# File app/controllers/authorize_controller.rb, line 119
  def change_password
    if session[:user_id]
      if request.post?
        @user = User.find(session[:user_id])      
        if params[:user][:password] == params[:user][:password_confirmation]
          @user.password = params[:user][:password]
          @user.flag = nil
          @user.save
          flash[:notice] = "Password change successful."
          redirect_to :controller => 'metarep', :action => 'browser'
        else
          flash[:notice] = "Password does not match the confirmation." 
        end
      end
    else
      flash[:notice] = "Please log in."
      redirect_to :action => 'login'
    end
  end