[revo login] Change password in UpdateProfile snippet..

37 Posts

2byte Reply #1, 13 years, 8 months ago

I want to build a change password feature into the logins UpdateProfile form, for some reason this doesn’t appear to be supported..

So I create a snippet as a prehook to update these details when the Update profile form is submitted.
This is in my update page resource:

[[!UpdateProfile &preHook=`UpdatePassword`]]  
[[$lgnupdateprofile]]

To start with I am simply trying to echo out some simple string just to make sure the script is processing okay, so following the instructions at http://rtfm.modx.com/display/ADDON/Login.Using+Pre+and+Post+Hooks for passing back error messages, I am having absolutely no luck!

Here’s the nebula of my UpdatePassword snippet:

<?php

$pword1 = $scriptProperties['fields']['password'];
$pword2 = $scriptProperties['fields']['password_confirm'];

if($pword1 == $pword2){
	$errorMsg = 'they match';
}else{
	$errorMsg = 'they dont match';
}
$scriptProperties['hook']->errors['user'] = $errorMsg; 
return false;  

?>

So I am expecting to see the string “they match” or “they dont match” echoed out to the placeholder [[+hook.user]] in the lgnupdateprofile chunk, but alas nothing! Also tried placeholders [[+error.user]], [[+error.hook]] and [[+user.hook]] with no joy sad

Hope I am not being dumb here?! Any tips very much appreciated...

37 Posts

2byte Reply #2, 13 years, 8 months ago

Now I don’t really want to give up on Revo and revert back to Evo, it’s such a great framework so here I am persevering..

I’ve decided to stop trying to use the Login package for the change password feature as I can’t even get the hooks to work. I am now just trying to develop a standalone password changing form using the ModX Revo API. Unfortunately this is all very new to me also..

So with baby steps I’m firstly just trying to echo out the user details in a snippet, but unfortunately the email address is not coming through! So then I try using the modUser.getSettings method, which appears to return an empty set!!

<?

$user = $modx->getUser();

  
$output = "<p>";
$output .= $user->get('username') . "<br />";
$output .= $user->get('email') . "<br />";
$output .= $user->get('password') . "<br />";
$output .= "</p>";

$output .= "<p>";
$settings = $user->getSettings();
foreach($settings as $key => $value){
	$output .= $key . ": " . $value . "<br />";
}
$output .= "</p>";
return $output;

?>

How to return the email address for a start? Any help really appreciated!!

If I can get this working I am happy to post all the code for all to use..

Thanks...

37 Posts

2byte Reply #3, 13 years, 8 months ago

Found this to answer my own q above:

$email = $user->getOne('Profile')->get('email'); 
$output .= "<p>".$email."</p>";

still a way from changing password form though...

37 Posts

2byte Reply #4, 13 years, 8 months ago

Just went back to the Login’s UpdateProfile snippet, building up from scratch to see where stuff is breaking, and I think I’ve found a bug..

It was all working fine until I add a hook to the snippet, at which point it breaks, or at the least it stops populating the default fields with the current users details, and gives no feedback after any form submission.

I can only confirm the syntax for the &postHook parameter from the Modx Addons page, and adding any snippet with this parameter breaks it! I’ve also exhausted all other possible syntax that may be used here (&preHook, &preHooks, &prehook, &postHooks, &posthook, &hook, &hooks) all of which still seem to break the UpdateProfile snippet.

Does anyone know if this really is a bug, or just something which isn’t covered fully on the docs?

37 Posts

2byte Reply #5, 13 years, 7 months ago

If anyone is actually reading this and wants to add a change password form to their website, I finally managed to do it

<?php
/**
 * ChangePassword snippet
 **/

/* setup default properties */

/* verify authenticated status */
if (!$modx->user->hasSessionContext($modx->context->get('key'))) {
    $modx->sendUnauthorizedPage();
}

/* get profile */
$profile = $modx->user->getOne('Profile');

if (empty($profile)) {
    $modx->log(modX::LOG_LEVEL_ERROR,'Could not find profile for user: '.$modx->user->get('username'));
    return '';
}

$placeholders = $profile->toArray();
$modx->toPlaceholders($placeholders, 'chgPwd');

$error = false;


if (!empty($_POST) && isset($_POST['updpword-btn'])) {
  
      if(strlen($_POST['new_password']) < 8){
    
        $modx->toPlaceholder('error.password', '<p class="error">New password must be at least 8 characters</p>');
        $error = true;
        
    }
    if($_POST['new_password'] != $_POST['password_confirm']){
    
        $modx->toPlaceholder('error.password_confirm', '<p class="error">Passwords do not match!</p>');
        $error = true;
        
        
    }
    if($_POST['old_password'] == ''){
    
        $modx->toPlaceholder('error.old_password', '<p class="error">Please provide your existing password</p>');
        $error = true;
        
    }    
    
      if(!$error){
        // no error messages set
        // update pword..
        
        if($modx->user->changePassword($_POST['new_password'], $_POST['old_password'])){
            $message = '<p class="success">Successfully updated password.</p>';
        }else{
            $message = '<p class="error">Could not update password!</p>';
        }
        
        
        
    }
  
  
    $modx->toPlaceholder('error.message', '<p class="error">' . $message . '</p>');
}

return '';
?>

Gave up trying to use the login package as frankly extending classes and the like is beyond my design/graphics background. Ended up just refering to the revo API and built this from the ground up. Its working for me right now but if anyone sees any potential security risks or other improvements I would be interested to know? Just hoping this goes some way to improving the documentation on this great framework..

41 Posts

MaZZie Reply #6, 13 years, 7 months ago

nice work,

But how do I use it?

I created the snippet ChangePassword.
Can I use it whe [[Changepassword]] or is there some chunck needed?

GH: http://github.com/MaZZie
TW: http://twitter.com/Datz_MaZZie

37 Posts

2byte Reply #7, 13 years, 7 months ago

This should do it for you..

<div class="change-password">
    [[+error.message]]
    
    <form class="form" action="[[~[[*id]]]]" method="post">
    
        <label for="new_password">New password</label>
                <input type="password" name="new_password" id="new_password" />
        [[+error.password]]
        
        <label for="password_confirm">Confirm password</label>
            <input type="password" name="password_confirm" id="password_confirm" />
        [[+error.password_confirm]]

<br />

        <label for="old_password">Old password</label>
            <input type="password" name="old_password" id="old_password" />

        [[+error.old_password]]

<br />

            <input type="submit" name="updpword-btn" value="Change password" />
        
    </form>
    
</div>

41 Posts

MaZZie Reply #8, 13 years, 7 months ago

THNX.. This is working! laugh

GH: http://github.com/MaZZie
TW: http://twitter.com/Datz_MaZZie

14 Posts

rabimoe Reply #9, 13 years, 6 months ago

Works perfectly fine for me as well! Thanks so much.

I really don’t understand why this is not a part of the login package. What’s the point of reseting the password, generate a new one and not being able to change it to a custom one?

☆ A M B ☆
24,524 Posts

sottwell Reply #10, 13 years, 6 months ago

Usually "change password" just means reset a password because the user forgot his password. No need for custom passwords in that case.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org