I am trying to add validation error reporting to a password update form. The user should enter their old password, a new password and the new password a second time to verify.
Here is the controller action I made so far (it works just fine):
public function actionPassword($id) {
$user = app()->user->getUser();
if (isset($user->user_id) && $user->user_id === $id) {
$model = $this->loadModel($id);
$model->setScenario('changePassword');
if(isset($_POST['User'])){
$model->attributes = $_POST['User'];
if($model->validate()){
if(sha1($model->salt.$_POST['User']['old_password'])===$model->password) {
$model->password = sha1($model->salt.$_POST['User']['pass1']);
if($model->save()){
app()->user->setFlash('success', 'Saved new password!');
}
}
}
}
$this->render('/user/password', array('model' => $model));
} else {
// access denied for this user
throw new CHttpException(403, 'Access Denied.');
}
}
My only model validation rules for this scenario are:
array('old_password, pass1, pass2', 'required', 'on' => 'changePassword'),
array('pass2', 'compare', 'compareAttribute' => 'pass1', 'on' => 'changePassword'),
How can I make the old_password form field take the error class if the old password does not match the hashed password currently in the database? For now I just have an if statement with the sha1() as argument, but if they don’t match, the user doesn’t get alerted to this.