model check the password validation

Hi there,

I want to check that password entered by the user is correct or not on server side through the model rules and I want to use model rules only for that.

I want code something like this in my model

 public function rules() {

        return array(

                      array('password','required','message'=>"Password can not be empty"),

                      array('password', 'authenticate','message'=>"Password is incorrect"),



I want to do this for my change password webpage.

and I just want to check for entered password is correct or not.

Password are stored in my database using md5 encryption.

Can anybody help me ?

Thanks in advance

You should look at the code generated by yiic (LoginForm model).

Then just modify components/UserIdentity.php to perform authentication using database:

Thanks Andy_s for your reply

But I want this for my change_password webpage and there are 3 fields Old_Password, New_Password and Confirm_Password and here I want to check that Old_Password is equal to the password which is stored in database.and if not then error message like old password is not correct

Then you can create a method (or a validator) with the following contents:

public function equalPasswords($attribute, $params)


    $user = User::model()->findByPk(Yii::app()->user->id);

    if ($user->password != md5($this->attribute))

        $this->addError($attribute, 'Old password is incorrect.');


And in the rules method:

array('oldPassword', 'equalPasswords'),

Thanks andy

Now it works perfectly fine


if ($user->password != md5($this->$attribute))