Problem with params


#1

I’ve got a User model, which holds the following (excerpt):

def try_to_authenticate
User.authenticate(self.username, self.password)
end

private
def self.hash_password(password)
Digest::SHA1.hexdigest(password)
end

def self.authenticate(username, password)
@user = User.find(:all, :conditions => [“username = ? AND
password = ?”,
params[:username],
self.hash_password(params[:password]))

    if @user.blank?
      raise "Incorrect username or password"
    end
    # Return the user object we found
    @user

end

However, when called from my LoginController, like so:

def login
if request.get?
session[:user_id] = nil
@user = User.new
else
@user = User.new(params[:user])
# TODO: wrap this in a rescue block to handle exception
authenticated_user = @user.try_to_authenticate
if authenticated_user
session[:user_id] = authenticated_user.id
redirect_to :action => session[:intended_action], :controller =>
session[:intended_controller]
else
flash[:notice] = ‘Invalid username or password.’
end
end
end

I get an error on the User.find(…) line that there is no such thing as
params[]. I had it working but then I edited/moved the code around, so
can anybody suggest why it now will not search for the user correctly?

Is there a better way to do it?

Cheers.


#2

the class method doesn’t have access to the params array from the
controller.

just use the passed in method argument names ‘username’ and ‘password’


#3

Chris H. wrote:

the class method doesn’t have access to the params array from the
controller.

just use the passed in method argument names ‘username’ and ‘password’

Thanks Chris, this is perfect. I hadn’t realised that params[] was for
the controller, not the method. Time to read up more on scope and such
in Ruby :slight_smile:

David