Jump to content

how to compare a password for changing password ?

Recommended Posts

I'm going to build a form for front-end user password changing.

There should be three input fields

current password

new password

confirm new password

I knew that, password stored in database is hashed.

How could I compare the input current password with the password stored in database ?

Share this post

Link to post
Share on other sites

Just like you're comparing it for the login: hash the "current password" and compare it with the database entry. But pw does have you covered:

  • Like 6

Share this post

Link to post
Share on other sites

Honestly, the pw's api doc is pretty out-dated.

There many stuffs didn't said in api doc. For instance, $users variable

Share this post

Link to post
Share on other sites


Firstly it takes alot of effort in terms of time bandwidth to document it all next to the documentation that is already provided in the source code. Then it is difficult to have the documentation that is not in the code to be in sync with the 'changing' documentation. Then keep in mind that most 'advanced' users will look in the source code to find 'documentation' or figure out what is going on right there anyway without searching decoupled documentation. Documentation should be written by 'advanced' users, on the other hand, those users are likely to use the source code to lookup methods and stuff, so they are not the 'real users' of that decoupled documentation. Then there is the NOT fun part of documenting. In a lively environment as ProcessWire, new methods are added other methods become deprecated. It's hard to keep track of all those. 

I think we all wish documentation stays in sync and is complete. On the other-hand, when looking in the source code of ProcessWire you will recognise the effort Ryan takes to document and comment. I have to say, that the documentation in the code base is good and keeps getting better over time.

  • Like 5

Share this post

Link to post
Share on other sites

I am trying to do the same thing as adrianmak - had you figured out how to do this?

Do you need the 'current password' field? I think 'new password' and 'confirm new pass' should be enough if the user has access to this form. Or am I missing something?

You can use $user->pass->matches($inputPass) to check the input, but, to be clear, there is no PW function or similar that adds the same 'change password' thing that is in the admin profile edit?

Password is the same as any other input field? You can save a password from a form input simply with this?


$user->pass = $sanitizer->text($input->post->pass);


And then PW takes care of the hash stuff? The hash stuff is confusing... Or are there specific password checks or processes to take care of?


I see there is an InputfieldPassword.module, probably part of the forms API that I still can't wrap my head around. I guess you should use that somehow?

Adding this, as a quick test, produces a server error:



$field = $modules->get("InputfieldPassword");
$field->label = "Set new Password";
$field->required = 1;




Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Lewis Newson
      Hi All,
      Im working on streamlining my email sending setup for SMTP. I have a page where the user of the website can input the SMTP host, port, connection type email and password etc but the password field has an additional box underneath it for 'Confirming' it as if it were a new password. The placeholder text also says 'New Password' but I want to be able to change that. I just need an input field where they can enter their SMTP password without it being plain text.
      Thanks for your help!
    • By Tyssen
      I have a client who is reporting that in the last couple of days they can no longer login to their site with their normal browser (Chrome). Using another browser or an incognito window works.
      I've tried logging into the site using the same login details in my usual browser (Firefox) and have had no problems.
      The site is a membership site and today other members are reporting the same problem.
      The site is running 3.0.148 and has the session handler DB and login throttle modules installed. It was recently upgraded to 3.x from 2.x. But no changes have been made to the site between the time when they were able to login OK and when the problem started happening.
    • By anttila
      We are developing an App that sends data over the Internet to ProcessWire (POST/JSON). We want password to be protected somehow when sending it, but I should be able to compare it to PW's passwords. We were thinking of using md5 encryption, but PW uses different encryption.
      How can I be sure that user has active account when they use the App?
    • By Robin S
      Password Generator
      Adds a password generator to InputfieldPassword.

      Install the Password Generator module.
      Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field.
      *Settings not supported by the generator:
      Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur.  
    • By AndZyk
      can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted?
      I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0?
      If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily?
      I know this might be an unusual question, but I would appreciate any feedback. 
      Regards, Andreas
  • Create New...