First, A Happy New Year to you all
Second :

this is my login action form the admin controller:
def login
if request.post?
user = User.authenticate(params[:name], params[:password])
if user
if user.banned_status == “true”
flash.now[:notice] = “We are sorry.You can not log in beause
you have been banned.Contact the admin at [email protected] to solve this
problem”

    elsif user.blocked_status == "true"
      flash.now[:notice] = "We are sorry.You are still

blocked.Contact the admin at [email protected] to solve this problem"
else
session[:user_id] = user.id
redirect_to :action => “index”
end
else
flash.now[:notice] = “Invalid user/password combination #
{user.id}”
end# 2nd if
end# 1st if
end#login

this is my user model for the authenticate method :
def self.authenticate(name, password)
user = User.find(:all, :conditions => [“name = :param”,{:param
=> name}])
if user.size > 0
user.each do |correct_user|
expected_password = User.encrypted_password(password,
correct_user.salt)
if correct_user.hashed_password == expected_password
idx = user.index(correct_user)

               return user[idx]
            end
        end#do
        user = nil
    else
      user = nil
    end#1st if
end#def

======
and the login view :

        <div>
            <label for="password">Password:</label>
            <%= password_field_tag :password, params[:password] %>
        </div>

        <div>
            <%= submit_tag "Login", :name => nil %>
        <div>
    </fieldset>
<% end %>

So the thing is that in my db i have two users with the same name, but
no twith the same password.
id = 2
name = radu
surname = puspana
hashed_password = 6b2711b337ae9b5c8a5932e60955f25dc42bcec1

         id = 4
       name = radu
    surname = gica

hashed_password = caf5488d972483c5b064a1afbe30b4370391ab73

The problem is that when i try to login with the first name, radu and
the password admin, it works fine, but if i try to login in with the
second name(id =4) radu andthe pass gica1, it return the nil value
back to the controller, so user in the controller will be nil, showing
the message “Invalid username/password” although the name and pass are
correct…

what the heck???

a billion thx in advance,
radu

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jan 3, 4:37 pm, radu puspana [email protected] wrote:

user.each do |correct_user|
expected_password = User.encrypted_password(password, correct_user.salt)
if correct_user.hashed_password == expected_password
idx = user.index(correct_user)
return user[idx]
end
end

This is somewhat unwieldy - why the busines with index when you could
just return correct_user ? Even better, use a method like detect - the
code above is equivalent to
user.detect {|current_user| current_user == User.encrypt(password,
current_user)}
You’ll also find your code reads more easily if variables that contain
collections are pluralised (ie users = User.find :all rather than user
= User.find( :all))

This shouldn’t change the result of the code however. Seems to me that
the data in your table might just be bad (or you’re typing in the
wrong password) - What is the value of User.encrypted_password
( ‘gica1’, User.find(4).salt) ?

Having users with the same name is really rather weird - every website
I can think of requires usernames to be unique

Fred

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

problem solved!!! thx to me

On Jan 3, 6:37 pm, radu puspana [email protected] wrote:

you have been banned.Contact the admin at [email protected] to solve this
flash.now[:notice] = "Invalid user/password combination #
user.each do |correct_user|
user = nil

<% end %>
name = radu
what the heck???

a billion thx in advance,
radu

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jan 4, 4:10 pm, radu puspana [email protected] wrote:

and this line : user.detect {|current_user| current_user ==
User.encrypt(password,current_user)}, shouldn’t be something like
user.detect {|current_user| current_user == User.encrypt
(password,current_user.salt)}

that’s right.
This means: iterate over the user collection, passing each element
into the block as current_user. return the first element for which the
condition in the block returns true.

You’ll also find your code reads more easily if variables that contain
collections are pluralised (ie users = User.find :all rather than user
= User.find( :all))

thx so much for this tip too, it doesn’t have to do anything with the
line user.detect {|current_user| current_user == User.encrypt
(password, current_user)} right?

no. just a stylistic thing

Fred

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jan 3, 6:50 pm, Frederick C. [email protected]
wrote:

This is somewhat unwieldy - why the busines with index when you could
just return correct_user ? Even better, use a method like detect - the
code above is equivalent to
user.detect {|current_user| current_user == User.encrypt(password,
current_user)}

the manbo jumbo with idx was that it was the only method which worked.
as you suggested, i was putting in the wrong password, and the method
did the correct this, it returned user=nil.
The name problem, was another bad thing to do, I thought about it and
it made no sense at all.Mistakenly i forgot that name was in fact the
username, and i thought that two users can have the same name and
surname, logically, but not the same username.I will create another
column with this name,username, and leave the name column alone.
Thx so much for the alternate version of my code, but i don’t
understand anything, as i said, i’m a noob, been working with rails
about 3 months, and studied a nit of Ruby, about 3 chapters, about
classes, objects and stuff.maybe you could translate it a bit for me,
if you have the time, i will much appreciate it.

and this line : user.detect {|current_user| current_user ==
User.encrypt(password,current_user)}, shouldn’t be something like
user.detect {|current_user| current_user == User.encrypt
(password,current_user.salt)}

You’ll also find your code reads more easily if variables that contain
collections are pluralised (ie users = User.find :all rather than user
= User.find( :all))

thx so much for this tip too, it doesn’t have to do anything with the
line user.detect {|current_user| current_user == User.encrypt
(password, current_user)} right?

This shouldn’t change the result of the code however. Seems to me that
the data in your table might just be bad (or you’re typing in the
wrong password) - What is the value of User.encrypted_password
( ‘gica1’, User.find(4).salt) ?

Having users with the same name is really rather weird - every website
I can think of requires usernames to be unique

Fred

thx so much for all your help,
have a Happy New Year ok? ,
sincerely,
radu

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jan 4, 6:22 pm, Frederick C. [email protected]
wrote:

condition in the block returns true.
Sry for bothering you agan but shouldn’t it be :
user.detect {|current_user| current_user.hashed_password ==
User.encrypt(password,current_user.salt)} reather than user.detect {|
current_user| current_user== User.encrypt
(password,current_user.salt)} ??.
== means a condition if i recall correctly.
because the string that comes out of User.encrypt
(password,current_user.salt)} should be compared with something in the
current_user, namely hashed_password, not the object refered by the
variable current_user, right?

You’ll also find your code reads more easily if variables that contain
collections are pluralised (ie users = User.find :all rather than user
= User.find( :all))

thx so much for this tip too, it doesn’t have to do anything with the
line user.detect {|current_user| current_user == User.encrypt
(password, current_user)} right?

no. just a stylistic thing
thx again for the trick:)
Fred

much much appreciate it Fred,
regards,
radu

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jan 4, 4:53 pm, radu puspana [email protected] wrote:

(password,current_user.salt)} should be compared with something in the
current_user, namely hashed_password, not the object refered by the
variable current_user, right?

correct.

Fred

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Problem solved!

Hi again Fred,

I tried user.detect {|current_user| current_user.hashed_password
==User.encrypt(password,current_user.salt)} and it worked like a
charm.

thx a million yet again for ALL your help,
radu

On Jan 4, 7:34 pm, Frederick C. [email protected]
wrote:

== means a condition if i recall correctly.
because the string that comes out of User.encrypt
(password,current_user.salt)} should be compared with something in the
current_user, namely hashed_password, not the object refered by the
variable current_user, right?

correct.

Fred

–

You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.