Validate current password on password change

Posted on 20/05/2010 09:29:56

We have created a page where the customer can change the password. It's a copy of the UserManagementEditForm, with only the username field, old password, new password en repeat new password.

It works fine to change the password, but there is no validation on the old password. If the old password is incorrect, it completes the action and it looks like the password is changed.

Is there any way or workaround to check if the password filled in is correct to the current password of the customer. So when the customer fills in a incorrect password it wil notify that is incorrect?

Grz
Martijn

Replies

Nicolai Høeg Pedersen

Posted on 20/05/2010 09:35:58

Well - the user is already logged in, and there is no need to check the old password...? User would not be able to login without the password.

But - you could hook up to the Dynamicweb.Modules.UserManagement.UserSaved notification using a notification subscriber.

This notification does not raise until the user has been saved, but there you would be able to check if the old password did match, and change the new password back if it does not...

Hope it makes sense?

Anders Ebdrup

Posted on 03/05/2013 09:24:49

I do not agree that the user does not need to enter the old password, as the user may not have logged out and that's why you always should check the old password.

--That’s just my two cents :-)

Nicolai Høeg Pedersen

Posted on 06/05/2013 15:36:48

Thanks. Will take a look Again at this.

You must be logged in to post in the forum

Developer forum

Validate current password on password change

Replies