Validate password for users that are logged in via frontend

steenweg · April 26, 2023, 10:11pm

In a project with frontend user login, I need the possibility for logged-in users to change their password. For security reasons, they should enter their current password and then the desired new password with repetition. Some years ago I implemented something like that with Kirby 2:

// get the old/existing password from form input
$old_pw = get('oldPW');
// get the new password
$new_pw = get('newPW');
// get the new password confirmation
$new_pw_confirm = get('newPWconfirm');
// get old/existing password from site
$hash = $site->user()->current()->data()['password'];
// check if old password is correct and if new password fits
if ((password::match($old_pw, $hash)) AND ($new_pw == $new_pw_confirm))
// do something...

In Kirby 3 I get the hash of the current password with

$site->user()->password()

But how do I change the last query (password::match) so that it works under Kirby 3? auth->login() doesn’t seem to be the appropriate method.

steenweg · April 27, 2023, 11:20am

Does no one have any idea? I almost can’t imagine that I am the first one to have this problem. I’ve been searching the forum all morning and trying things out.

TIA, every hint helps!

rasteiner · April 27, 2023, 11:22am

You could use $kirby->user()->validatePassword($old_pw) instead. No need to manually retrieve the old password.

See

steenweg · April 27, 2023, 11:26am

Thank you so much! Obviously I was so caught up in the old thinking pattern that I completely overlooked this obvious solution.

texnixe · April 27, 2023, 11:26am

Note that you have to use $kirby->user(), not $site->user()in Kirby 3!

steenweg · April 27, 2023, 11:28am

Sure, thank you Sonja! Fixed that already in other places of the old code.