Forum for discussing general topics related to Couch.
3 posts Page 1 of 1
I searched and this appears to be an untouch issue.
2017-09-01-010736.png
2017-09-01-010736.png (32.18 KiB) Viewed 339 times

This html form is being converted to CouchCMS, so it comes to do the 'old password' check.
Should I employ some php to do it? Like following form auth.php
Code: Select all
$check = $this->hasher->CheckPassword( $pwd, $user->password );

Or maybe it's best to completely ditch the old password field? I feel like it's okay to confirm that logged in user is indeed the one who wishes to establish a new password.
There is nothing natively available in Couch at the moment that would do this check.
However, as you mentioned, it should be fairly straightforward for you to code a new 'filter' for it (don't forget to share it :) )

As for whether or not you should have this check, that is entirely the client's call.
I suppose they are trying to cover the case where the legitimate user walks away from her desktop while being logged-in and someone walking by changes the password in the mean while. Certainly not impossible but not sure about how probable.
Thanks, I figured this out with the help of some old sample by @tim.

Once databound form is submitted, following piece will set a variable if match was successful.
Code: Select all
...
<cms:if k_success >

    <cms:php>
    global $AUTH, $CTX;

    // get current user object
    $user = $AUTH->user;
    if( $user->id == -1 ){  die;  } // User not logged-in. Can happen only if login check not placed in template

    $check = $AUTH->hasher->CheckPassword( '<cms:show frm_old_password />', $user->password );

    if( $check ){
        $CTX->set( 'pass_match', '1' );
    }
    </cms:php>

    <cms:if pass_match >
    <!-- User validated ok. Proceed to update password -->
    ....


Complete couchified bootstrap form (coded after the screenshot) with validations for both email and password is attached. :)

Attachments

3 posts Page 1 of 1

Who is online

In total there are 4 users online :: 1 registered, 0 hidden and 3 guests
(based on users active over the past 5 minutes)

Users browsing this forum: Google [Bot] and 3 guests