require 'digest/sha2' class User < ActiveRecord::Base has_and_belongs_to_many :locations has_many :comments def password=(pass) salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp self.password_salt, self.password_hash = salt, Digest::SHA256.hexdigest(pass + salt) end def self.authenticate(email, password) user = User.find(:first, :conditions => ['email = ?', email]) if user.blank? || Digest::SHA256.hexdigest(password + user.password_salt) != user.password_hash raise "Username or password invalid" end user end end