Jump to content

how can i change my password in the frontend?


Marcel Epp
 Share

Recommended Posts

  • 10 months later...

uhhh a little bit old but still a problem for me.....

i have created a form for the password. The form has a password field and a password confirm field.

<form method="post" action="./" class="form-horizontal mgt-30px">
                <div class="form-group">
                    <label for="txtNewPassword" class="col-sm-4 control-label">Neues Passwort:</label>
                    <div class="col-sm-8">
                        <input type="password" class="form-control" id="txtNewPassword" onChange="checkPasswordRegEx();" placeholder="hier bitte das neue Passwort eintragen" required>
                        <div class="registrationFormAlert" id="divCheckRegEx"></div>
                    </div>
                </div>
                <div class="form-group">
                    <label for="txtConfirmPassword" class="col-sm-4 control-label">Passwort widerholen:</label>
                    <div class="col-sm-8">
                        <input type="password" class="form-control" id="txtConfirmPassword" onChange="checkPasswordMatch();" placeholder="hier bitte das Passwort wiederholen" required>
                    </div>
                </div>
                <div class="form-group">
                    <div class="col-sm-offset-4 col-sm-8">
                        <div class="registrationFormAlert" id="divCheckPasswordMatch"></div>
                        <button id="password_submit" type="submit" class="btn btn-primary pull-right">Absenden</button>
                    </div>
                </div>
            </form>

It's made with bootsrap syntax. For testing i created a form submit

<?php if (isset($_POST["submit"])) {

                $user = wire('users')->get('user');
                $user->setOutputFormatting(false);
                $user->set('pass', 'Vah3eg');
                $user->save('pass');

                echo "Passwort wurde geändert!";
            }
?>

What i'm doing wrong? :(

When i submit the form nothings happens. The startpage is loading.

Link to comment
Share on other sites

What happens if you simply remove this line:

$user = wire('users')->get('user');

That is setting $user to a user named "user". If you are wanting to change the password for a user that is not the currently logged in one, then don't overwrite the PW $user var, instead use $u or something else.

  • Like 1
Link to comment
Share on other sites

Hi Adrian,

thanks for your reply! Removing this line brings nothing. But i got it to work! I reviewed my login frontend template and build it like this:

First the php part:

<?php 
// txtConfirmPassword is the name of the field in my form!
if($input->post->txtConfirmPassword) {

    $user->setOutputFormatting(false);
    $user->set('pass', $input->post->txtConfirmPassword);
    $user->save('pass');
  
// after login redirect user to another page  
    if($session->login($user)) {
        // login successful
        $session->redirect("/"); 
    }
}
?>

And then i changed my form. I gave the second field a name tag:

<form method="post" action="./" class="form-horizontal mgt-30px">
                <?php if($input->post->user) echo "<h2 class='error'>Passwort Änderung fehlgeschlagen!</h2>"; ?>
                <div class="form-group">
                    <label for="txtNewPassword" class="col-sm-4 control-label">Neues Passwort:</label>
                    <div class="col-sm-8">
                        <input type="password" class="form-control" id="txtNewPassword" name="txtNewPassword" onChange="checkPasswordRegEx();" placeholder="hier bitte das neue Passwort eintragen" required>
                        <div class="registrationFormAlert" id="divCheckRegEx"></div>
                    </div>
                </div>
                <div class="form-group">
                    <label for="txtConfirmPassword" class="col-sm-4 control-label">Passwort widerholen:</label>
                    <div class="col-sm-8">
                        <input type="password" class="form-control" id="txtConfirmPassword" name="txtConfirmPassword" onChange="checkPasswordMatch();" placeholder="hier bitte das Passwort wiederholen" required>
                    </div>
                </div>
                <div class="form-group">
                    <div class="col-sm-offset-4 col-sm-8">
                        <div class="registrationFormAlert" id="divCheckPasswordMatch"></div>
                        <button id="password_submit" type="submit" class="btn btn-primary pull-right">Absenden</button>
                    </div>
                </div>
            </form>

^-^

Link to comment
Share on other sites

Why would do that? This code doesn't make sense. User is already logged in and $session->login() requires a user and password. So your code always returns "NULL" thus does not a redirect.

// after login redirect user to another page  
    if($session->login($user)) {
        // login successful
        $session->redirect("/"); 
    }

I also would expect a success message after saving. Also a validation of password length and requirement would be needed. With this code I could have a passwort like "abc".

Such code examples are dangerous...

  • Like 1
Link to comment
Share on other sites

The redirect is not the best idea. For Validation i use some Javascript. And yes it is crappy Javascript..... still learning.

// überprüft die Passworteingabe im ersten Feld
function checkPasswordRegEx() {
    var password = $("#txtNewPassword").val();
    var regex = /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])[0-9a-zA-Z]{6,}$/;

    if ( password === '' || password.match(regex) ){
        $("#divCheckRegEx").removeClass(" alert-danger").addClass(" alert-success").html("Das Passwort erfüllt die Anforderungen!"); 
    }
    else
        $("#divCheckRegEx").addClass(" mgt-15px alert alert-danger").html("Das Passwort erfüllt nicht die Anforderungen!"); 
}

$(document).ready(function () {
   $("#txtNewPassword").keyup(checkPasswordRegEx);
});

// versteckt die Meldung wenn leer
$("#txtNewPassword").keyup(function(){
    if($(this).val()) {
        $("#divCheckRegEx").show();
    } else {
        $("#divCheckRegEx").hide();
    }

});

// prüft ob das zweite Feld mit dem ersten übereinstimmt
function checkPasswordMatch() {
    var password = $("#txtNewPassword").val();
    var confirmPassword = $("#txtConfirmPassword").val();

    if (password != confirmPassword)
        $("#divCheckPasswordMatch").addClass(" alert alert-danger").html("Das Passwort stimmt nicht überein!");

    else
        $("#divCheckPasswordMatch").removeClass(" alert-danger").addClass(" alert alert-success").html("Das Passwort stimmt überein.");
}

$(document).ready(function () {
   $("#txtConfirmPassword").keyup(checkPasswordMatch);
});

// versteckt die Meldung wenn leer
$("#txtConfirmPassword").keyup(function(){
    if($(this).val()) {
        $("#divCheckPasswordMatch").show();
    } else {
        $("#divCheckPasswordMatch").hide();
    }

});

 

Link to comment
Share on other sites

Hello Adrian,

thanks for the information. Then i must fix this. I removed the redirect as mentioned by Soma. I now get a nice feedback after i change the password.

<?php 
// txtConfirmPassword is the name of the field in my form!
if($input->post->txtConfirmPassword) {

    $user->setOutputFormatting(false);
    $user->set('pass', $input->post->txtConfirmPassword);
    $user->save('pass');

    echo "<div class='alert alert-success' role='alert'>Sucsess! You have a new password.</div>";
}
?>

 

Link to comment
Share on other sites

If you're not to experienced I'd really suggest you to take a look at the nette/forms library. It has lot's of the security traps already covered and you can configure validation rules once and they'll happend in php as well as in js (if you include it's js file). The values coming out of the library are already sanitized and will conform to your rules and you can concentrate on implementing the hard stuff. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...