Forum for discussing general topics related to Couch.
3 posts Page 1 of 1
I searched and this appears to be an untouch issue.
2017-09-01-010736.png
2017-09-01-010736.png (32.18 KiB) Viewed 381 times

This html form is being converted to CouchCMS, so it comes to do the 'old password' check.
Should I employ some php to do it? Like following form auth.php
Code: Select all
$check = $this->hasher->CheckPassword( $pwd, $user->password );

Or maybe it's best to completely ditch the old password field? I feel like it's okay to confirm that logged in user is indeed the one who wishes to establish a new password.
active topics, google
Free support is never free.. Donate!
There is nothing natively available in Couch at the moment that would do this check.
However, as you mentioned, it should be fairly straightforward for you to code a new 'filter' for it (don't forget to share it :) )

As for whether or not you should have this check, that is entirely the client's call.
I suppose they are trying to cover the case where the legitimate user walks away from her desktop while being logged-in and someone walking by changes the password in the mean while. Certainly not impossible but not sure about how probable.
Thanks, I figured this out with the help of some old sample by @tim.

Once databound form is submitted, following piece will set a variable if match was successful.
Code: Select all
...
<cms:if k_success >

    <cms:php>
    global $AUTH, $CTX;

    // get current user object
    $user = $AUTH->user;
    if( $user->id == -1 ){  die;  } // User not logged-in. Can happen only if login check not placed in template

    $check = $AUTH->hasher->CheckPassword( '<cms:show frm_old_password />', $user->password );

    if( $check ){
        $CTX->set( 'pass_match', '1' );
    }
    </cms:php>

    <cms:if pass_match >
    <!-- User validated ok. Proceed to update password -->
    ....


Complete couchified bootstrap form (coded after the screenshot) with validations for both email and password is attached. :)

Attachments

active topics, google
Free support is never free.. Donate!
3 posts Page 1 of 1

Who is online

In total there are 4 users online :: 0 registered, 0 hidden and 4 guests
(based on users active over the past 5 minutes)

Users browsing this forum: No registered users and 4 guests