Page 1 of 1

Adding "Current Password" field to password change page

Posted: Sat May 27, 2017 4:48 pm
by A.Togonidze
Hello,

Im trying to add 'current password' field to account/password.
Currently it has only password and confirmation fields, I'd like customers to write current passwords so after that they can change it.

OC version is 2.0.1.1

I've add current password field to template/view/account/password.tpl

It will be needed to create variable on model/account/customer.php to pass it to the controller.
There is validate function in controller/account/password.php but I coundn't correctly pull validation off. Could you assist me to get hashed version of password from db and compare it to field value?

Conceptually I know what to do but can't do it correctly in practice :-\

Thanks

Re: Adding "Current Password" field to password change page

Posted: Sat May 27, 2017 11:11 pm
by oclcas
I don't have OC2.0 installed, the earliest I have is 2.2 - in that version, you should take a look at /system/library/cart/customer.php

In the login function, there is:

$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1' AND approved = '1'");

You could add the same to your change password function, and make sure that the above query returns a row (based on what they entered in their current password) before proceeding to change or update their password.