Rails - Jun 2006 - Problem with User Login from Agile Web Development

I am trying to use an expanded version of the User Login from the Agile 
Web Development with Rails book.  It takes the user name and password 
but then says "Invalid user/password combination".  Looking at the log
everything seems to be fine until it sends the query to MySQL.  The 
query shows that the name is '''' instead of the name that was
passed to
the self.login method.
I checked the code multiple times and even downloaded the files as the 
book had an error in another part of the model but can''t find the 
problem.

The code in the model is:
 def self.login(user_name, password)
    hashed_password = hash_password(password || "")
    find(:first,
	 :conditions => ["user_name = ? and hashed_password = ?",
		 	  user_name, hashed_password])
    end

  # Log in if the name and password (after hashing) match the database,
  # or if the name matches an entry in the database with no password
  def try_to_login
    User.login(self.user_name, self.password)
  end

-- 
Posted via http://www.ruby-forum.com/.

And what''s in the form itself?

On 6/16/06, Michael Ryder <mwryder@worldnet.att.net>
wrote:
> I am trying to use an expanded version of the User Login from the Agile
> Web Development with Rails book.  It takes the user name and password
> but then says "Invalid user/password combination".  Looking at
the log
> everything seems to be fine until it sends the query to MySQL.  The
> query shows that the name is '''' instead of the name that
was passed to
> the self.login method.
> I checked the code multiple times and even downloaded the files as the
> book had an error in another part of the model but can''t find the
> problem.
>
> The code in the model is:
>  def self.login(user_name, password)
>     hashed_password = hash_password(password || "")
>     find(:first,
>          :conditions => ["user_name = ? and hashed_password =
?",
>                           user_name, hashed_password])
>     end
>
>   # Log in if the name and password (after hashing) match the database,
>   # or if the name matches an entry in the database with no password
>   def try_to_login
>     User.login(self.user_name, self.password)
>   end
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

-- 
--------------
Jon Gretar Borgthorsson
http://www.jongretar.net/

J?n Borg??rsson wrote:
> And what''s in the form itself?
> 
Do you mean what data is associated with the user_name and password 
variables?  user_name is set to the administrator login and the password 
is their password.
The following shows the log for a failed entry (names changed):

Processing LoginController#login (for 127.0.0.1 at 2006-06-15 17:09:52) 
[POST]
  Session ID: 816d38c26019ace486b560254478323c
  Parameters:
{"user"=>{"user_name"=>"admin1",
"password"=>"Admin1pw"},
"action"=>"login",
"controller"=>"login"}
  [4;36;1mUser Columns (0.000000)   [0;1mSHOW FIELDS FROM 
users
  [4;35;1mUser Load (0.000000)   SELECT * FROM users WHERE 
(user_name = '''' and hashed_password = 
''da39a3ee5e6b4b0d3255bfef95601890afd80709'') LIMIT 1
Rendering  within layouts/admin
Rendering login/login
Completed in 0.01500 (66 reqs/sec) | Rendering: 0.00000 (0%) | DB: 
0.00000 (0%) | 200 OK [http://localhost/login/login]

-- 
Posted via http://www.ruby-forum.com/.