I am developing a small site. The login system works fine and I am using
the sha1 hashing alg to hash passwords. I have an admin side that can
enable or disable users. The problem seems to lie in the disable
(destroy) method. When I disable a user, it updates the password to a
new password so when the user is re-enabled, I get an “invalid
username/password” error and I have to reset the password. I cant see
why it is doing this.
My destroy method is :
def destroy
@user = User.find(params[:id])
if @user.update_attribute(:enabled, false)
flash[:notice] = “User disabled”
else
flash[:error] = “There was a problem disabling this user.”
end
redirect_to :action => ‘show’
end
Anyone any ideas?