[Solved] User Password Update

I am trying to add validation error reporting to a password update form. The user should enter their old password, a new password and the new password a second time to verify.

Here is the controller action I made so far (it works just fine):

public function actionPassword($id) {

	$user = app()->user->getUser();

	if (isset($user->user_id) && $user->user_id === $id) {

		$model = $this->loadModel($id);



			$model->attributes = $_POST['User'];


				if(sha1($model->salt.$_POST['User']['old_password'])===$model->password) {

					$model->password = sha1($model->salt.$_POST['User']['pass1']);


						app()->user->setFlash('success', 'Saved new password!');






		$this->render('/user/password', array('model' => $model));

	} else {

		// access denied for this user

		throw new CHttpException(403, 'Access Denied.');



My only model validation rules for this scenario are:

array('old_password, pass1, pass2', 'required', 'on' => 'changePassword'),

array('pass2', 'compare', 'compareAttribute' => 'pass1', 'on' => 'changePassword'),

How can I make the old_password form field take the error class if the old password does not match the hashed password currently in the database? For now I just have an if statement with the sha1() as argument, but if they don’t match, the user doesn’t get alerted to this.

Add a custom validation rule:

    array('old_password', 'checkOldPassword', 'on' => 'changePassword'),

    public function checkOldPassword($attribute, $params)


        if (sha1($this->salt . $this->old_password) !== $this->password)

            $this->addError('old_password', 'Your old password was incorrect.');