class User < ActiveRecord::Base
	attr_accessible :password, :password_confirmation
	attr_accessor :password, :password_confirmation
	
	validates_length_of :password, :minimum => 4, :if => Proc.new{ |user| !user.password.blank? }
	validates_confirmation_of :password, :if => Proc.new{ |user| !user.password.blank? }
	
	validates_presence_of :password, :on => :create
	validates_presence_of :password_confirmation, :if => Proc.new{ |user| !user.password.blank? }
	
	before_save :generate_password_hash, :if => Proc.new{ |user| !user.password.blank? }
	
	protected
	
	def generate_password_hash
		# salt is the digest of the time and email, mixed up randomly
		self.salt = Digest::SHA1.hexdigest("#{Time.now.to_s}#{email}".split(//).sort_by {rand}.join)
		
		self.hashed_password = encrypt(@password, self.salt)
		
		# clear password and confirmation
		@password = @password_confirmation = nil
	end
	
	def encrypt(salt, password)
		Digest::SHA1.hexdigest(salt + password)
	end
end