Jump to content

Modify and save current user page

olafgleba

By olafgleba,
in API & Templates

 Share

Recommended Posts

olafgleba Sr. Member

olafgleba

Posted
Posted (edited)

Hi,

Info:
I have a secured section on a website. Users with a certain user role has access to this section through a frontend login form.

Summary:
When i modify and try to save the current user (e.g. the user is logged in) by API, the `pass` field won't get populated with the new value. Instead the field `pass` is cleared, so the user page is set to `unpublished` on save. 

// Rough abstract...

// Info: var `u` represents a instance of the current user 

$u->of(false);
$u->pass = 'valid-example-password'; // DOES NOT get saved, instead the `pass` field gets cleared
$u->save();
$u->of(true);

As this was proven before my last PW update 3.0.210 > 3.0.221  some weeks ago, i wonder if this behavior relates to the update (?)

If so (which would make sense to me for several reasons), the question is: How can i provide those users the ability to change their passwords within the frontend secured section while they are logged in?

Re-login doesn't work (Error: Failed login for 'xxx' - Login not allowed) either. 

// log in with new credentials
$u = $session->login($u->name, $pass);

What do i miss here? ;-). Many thanks for your thoughts!

Olaf

 

Edited by olafgleba
Link to comment
Share on other sites
olafgleba Sr. Member

olafgleba

Posted
  • Author
Posted

Solution:
It is necessary to perform a $session->logout() before changing the pass of the current login user. After that, log in again.

Btw: The `$u->force_passwd_change` section is only relevant for developers which uses the Force Password Change Module by @adrian.
  

// Rough abstract...

// get current (loggedin) user
$u = $users->getCurrentUser();

// Important: logout current user BEFORE populating new pass
$session->logout();

$u->of(false);
$u->pass = 'valid-example-password';

// Probably because we end the session above, this checkbox
// is not unchecked automatically. As at this point it
// always should get unchecked anyway, we do it by hand, 
// regardless the actual status. It does no harm...
$u->force_passwd_change = 0;

$u->save();
$u->of(true);
    
try {

  // log in with new credentials
  $u = $session->login($u->name, $pass);

  if ($u) {
    $session->redirect($config->urls->root."path/to/url/");
  }

} catch(WireException $e) {
  echo $e->getMessage();
}

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...