Craig:
I’ve used that code in three separate applications… I know it works.
I’ve made some minor changes to this code which I will send to you so
you can try it out.
Assuming your table is:
ActiveRecord::Schema.define() do
create_table “users”, :force => true do |t|
t.column “username”, :string, :limit => 100, :default => “”, :null
=> false
t.column “hashed_password”, :string, :default => “”, :null => false
end
end
Or something along those lines, then the Agile book’s code should work
just fine.
You are correct: You should not have a password field in your
database. The “password” is only used to hold the clear-text password
until it is hashed. (self.hashed_password =
User.hash_password(self.password))
–user.rb ----
require “digest/sha1”
class User < ActiveRecord::Base
attr_accessor :password
validates_uniqueness_of :username
validates_presence_of :username
def validate_on_create
if self.password == “” or self.password.nil?
errors.add_to_base(“Password field must not be left blank!”)
end
end
hash the password for storage in the DB
def before_create
self.hashed_password = User.hash_password(self.password)
end
hash the password before updating but only if the password field is
actually
filled in. This helps to prevent changing the password accidentally
on an update.
def before_update()
unless self.password.nil?
self.password = User.hash_password(self.password)
end
end
def after_create
self.password = nil
end
This exists so that you can easily create a “user” by
simply passing the form params to this object and “try to login”
on that object. It’s just to reduce code.
def try_to_login
User.login(self.username, self.password)
end
private
def self.hash_password(password)
Digest::SHA1.hexdigest(password)
end
Receives a username and password
def self.login(username, password)
hashed_password = hash_password(password || “”)
find(:first,
:conditions => [“username = ? and hashed_password = ?”,
username, hashed_password])
end
End
—/user.rb--------
I hope this helps you get moving a bit more.
-Brian