redirect_to signup_completed_user_path(@user.activation_code) instead should be something like:
redirect_to signup_completed_user_path(@user.login) If you have the activation_code in plain sight in the URL, a user can enter a fake email address and just manipulate the URL upon registration without checking their email. -bobics --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to communityengine@googlegroups.com To unsubscribe from this group, send email to communityengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/communityengine?hl=en -~----------~----~----~----~------~----~------~--~---
