onjegolders

Possible for someone to change their password while logged-in?

Recommended Posts

Following on from my register template yesterday, I have modified it slightly to act as an "edit profile" template.

It mostly works but I'm having problems with when the password gets updated.

I originally thought this may be as when I'm giving the user a new pass and saving, they would no longer be logged-in as their password would be incorrect. Is that so?

Here is a gist so as to not clutter up the thread! (You see I do listen, Soma ;))

https://gist.github.com/anonymous/0ecf562bb0f3fe923614

Share this post


Link to post
Share on other sites

U have to Logout the user after pass update.

This isnt done by PW.

You could try this at admin interface, change your pass and whoop no logout

Share this post


Link to post
Share on other sites

U have to Logout the user after pass update.

This isnt done by PW.

You could try this at admin interface, change your pass and whoop no logout

Thanks Luis, would it be possible to logout the user then log them back in with new credentials in the same template?

Share this post


Link to post
Share on other sites

don´t know.

try it out, this could be a starting point (not tested, wrote from mind in browser)


$loggeduser = $user->name;
if($input->post->submit)
{
  $pass = $input->post->password;
  $u = $users->get("name=$loggeduser");
  $u->of(false);
  $u->pass = $pass;
  $u->save();
  $u->of(true);
  $session->logout();
  $u = $session->login($loggeduser, $pass);
}

Share this post


Link to post
Share on other sites

don´t know.

try it out, this could be a starting point (not tested, wrote from mind in browser)


$loggeduser = $user->name;
if($input->post->submit)
{
  $pass = $input->post->password;
  $u = $users->get("name=$loggeduser");
  $u->of(false);
  $u->pass = $pass;
  $u->save();
  $u->of(true);
  $session->logout();
  $u = $session->login($loggeduser, $pass);
}

Thanks Luis, this looks interesting, think I'm going to build a smaller form to check if it works, as at the moment, there are too many variables!

Share this post


Link to post
Share on other sites

Have stripped it right back and doesn't seem to be doing it for me, though I must stress it could well be something else going wrong. Maybe Ryan can confirm if it's possible to change pass and log back in with the new one?

Share this post


Link to post
Share on other sites

If I try and edit the password, the page reloads with just the welcome text "Welcome to your profile page username"

Share this post


Link to post
Share on other sites

$onjegolders->post->code

:) I put it in that gist to avoid getting the page messy, but here it is:

<?php

$output = "Pass not filled in";
$pass_updated = "Nope, pass not updated";
$new_pass = "";

$form="<form action='./' id='registration' method='post'>
  									
		<div class='row'>

			<div class='four columns'>

				<label for='username'>Username *</label>
				<p class='help'>Please ensure your username contains no spaces and is ten or less charcters.</p>
				<input type='text' name='username' value='{$sanitizer->username($user->name)}' readonly>
				
				<label for='first_name'>First name</label>
				<input type='text' name='first_name' value='{$sanitizer->text($user->first_name)}'>
				
				<label for='last_name'>Last name</label>
				<input type='text' name='last_name' value='{$sanitizer->text($user->last_name)}'>
				
				<label for='email'>Email address *</label>
				<input type='text' name='email' value='{$sanitizer->email($user->email)}'>

			</div> <!-- /.four columns -->

			<div class='four columns'>
			
				<label for='company_name'>Company name</label>
				<input type='text' name='company_name' value='{$sanitizer->text($user->company_name)}'>

				<label for='company_url'>Company URL</label>
				<input type='text' name='company_url' value='{$sanitizer->url($user->company_url)}'>
				
				<label for='company_phone'>Company phone</label>
				<input type='text' name='company_phone' value='{$sanitizer->text($user->company_phone)}'>				  	

		  	</div> <!-- /.four columns -->

		  	<div class='four columns'>

		  		<label for='pass'>Password *</label>
		  		<p class='help'>Only fill in a password, if you would like to change your current one. Please ensure your password is at least 6 characters long and contains at least one digit and one letter</p>
			  	<input type='password' name='pass'>
	
			  	<label for='pass_confirm'>Confirm password *</label>
			  	<input type='password' name='pass_confirm'>

			  	<input class='button success small' type='submit' name='submit_edit_profile' id='submit'>

		  	</div> <!-- /.four columns -->
		</div> <!-- /.row -->

			

			</form>";

$headings="

<div id='profile' class='row'>
<div class='twelve columns'>
<h3>Welcome to your profile page $user->name.</h3>";

include("./header.inc");
echo $headings;

if ($user->name == "guest") {
	echo "<h5>Please <a href='{$config->urls->root}login'>login</a> to access your profile or <a href='{$config->urls->root}register'>register</a> an account.</h5>";
} // end if user->name == guest

else {


if ($input->post->submit_edit_profile) {

	if (empty($input->post->username) || empty($input->post->email)) {
		$message = "Please fill out all fields marked with a *";
		echo "<h5 class='error'>$message</h5>";
		echo $form;
	} // end if empty fields

	elseif (filter_var($input->post->email, FILTER_VALIDATE_EMAIL) === FALSE) {
		$message = "Please include a valid email address";
		echo "<h5 class='error'>$message</h5>";
		echo $form;
	} // end if invalid email

	elseif ($input->post->pass != "") {

		if (!preg_match("/[0-9]/", $input->post->pass) || strlen($input->post->pass) < 6) {
			$message = "Please ensure your password has at least one digit and is at least 6 characters long";
			echo "<h5 class='error'>$message</h5>";
			echo $form;
			$output .= " Incorrect - not right type!";
			echo $output;
		} // end if password is invalid

		elseif($input->post->pass !== $input->post->pass_confirm) {
			$message = "Please ensure that your passwords match";
			echo "<h5 class='error'>$message</h5>";
			echo $form;
			$output .= " Incorrect - don't match!";
			echo $output;
		} // end if passwords don't match

		else {
			$output = "Password FILLED in and correct!";
			$new_pass = $sanitizer->text($input->post->pass);
		}

