I’ve got a User model, which holds the following (excerpt):
def try_to_authenticate
User.authenticate(self.username, self.password)
end
…
private
def self.hash_password(password)
Digest::SHA1.hexdigest(password)
end
def self.authenticate(username, password)
@user = User.find(:all, :conditions => [“username = ? AND
password = ?”,
params[:username],
self.hash_password(params[:password]))
if @user.blank?
raise "Incorrect username or password"
end
# Return the user object we found
@user
end
However, when called from my LoginController, like so:
def login
if request.get?
session[:user_id] = nil
@user = User.new
else
@user = User.new(params[:user])
# TODO: wrap this in a rescue block to handle exception
authenticated_user = @user.try_to_authenticate
if authenticated_user
session[:user_id] = authenticated_user.id
redirect_to :action => session[:intended_action], :controller =>
session[:intended_controller]
else
flash[:notice] = ‘Invalid username or password.’
end
end
end
I get an error on the User.find(…) line that there is no such thing as
params[]. I had it working but then I edited/moved the code around, so
can anybody suggest why it now will not search for the user correctly?
Is there a better way to do it?
Cheers.