user.rb in radiant-0.6.7

- old
+ new

@@ -23,22 +23,20 @@
   validates_length_of :login, :within => 3..40, :allow_nil => true, :too_long => '%d-character limit', :too_short => '%d-character minimum'
   validates_length_of :password, :within => 5..40, :allow_nil => true, :too_long => '%d-character limit', :too_short => '%d-character minimum', :if => :validate_length_of_password?
   validates_length_of :email, :maximum => 255, :allow_nil => true, :message => '%d-character limit'
   
   validates_numericality_of :id, :only_integer => true, :allow_nil => true, :message => 'must be a number'
-  
-  cattr_accessor :salt
-  @@salt = 'sweet harmonious biscuits' # historic value
-  
+    
   attr_writer :confirm_password
   
-  def self.sha1(phrase)
-    Digest::SHA1.hexdigest("--#{@@salt}--#{phrase}--")
+  def sha1(phrase)
+    Digest::SHA1.hexdigest("--#{salt}--#{phrase}--")
   end
   
   def self.authenticate(login, password)
-    find_by_login_and_password(login, sha1(password))
+    user = find_by_login(login)
+    user if user && user.password == user.sha1(password)
   end
   
   def after_initialize
     @confirm_password = true
   end
@@ -53,10 +51,11 @@
       new_record? or not password.to_s.empty?
     end
   
     before_create :encrypt_password
     def encrypt_password
-      self.password = self.class.sha1(password)
+      self.salt = Digest::SHA1.hexdigest("--#{Time.now}--#{login}--sweet harmonious biscuits--")
+      self.password = sha1(password)
     end
   
     before_update :encrypt_password_unless_empty_or_unchanged
     def encrypt_password_unless_empty_or_unchanged
       user = self.class.find(self.id)