0

我正在处理具有以下字段的密码重置表单

<==Username==>
<==Current Password==>
<==New Password==>
<==Confirm Password==>

查看代码

  <div class="row"><?php 
    echo $form->labelEx($model,'username'); 
    echo $form->textField($model,'username',array('size'=>45,'maxlength'=>150)); 
    echo $form->error($model,'username'); ?>
  </div>    

  <div class="row"><?php         
    echo $form->labelEx($model,'Current password');
    $model->password="";
    echo $form->textField($model,'password',array('size'=>45,'maxlength'=>150)); 
    echo $form->error($model,'password'); ?>
  </div>

  <div class="row"><?php   
    echo $form->labelEx($model,'New password');
    $model->password="";
    echo $form->passwordField($model,'password',array('size'=>45,'maxlength'=>150)); 
    echo $form->error($model,'password'); ?>
  </div>

   <div class="row">  
   <?php echo $form->label($model,'password_repeat'); ?>    
   <?php echo $form->passwordField($model,'password_repeat',array('size'=>45,'maxlength'=>150)); ?>    
   <?php echo $form->error($model,'password_repeat'); ?> 
   </div>

   <div class="row buttons"><?php 
    echo CHtml::submitButton('Reset Your Password');
    ?></div><?php

控制器代码

    public function actionUpdate($id)
{
    $model = $this->loadModel($id);

// set the parameters for the bizRule
$params = array('GroupzSupport'=>$model);
// now check the bizrule for this user
if (!Yii::app()->user->checkAccess('updateSelf', $params) &&
    !Yii::app()->user->checkAccess('admin'))
{
    throw new CHttpException(403, 'You are not authorized to perform this action');
}
  else
{

   if(isset($_POST['GroupzSupport']))
    {                        
        $model->attributes=$_POST['GroupzSupport'];
                    $model->password = $model->hashPassword($_POST['GroupzSupport']['password']);
        if($model->save())
            $this->redirect(array('admin','id'=>$model->id));
    }

    $this->render('update',array(
        'model'=>$model,
    ));
}
}

我有以下密码字段需要更新到数据库中。我需要为新密码字段使用密码变量。现在,我需要将当前密码覆盖为新密码并保存。我怎样才能做到这一点。

4

1 回答 1

0

我认为这不是重置密码的正确方法。由于“当前密码”和“新密码”使用相同的 $password 字段,因此当表单发布时,您只能访问“新密码”,因为它将覆盖“当前密码”。因此,您将无法验证用户的当前密码是否有效。所以最好的方法是在你的模型文件夹中使用以下代码创建一个名为“ChangePassword.php”的单独模型,

更改密码.php

/**
 * Password change class.
 */
class ChangePassword extends CFormModel
{
    public $password;
    public $new_password;
    public $password_repeat;
    public $username;

    public function rules(){
        return array(
            array('username, password, new_password, password_repeat', 'required'), // Required fields
            array('password_repeat','compare','compareAttribute'=>'password', 'message'=> 'Passwords don\'t match!'), // Validator to check if the new password and password repeat match.
            array('password', 'isValid'), // Custom validator to check if the current password is valid.
        );
    }

    public function isValid($attribute, $params){
        if(!$this->hasErrors()){
            if($user = Users::model()->findByAttributes(array('username'=>$this->username))){ // Fetch the user model using username.
                if($user->password !== Yii::app()->utils->hash($this->old_password)){ // Check if the current password is valid
                    $this->addError('password', 'Current Password is invalid!');
                }
            }
            else
                $this->addError('username', 'User does not exist!');
        }
    }

    public function attributeLabels()
    {
        return array(
            'username'=>'Username',
            'password'=>'Current password',
            'new_password' => 'New password',
            'password_repeat' => 'Confirm password'
        );
    }
}

将您的控制器代码修改为,

public function actionUpdate($id)
{
    $model = new ChangePassword;

    // set the parameters for the bizRule
    $params = array('GroupzSupport'=>$model);
    // now check the bizrule for this user
    if (!Yii::app()->user->checkAccess('updateSelf', $params) && !Yii::app()->user->checkAccess('admin'))
    {
        throw new CHttpException(403, 'You are not authorized to perform this action');
    }
    else
    {
       if(isset($_POST['ChangePassword']))
       {                        
            $model->attributes=$_POST['ChangePassword'];               
            if($model->validate()){ // If all the information entered were correct
                $user = Users::model()->findByAttributes(array('username'=>$model->username));
                $user->password = hashPasswordFunction($model->password); // Call the function to hash your password which in most of the cases will be md5($model->password)
                $user->save();
            }
        $this->render('update',array(
            'model'=>$model,
        ));
    }
}

现在您的视图文件将更改为,

<div class="row"><?php 
    echo $form->labelEx($model,'username'); 
    echo $form->textField($model,'username',array('size'=>45,'maxlength'=>150)); 
    echo $form->error($model,'username'); ?>
</div>
<div class="row"><?php         
    echo $form->labelEx($model,'Current password');
    echo $form->textField($model,'password',array('size'=>45,'maxlength'=>150)); 
    echo $form->error($model,'password'); ?>
</div>
<div class="row"><?php   
    echo $form->labelEx($model,'New password');
    echo $form->passwordField($model,'new_password',array('size'=>45,'maxlength'=>150)); 
    echo $form->error($model,'new_password'); ?>
</div>
<div class="row">  
    <?php echo $form->label($model,'password_repeat'); ?>    
    <?php echo $form->passwordField($model,'password_repeat',array('size'=>45,'maxlength'=>150)); ?>    
    <?php echo $form->error($model,'password_repeat'); ?> 
</div>
<div class="row buttons"><?php 
    echo CHtml::submitButton('Reset Your Password');
?></div>
于 2013-09-21T10:09:47.567 回答