	} // end if password is not empty

	else {
						
		$user->of(false);
	 
	    if (isset($input->post->first_name)) { 
	    	$user->first_name = $sanitizer->text($input->post->first_name);
	    }
	    if (isset($input->post->last_name)) { 
	    	$user->last_name = $sanitizer->text($input->post->last_name);
	    }
	    if (isset($input->post->company_name)) { 
	    	$user->company_name = $sanitizer->text($input->post->company_name);
	    }
	    if (isset($input->post->company_url)) { 
	    	$user->company_url = $sanitizer->url($input->post->company_url);
	    }
	    if (isset($input->post->company_phone)) { 
	    	$user->company_phone = $sanitizer->text($input->post->company_phone);
	    }
	    if (isset($input->post->email)) { 
	    	$user->email = $sanitizer->email($input->post->email);
	    }
	    if (isset($new_pass)) { 
	    	$user->pass = $new_pass;
	    	$pass_updated = "Yes updated!";
	    }
	    $user->save();
	    $user->of(true);

	    echo "<h5>Your profile has been updated $user->name.</h5>";
	    echo $output;
	    echo $pass_updated;

	} // end if form has been successfully updated

} // end if form has been submitted 

else {
	$message = "Feel free to make any changes you would like below. Please note that your username cannot be modified.";
	echo "<h5>$message</h5>";
	echo $form;
	echo $output;
} // end if form has not been submitted

} // end show actual page ie: someone is logged in and not guest

?>
		<?php 
			var_dump($output); 
			var_dump($pass_updated); 
			var_dump($new_pass); 
		?>

	</div> <!-- /.twelve columns -->
</div> <!-- /#profile.row -->

<?php include("./footer.inc"); ?>
Window size: x 
Viewport size: x
  • Like 1

Share this post


Link to post
Share on other sites

no solution yet only a quick tip.

if (empty($input->post->username) 

is the same to:

if(!$input->post->username) 

i will dive into your code in my next break.

  • Like 1

Share this post


Link to post
Share on other sites

his form works now on my local machine, andre you got mail with the corrected code. 

for those interested, after his validation he started with else, this point the script didn´t reached when pass was updated.

i just added a $formerror and asked instead of else if $formerror is false. 

  • Like 1

Share this post


Link to post
Share on other sites

Luis, thank you so much.

Thanks for taking time out to help me, it's massively appreciated and I owe you a drink! :)

Share this post


Link to post
Share on other sites

Would you guys be willing to share the final file? That would come very hand right now. Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By anttila
      We are developing an App that sends data over the Internet to ProcessWire (POST/JSON). We want password to be protected somehow when sending it, but I should be able to compare it to PW's passwords. We were thinking of using md5 encryption, but PW uses different encryption.
      How can I be sure that user has active account when they use the App?
    • By Robin S
      Password Generator
      Adds a password generator to InputfieldPassword.

       
      Usage
      Install the Password Generator module.
      Now any InputfieldPassword has a password generation feature. The settings for the generator are taken automatically from the settings* of the password field.
      *Settings not supported by the generator:
      Complexify: but generated passwords should still satisfy complexify settings in the recommended range. Banned words: but the generated passwords are random strings so actual words are unlikely to occur.  
      https://modules.processwire.com/modules/password-generator/
      https://github.com/Toutouwai/PasswordGenerator
    • By AndZyk
      Hello,
      can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted?
      I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0?
      If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily?
      I know this might be an unusual question, but I would appreciate any feedback. 
      Regards, Andreas
    • By Slav
      Hey guys... Ok so I have a problem with a registration form password inputfield... The problem is that InputfieldPassword.js and InputfieldPassword.css are not loaded/fired. Or I dont even know exactly what is happening... Im pretty new to processwire and the website was not created by me so Im trying to figure out what has been done and how processwire works. Anyway this is how the form looks right now:

      ...and as you can see the styling is off (password validation check in particular)... this is what I see when page is loaded (without adding any input)... it looks like js and css files from wire/modules/Inputfield/InputfieldPassword are not firing... I dont know how it is supposed to work exactly so I dont even know where to start.
      Maybe someone has had similar problem and know an easy fix or can navigate me to what could cause this situation in PW.
      Oh by the way this problem occured when upgrading the PW version (current version 3.0.65)... everything else is ok... this is the only problem that has been found after upgrade...
      Appreciate all the help!
      Cheers!
    • By jen
      Yesterday we somehow lost access to all current admin, superuser/passwords to processwire.  We tried using the reset password form and nothing was sent.  We began noticing some of the menu buttons went missing as well as some photos.  Any suggestions how to resolve the login issue?