#189930 by silkcom

## user controller

def edit_profile
  @user = session[:user]
    if request.post?
      @user.update_attributes(:first_name=>params[:user][:first_name]) if params[:user][:first_name] != @user.first_name  
      @user.update_attributes(:last_name=>params[:user][:last_name]) if params[:user][:last_name] != @user.last_name  
      @user.update_attributes(:email=>params[:user][:email]) if params[:user][:email] != @user.email  
      if (!params[:user][:password].empty?)  
        flash[:notice] = "Password must not have been empty"
  			@user.update_attributes(:password=>params[:user][:password])
        @user.update_attributes(:password_confirmation => params[:user][:password_confirmation])
      end
			if @user.save
				flash[:notice] = "Profile has been saved"
        session[:user] = @user
			end
		end
  end

## user view
	<%= error_messages_for 'user' %><br />
	<% form_tag :action=> 'edit_profile', :id => @user do %>
		<label for="user_first_name">First Name:</label><br /> 
		<%= text_field "user", "first_name", :size => 20 %><br />
		<label for="user_last_name">Last Name:</label><br /> 
		<%= text_field "user", "last_name", :size => 20 %><br />
		<label for="user_email">Email:</label><br /> 
		<%= text_field "user", "email", :size => 20 %><br />
		<label for="user_password">New password:</label><br />
		<%= password_field "user", "password", :size => 20, :value=>"" %><br />
		<label for="user_password_confirmation">Confirm new password:</label><br />
		<%= password_field "user", "password_confirmation", :size => 20, :value=>"" %><br />
		<%= submit_tag "Save Profile" %>
	<% end %>
<% end %>

## model
	attr_protected :id, :salt
	attr_accessor :password, :password_confirmation
	
	validates_length_of 		:login, 	:within => 3..40
	validates_length_of 		:password, 	:within => 4..40
	validates_presence_of 	:login
	validates_presence_of		:email
	validates_presence_of		:first_name
        validates_presence_of   :last_name
	validates_presence_of		:password
	validates_presence_of		:password_confirmation
	validates_presence_of		:salt
	validates_uniqueness_of 	:login
	validates_uniqueness_of		:email
	validates_confirmation_of 	:password
	validates_format_of 		:email, 	:with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :message => "Invalid email"  


## my question
It should allow the password to be blank :( why isn't it working.  Instead it's using validation to tell me that the password isn't allowed to be blank.