talked about in the comments, it sounds like there's a class mismatch. The easiest way to fix (and, IMHO, the easiest to read) would be to adjust your validator code as follows:

if session[:submitted_pin].to_i == @member_pin.to_i
  render @member
else
  redirect_to '/'
end

If there's any chance that session[:submitted_pin] would be nil, you can use session[:submitted_pin].try(:to_i); that'll return nil if the variable is not set and prevent an error from getting thrown.