X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/a187c759b7d96be951e1667080c6e24e2288f166..8c8d55736f31d91454385990b690d26afafbf6f5:/app/models/user.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index 7b57b8710..92d47d5ff 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,6 +13,7 @@ class User < ActiveRecord::Base
   validates_length_of :pass_crypt, :minimum => 8
   validates_length_of :display_name, :minimum => 3, :allow_nil => true
   validates_format_of :email, :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i
+  validates_format_of :display_name, :with => /^[^\/;.,?]*$/
 
   before_save :encrypt_password
 
@@ -23,11 +24,11 @@ class User < ActiveRecord::Base
   end
 
   def encrypt_password
-    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) if pass_crypt_confirmation
+    self.pass_crypt = Digest::MD5.hexdigest(pass_crypt) unless pass_crypt_confirmation.nil?
   end
 
-  def self.authenticate(email, passwd)
-    find(:first, :conditions => [ "email = ? AND pass_crypt = ? AND active = true", email, Digest::MD5.hexdigest(passwd)])
+  def self.authenticate(email, passwd, active = true)
+    find(:first, :conditions => [ "email = ? AND pass_crypt = ? AND active = ?", email, Digest::MD5.hexdigest(passwd), active])
   end 
 
   def self.authenticate_token(token)