I've re-thought the 'word' column of the users table. It seemed to me that it wasn't really necessary for the user to provide a word when we could just generate a random one for security purposes. It's now constructed when a user is created by encrypting the login + the time now + a random number.

Removed the 'word' field from the signup form.

This also cleverly sidesteps the issue of validating whether password == word, which I couldn't figure out how to do ;-). Fixes #212. If you can't find the answer, change the question...



git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@188 a4c988fc-2ded-0310-b66e-134b36920a42

tracks/app/models/user.rb

@@ -26,16 +26,16 @@ protected
     Digest::SHA1.hexdigest("#{SALT}--#{pass}--")
   end
 
-  before_create :crypt_password
+  before_create :crypt_password_and_word
 
-  def crypt_password
+  def crypt_password_and_word
     write_attribute("password", self.class.sha1(password)) if password == @password_confirmation
-    write_attribute("word", self.class.sha1(login + word))
+    write_attribute("word", self.class.sha1(login + Time.now.to_i.to_s + rand.to_s))
   end
-
+  
   validates_length_of :password, :within => 5..40
   validates_length_of :login, :within => 3..80
-  validates_presence_of :password, :login, :word
+  validates_presence_of :password, :login
   validates_uniqueness_of :login, :on => :create
   validates_confirmation_of :password, :on => :create
   

tracks/app/views/login/signup.rhtml

@@ -21,11 +21,7 @@
       <td><%= password_field "user", "password_confirmation", :size => 20 %></td>
     </tr>
     <tr>
-      <td><label for="user_word">Secret word*:</label></td>
-      <td><%= password_field "user", "word", :size => 20 %></td>
-    </tr>
-    <tr>
-      <td>* different to password</td>
+      <td></td>
       <td><input type="submit" value="Signup &#187;" class="primary" /></td>
     </tr>
   </table>