Updating select attributes on a profile page

Thanks ahead of time for everyone who will help out with this.

I have a profile page for a blog engine I’m writing (because everyone
much write a blog engine at some point to learn stuff) and I want to
allow members the ability to update their passwords. What I’m having a
problem with right now is using the edit page for their profile to
update their email and name (which is already populated from the
database), which works, but also use it to update the password (which
does not … because it updates the password to blank every time).

The situation is this: I am both salting and hashing the password, and
using the attr_accessor to grab the password they input on the
registration page. However, now when they update their profile, the
blank password field generates a new hash and salt and leaves the
password blank. Not ideal.

I’m wondering how I might be able to selectively update the password
if a new password is supplied … but leave it alone if a password is
not supplied.

Any help is greatly appreciated!

I did a really kludgy fix last night using attr_protected, and I like
certain aspects of your idea as well. If I find some time tonight I’ll
probably take a look at the code again to try and work out a more
“beautiful” option for myself. :slight_smile:

Thanks for your help!

I use some code like this:

attr_accessor :new_password

validates_presence_of :new_password, :on => :create
validates_length_of :new_password, :minimum => 6, :allow_nil =>
true, :allow_blank => true, :unless => :new_password.blank?
validates_confirmation_of :new_password

before_save :set_encrypted_password

def set_encrypted_password
write_attribute(:password, Client.encrypt_password(@new_password))
unless @new_password.nil? || @new_password.blank?

def self.encrypt_password(password)

def self.authenticate(email, password)
find_by_email_and_password_and_active(email, encrypt_password
(password), true)