## user controller def edit_profile @user = session[:user] if request.post? @user.update_attributes(:first_name=>params[:user][:first_name]) if params[:user][:first_name] != @user.first_name @user.update_attributes(:last_name=>params[:user][:last_name]) if params[:user][:last_name] != @user.last_name @user.update_attributes(:email=>params[:user][:email]) if params[:user][:email] != @user.email if (!params[:user][:password].empty?) flash[:notice] = "Password must not have been empty" @user.update_attributes(:password=>params[:user][:password]) @user.update_attributes(:password_confirmation => params[:user][:password_confirmation]) end if @user.save flash[:notice] = "Profile has been saved" session[:user] = @user end end end ## user view <%= error_messages_for 'user' %>
<% form_tag :action=> 'edit_profile', :id => @user do %> First Name:
<%= text_field "user", "first_name", :size => 20 %>
Last Name:
<%= text_field "user", "last_name", :size => 20 %>
Email:
<%= text_field "user", "email", :size => 20 %>
New password:
<%= password_field "user", "password", :size => 20, :value=>"" %>
Confirm new password:
<%= password_field "user", "password_confirmation", :size => 20, :value=>"" %>
<%= submit_tag "Save Profile" %> <% end %> <% end %> ## model attr_protected :id, :salt attr_accessor :password, :password_confirmation validates_length_of :login, :within => 3..40 validates_length_of :password, :within => 4..40 validates_presence_of :login validates_presence_of :email validates_presence_of :first_name validates_presence_of :last_name validates_presence_of :password validates_presence_of :password_confirmation validates_presence_of :salt validates_uniqueness_of :login validates_uniqueness_of :email validates_confirmation_of :password validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :message => "Invalid email" ## my question It should allow the password to be blank :( why isn't it working. Instead it's using validation to tell me that the password isn't allowed to be blank.