adrianmak

how to compare a password for changing password ?

6 posts in this topic

I'm going to build a form for front-end user password changing.

There should be three input fields

current password

new password

confirm new password

I knew that, password stored in database is hashed.

How could I compare the input current password with the password stored in database ?

Share this post


Link to post
Share on other sites

Just like you're comparing it for the login: hash the "current password" and compare it with the database entry. But pw does have you covered:

$user->pass->matches($inputPass);
6 people like this

Share this post


Link to post
Share on other sites

Honestly, the pw's api doc is pretty out-dated.

There many stuffs didn't said in api doc. For instance, $users variable

Share this post


Link to post
Share on other sites

@adrianmak

Firstly it takes alot of effort in terms of time bandwidth to document it all next to the documentation that is already provided in the source code. Then it is difficult to have the documentation that is not in the code to be in sync with the 'changing' documentation. Then keep in mind that most 'advanced' users will look in the source code to find 'documentation' or figure out what is going on right there anyway without searching decoupled documentation. Documentation should be written by 'advanced' users, on the other hand, those users are likely to use the source code to lookup methods and stuff, so they are not the 'real users' of that decoupled documentation. Then there is the NOT fun part of documenting. In a lively environment as ProcessWire, new methods are added other methods become deprecated. It's hard to keep track of all those. 

I think we all wish documentation stays in sync and is complete. On the other-hand, when looking in the source code of ProcessWire you will recognise the effort Ryan takes to document and comment. I have to say, that the documentation in the code base is good and keeps getting better over time.

5 people like this

Share this post


Link to post
Share on other sites

I am trying to do the same thing as adrianmak - had you figured out how to do this?

Do you need the 'current password' field? I think 'new password' and 'confirm new pass' should be enough if the user has access to this form. Or am I missing something?

You can use $user->pass->matches($inputPass) to check the input, but, to be clear, there is no PW function or similar that adds the same 'change password' thing that is in the admin profile edit?

Password is the same as any other input field? You can save a password from a form input simply with this?

...

$user->pass = $sanitizer->text($input->post->pass);

$user->save();

And then PW takes care of the hash stuff? The hash stuff is confusing... Or are there specific password checks or processes to take care of?

Edit:

I see there is an InputfieldPassword.module, probably part of the forms API that I still can't wrap my head around. I guess you should use that somehow?

Adding this, as a quick test, produces a server error:

Spoiler

<?php 

$field = $modules->get("InputfieldPassword");
$field->label = "Set new Password";
$field->attr("id+name","pass");
$field->required = 1;
$form->append($field);

?>

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By didhavn
      Hey all.
      I just came across a potential error in the FieldtypePassword.
      I have a password field added to some templates to protect the pages. However, whenever I want to save a page, I get the error of "required fiield missing"...that the password field is required and missing. But, the field is not set to required.
      Can anybody confirm that and/or has a solution?
      Best, Lukas

    • By Doc
      Hello,
      Newbie question here.
      I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races.
      I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science.
      So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up.
      I'm retrieving user/pass from the sign-up form which has been posted before but :
      if($session->login($user, $pass)) {
          // login successful
          $session->redirect(elsewhere);
      }
      else
          echo "failed";
      ... fails everytime.
      Do I have to use something like :
      $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)
      I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ?
      ... Or I can add all information I need into PW but I'd like to understand where it is stored.
      Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ?
      Thanks
       
       
    • By mrjasongorman
      If anyone can help with this that would be great.
      The password reset link is localhost? but i'm viewing the site from it's live url.
      Thanks, Jason
    • By gebeer
      Hello,
      I am trying to get the cleartext password in a hook on saveReady in an autoload module. But I get the already hashed value of the password:
      Session: pass: L1/CERxHKqXJCJkogk89O48b4bMnsqW
      What I have
          protected $templates = ["user", "server"]; public function init() { $this->pages->addHookAfter('saveReady', $this, 'hookSaveReady'); } public function hookSaveReady(HookEvent $event) { $page = $event->arguments[0]; if($page->isNew) return; if(!in_array($page->template, $this->templates)) return; if($page instanceof User) $this->collectUserData($page); } public function collectUserData($page) { foreach ($page->fields as $field) { /*if( $page->isChanged($field) ) */$this->message($field->name . ": " . $page->$field); } } I guess I am hooking too late in the process but have no idea where to place the hook instead.
      EDIT: same with addHookBefore
    • By totoff
      Hi Forum,

      I need to secure some downloads with a simple login form. As login tasks are new to me I try to adapt the code from this forum post for my purposes. This is where I am so far:

      A page with input field type "password" (name "password").

      This code:
      <?php password protected areaif ($page->password) { $pass = $page->password; if ($input->post->pass != $pass) { echo "$page->body" . file_get_contents("./_login-form.inc"); // not logged in? get input form } else { foreach ($page->downloads as $file) { echo "<h2>Sie sind eingeloggt</h2>"; echo "<ul>" . "<li class='plain'><i class='fa fa-download'></i><a href='$file->url';?> $file->description</a></li>" . "</ul>"; } // foreach } // $input->post} //$page->password?> And for _login-form.inc
      <form method="post" action="./" accept-charset="UTF-8"> <input type="password" id="pass" name="pass" placeholder="" /> <button type="submit" name="submit" class="btn btn-success btn-block">Login</button></form> Unfortunately the conditional always returns false even if the correct password has been entered into the form. This is the first time I'm using fieldtype password, thus I don't know how to check for the correct password entered (I understand the value is stored encrypted but that's all I know).

      Any help is much appreciated.

      Thanks!