StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>I don't think this is the correct way to do the password reset. Since the same $password field is used for "Current Password" and "New Password", when the form is posted you'll only have access to "New Password" as it will override the "Current Password". Hence you'll not be able to verify if the user's current password is valid. So the best way forward is to create a separate model called "ChangePassword.php" in your models folder with the following code,</p> <p>ChangePassword.php</p> <p> <pre><code>/** * Password change class. */ class ChangePassword extends CFormModel { public $password; public $new_password; public $password_repeat; public $username; public function rules(){ return array( array('username, password, new_password, password_repeat', 'required'), // Required fields array('password_repeat','compare','compareAttribute'=>'password', 'message'=> 'Passwords don\'t match!'), // Validator to check if the new password and password repeat match. array('password', 'isValid'), // Custom validator to check if the current password is valid. ); } public function isValid($attribute, $params){ if(!$this->hasErrors()){ if($user = Users::model()->findByAttributes(array('username'=>$this->username))){ // Fetch the user model using username. if($user->password !== Yii::app()->utils->hash($this->old_password)){ // Check if the current password is valid $this->addError('password', 'Current Password is invalid!'); } } else $this->addError('username', 'User does not exist!'); } } public function attributeLabels() { return array( 'username'=>'Username', 'password'=>'Current password', 'new_password' => 'New password', 'password_repeat' => 'Confirm password' ); } } </code></pre> <p>Modify your controller code as,</p> <pre><code>public function actionUpdate($id) { $model = new ChangePassword; // set the parameters for the bizRule $params = array('GroupzSupport'=>$model); // now check the bizrule for this user if (!Yii::app()->user->checkAccess('updateSelf', $params) && !Yii::app()->user->checkAccess('admin')) { throw new CHttpException(403, 'You are not authorized to perform this action'); } else { if(isset($_POST['ChangePassword'])) { $model->attributes=$_POST['ChangePassword']; if($model->validate()){ // If all the information entered were correct $user = Users::model()->findByAttributes(array('username'=>$model->username)); $user->password = hashPasswordFunction($model->password); // Call the function to hash your password which in most of the cases will be md5($model->password) $user->save(); } $this->render('update',array( 'model'=>$model, )); } } </code></pre> <p>Now your view file will change to,</p> <pre><code><div class="row"><?php echo $form->labelEx($model,'username'); echo $form->textField($model,'username',array('size'=>45,'maxlength'=>150)); echo $form->error($model,'username'); ?> </div> <div class="row"><?php echo $form->labelEx($model,'Current password'); echo $form->textField($model,'password',array('size'=>45,'maxlength'=>150)); echo $form->error($model,'password'); ?> </div> <div class="row"><?php echo $form->labelEx($model,'New password'); echo $form->passwordField($model,'new_password',array('size'=>45,'maxlength'=>150)); echo $form->error($model,'new_password'); ?> </div> <div class="row"> <?php echo $form->label($model,'password_repeat'); ?> <?php echo $form->passwordField($model,'password_repeat',array('size'=>45,'maxlength'=>150)); ?> <?php echo $form->error($model,'password_repeat'); ?> </div> <div class="row buttons"><?php echo CHtml::submitButton('Reset Your Password'); ?></div> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload