Problem with params

I’ve got a User model, which holds the following (excerpt):

def try_to_authenticate
User.authenticate(self.username, self.password)
end

private
def self.hash_password(password)
Digest::SHA1.hexdigest(password)
end

def self.authenticate(username, password)
@user = User.find(:all, :conditions => [“username = ? AND
password = ?”,
params[:username],
self.hash_password(params[:password]))

    if @user.blank?
      raise "Incorrect username or password"
    end
    # Return the user object we found
    @user

end

However, when called from my LoginController, like so:

def login
if request.get?
session[:user_id] = nil
@user = User.new
else
@user = User.new(params[:user])
# TODO: wrap this in a rescue block to handle exception
authenticated_user = @user.try_to_authenticate
if authenticated_user
session[:user_id] = authenticated_user.id
redirect_to :action => session[:intended_action], :controller =>
session[:intended_controller]
else
flash[:notice] = ‘Invalid username or password.’
end
end
end

I get an error on the User.find(…) line that there is no such thing as
params[]. I had it working but then I edited/moved the code around, so
can anybody suggest why it now will not search for the user correctly?

Is there a better way to do it?

Cheers.

the class method doesn’t have access to the params array from the
controller.

just use the passed in method argument names ‘username’ and ‘password’

Chris H. wrote:

the class method doesn’t have access to the params array from the
controller.

just use the passed in method argument names ‘username’ and ‘password’

Thanks Chris, this is perfect. I hadn’t realised that params[] was for
the controller, not the method. Time to read up more on scope and such
in Ruby :slight_smile:

David

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs