From e1a1d7b12871d625fbeb8859535bc3ab21af425b Mon Sep 17 00:00:00 2001
From: bsag <bsag@a4c988fc-2ded-0310-b66e-134b36920a42>
Date: Sat, 18 Feb 2006 18:37:56 +0000
Subject: [PATCH] I've re-thought the 'word' column of the users table. It
 seemed to me that it wasn't really necessary for the user to provide a word
 when we could just generate a random one for security purposes. It's now
 constructed when a user is created by encrypting the login + the time now + a
 random number.

Removed the 'word' field from the signup form.

This also cleverly sidesteps the issue of validating whether password == word, which I couldn't figure out how to do ;-). Fixes #212. If you can't find the answer, change the question...



git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@188 a4c988fc-2ded-0310-b66e-134b36920a42
---
 tracks/app/models/user.rb           | 10 +++++-----
 tracks/app/views/login/signup.rhtml |  6 +-----
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/tracks/app/models/user.rb b/tracks/app/models/user.rb
index 8db596e0..a3d2a6d9 100644
--- a/tracks/app/models/user.rb
+++ b/tracks/app/models/user.rb
@@ -26,16 +26,16 @@ protected
     Digest::SHA1.hexdigest("#{SALT}--#{pass}--")
   end
 
-  before_create :crypt_password
+  before_create :crypt_password_and_word
 
-  def crypt_password
+  def crypt_password_and_word
     write_attribute("password", self.class.sha1(password)) if password == @password_confirmation
-    write_attribute("word", self.class.sha1(login + word))
+    write_attribute("word", self.class.sha1(login + Time.now.to_i.to_s + rand.to_s))
   end
-
+  
   validates_length_of :password, :within => 5..40
   validates_length_of :login, :within => 3..80
-  validates_presence_of :password, :login, :word
+  validates_presence_of :password, :login
   validates_uniqueness_of :login, :on => :create
   validates_confirmation_of :password, :on => :create
   
diff --git a/tracks/app/views/login/signup.rhtml b/tracks/app/views/login/signup.rhtml
index f91c1dfc..bfabc017 100644
--- a/tracks/app/views/login/signup.rhtml
+++ b/tracks/app/views/login/signup.rhtml
@@ -21,11 +21,7 @@
       <td><%= password_field "user", "password_confirmation", :size => 20 %></td>
     </tr>
     <tr>
-      <td><label for="user_word">Secret word*:</label></td>
-      <td><%= password_field "user", "word", :size => 20 %></td>
-    </tr>
-    <tr>
-      <td>* different to password</td>
+      <td></td>
       <td><input type="submit" value="Signup &#187;" class="primary" /></td>
     </tr>
   </table>