What is wrong with this code? Even I enter a correct password still it returns "Old password is incorrect".
I also tried $hash = Yii::$app->getSecurity->generatePasswordHash($current_password_textbox);
function actionUpdate_password() {
$current_password_textbox = filter_input(INPUT_POST, 'current_password');
$new_password = filter_input(INPUT_POST, 'new_password');
$current_account = \app\models\Users::findOne(yii::$app->user->identity->id);
$current_hash__from_db = $current_account->password_hash;
$hash = Yii::$app->getSecurity->generatePasswordHash($current_password_textbox);
//$hash = Yii::$app->security()->generatePasswordHash($current_password);
if (Yii::$app->getSecurity()->validatePassword($current_hash__from_db, $hash)) {
echo " all good, proceed to changing password";
} else {
echo "Old password is incorrect";
}
}
You shouldn't generate a hash from the input password. You only pass it to validatePassword() function. For example:
$password = 'testpass';
$hash = Yii::$app->getSecurity()->generatePasswordHash($password);
if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
echo 'correct password';
} else {
echo 'incorrect password'
}
In your case logic might look like:
$current_password_textbox = filter_input(INPUT_POST, 'current_password');
$current_account = \app\models\Users::findOne(yii::$app->user->identity->id);
if (!is_null($currenct_account) && Yii::$app->getSecurity()->validatePassword($current_password_textbox, $current_account->password_hash)) {
echo " all good, proceed to changing password";
} else {
echo "Old password is incorrect";
}