Hello,
Im trying to add 'current password' field to account/password.
Currently it has only password and confirmation fields, I'd like customers to write current passwords so after that they can change it.
OC version is 2.0.1.1
I've add current password field to template/view/account/password.tpl
It will be needed to create variable on model/account/customer.php to pass it to the controller.
There is validate function in controller/account/password.php but I coundn't correctly pull validation off. Could you assist me to get hashed version of password from db and compare it to field value?
Conceptually I know what to do but can't do it correctly in practice
Thanks
I don't have OC2.0 installed, the earliest I have is 2.2 - in that version, you should take a look at /system/library/cart/customer.php
In the login function, there is:
$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1' AND approved = '1'");
You could add the same to your change password function, and make sure that the above query returns a row (based on what they entered in their current password) before proceeding to change or update their password.
In the login function, there is:
$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1' AND approved = '1'");
You could add the same to your change password function, and make sure that the above query returns a row (based on what they entered in their current password) before proceeding to change or update their password.
Who is online
Users browsing this forum: No registered users and 116 guests