I've got a User model, which holds the following (excerpt): def try_to_authenticate User.authenticate(self.username, self.password) end .. private def self.hash_password(password) Digest::SHA1.hexdigest(password) end def self.authenticate(username, password) @user = User.find(:all, :conditions => ["username = ? AND password = ?", params[:username], self.hash_password(params[:password])) if @user.blank? raise "Incorrect username or password" end # Return the user object we found @user end However, when called from my LoginController, like so: def login if request.get? session[:user_id] = nil @user = User.new else @user = User.new(params[:user]) # TODO: wrap this in a rescue block to handle exception authenticated_user = @user.try_to_authenticate if authenticated_user session[:user_id] = authenticated_user.id redirect_to :action => session[:intended_action], :controller => session[:intended_controller] else flash[:notice] = 'Invalid username or password.' end end end I get an error on the User.find(..) line that there is no such thing as params. I had it working but then I edited/moved the code around, so can anybody suggest why it now will not search for the user correctly? Is there a better way to do it? Cheers.
on 2006-03-14 01:33
on 2006-03-14 03:10
the class method doesn't have access to the params array from the controller. just use the passed in method argument names 'username' and 'password'
on 2006-03-14 23:48
Chris H. wrote: > the class method doesn't have access to the params array from the > controller. > > just use the passed in method argument names 'username' and 'password' Thanks Chris, this is perfect. I hadn't realised that params was for the controller, not the method. Time to read up more on scope and such in Ruby :) David