intended to remove some of the weirdness when updating a users account. A blank password basically ends up causing the previously existing password to be hashed twice. Probably move to has_secure_password at some point although that may end up screwing up the intent of the particular tutorial item

app/controllers/users_controller.rb

@@ -33,9 +33,12 @@ class UsersController < ApplicationController
     
     user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
     user.skip_user_id_assign = true
+    user.skip_hash_password = true
     user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
-    pass = params[:user][:password]
-    user.password = pass if !(pass.blank?)
+    if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
+      user.skip_hash_password = false
+      user.password = params[:user][:password]
+    end 
     message = true if user.save!
     respond_to do |format|
       format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) }

app/models/user.rb

@@ -1,15 +1,16 @@
 class User < ActiveRecord::Base
-  attr_accessible :email, :password, :admin, :password_confirmation, :first_name, :last_name
-  validates_confirmation_of :password, :password_confirmation, :on => :create
+  attr_accessible :email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation
   validates :password, :presence => true,
                        :confirmation => true,
                        :length => {:within => 6..40},
-                       :on => :create#,
+                       :on => :create,
+                       :if => :password#,
                        #:format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/}
   validates_presence_of :email
   validates_uniqueness_of :email
   validates_format_of :email, :with => /.+@.+\..+/i
   attr_accessor :skip_user_id_assign
+  attr_accessor :skip_hash_password
   before_save :assign_user_id, :on => :create
   before_save :hash_password
   has_one :retirement, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
@@ -18,6 +19,7 @@ class User < ActiveRecord::Base
   has_many :performance, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
 
 
+
   def build_benefits_data
     build_retirement(POPULATE_RETIREMENTS.shuffle.first)
     build_paid_time_off(POPULATE_PAID_TIME_OFF.shuffle.first).schedule.build(POPULATE_SCHEDULE.shuffle.first)
@@ -44,7 +46,7 @@ class User < ActiveRecord::Base
           raise "#{email} doesn't exist!"
        end
        return auth
-  end  
+  end 
     
   def assign_user_id
      unless @skip_user_id_assign.present? || self.user_id.present?
@@ -55,8 +57,10 @@ class User < ActiveRecord::Base
   end
   
   def hash_password
-    if self.password.present?
-      self.password = Digest::MD5.hexdigest(password)
+    unless @skip_hash_password == true
+      if password.present?
+        self.password = Digest::MD5.hexdigest(password)
+      end
     end
   end