On 10/18/05, Nick Brutyn
<brutyn_nick-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org>
wrote:> hey, i have a problem with the user accounts, when i change the firstname
> and lastname and address, the accountpass changes also, but it shouldnt,
> even when i dont put it in the code.
>
> i put the pass in a variabele to make sure and put it back again in the
> database, but even then the pass is changed, the pass is hashed btw but i
> dont think that should be a problem.
>
> this is my code
>
> @user = User.find(@session[:user].id)
> @pass = @user.password
> @user.update_attribute(:last_name,
@params[:user][:last_name] )
> @user.update_attribute(:first_name,
@params[:user][:first_name] )
> @user.update_attribute(:email, @params[:user][:email] )
> @user.update_attribute(:password, @pass )
>
> this is my table
>
> id
> first_name
> last_name
> email
> login
> password
> firm_id
> primary_contact
> created_at
> updated_at
The password being hashed IS a problem.
@pass = @user.password
That will get you the password hash (assuming you hash the password
before creating the user record). So essentially, you''re hashing it
again... Stop that.
add attr_protected to password in your model:
class User < AR::Base
attr_protected :password
...
end
@user = User.find(session[:user].id)
@user.update_attributes(params[:user])
Since you''re storing the user in the session, why not just do:
session[:user].update_attributes(params[:user])
--
rick
http://techno-weenie.net