Are you saying that after the update_attribute the password field is also changed? If so do you have some sort of filter that might be running and changing it? Possibly you could put debugger traps at each point you change the password and check it is not getting there. Also have a look in the log to see what sql is being executed and if there are any unexpected write queries. Colin
2009/4/26 Stephen Fagan <rails-mailing-l...@andreas-s.net> > > I am developing a small site. The login system works fine and I am using > the sha1 hashing alg to hash passwords. I have an admin side that can > enable or disable users. The problem seems to lie in the disable > (destroy) method. When I disable a user, it updates the password to a > new password so when the user is re-enabled, I get an "invalid > username/password" error and I have to reset the password. I cant see > why it is doing this. > > My destroy method is : > > def destroy > @user = User.find(params[:id]) > if @user.update_attribute(:enabled, false) > flash[:notice] = "User disabled" > else > flash[:error] = "There was a problem disabling this user." > end > redirect_to :action => 'show' > end > > Anyone any ideas? > -- > Posted via http://www.ruby-forum.com/. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
