CakePHP匹配舊的和新的輸入密碼

Question

我是CakePHP的新手，我有一個問題。 Iam更改用戶的電子郵件在form.Iam採取新的電子郵件和確認新的電子郵件字段以及密碼。密碼是他的帳戶密碼.IF他輸入的密碼匹配保存的密碼，然後系統將允許他更改密碼。

My Form Look Like below;

<form action="<?= Router::url('/users/ChangeEmailUser') ?>" method="post" id="ChangeEmailUser"> 

      <label><?= __('New Email', true); ?>:</label> 
      <input autocomplete="off" type="text" name="newEmail" class="email"> 
      <span id="valid"></span><br /> 
      <label><?= __('Confirm New Email', true); ?>:</label> 
      <input autocomplete="off" type="text" name="confEmail" class="conEmail"> 
      <span id="valid1"></span><br /> 
      <b>To save these settings, please enter your password</b><br/><br/> 
      <label><?= __('Password', true); ?>:</label> 
      <input autocomplete="off" type="password" name="repeat_password" class="oldpassword"> 
      <span id="valid"></span> <br /> 
      <div class="submit"> 
      <input type="submit" value="<?= __('submit', true) ?>" id="submitBtn" name="submitBtn" class="save_btn" style="margin-left:10px;"/> 
      </div> 
      <input type='button' name='' id='cancelGenderChangeBtn' value='<?= __('Cancel', true) ?>' class='cancel-profile cancelEmailBtn' /> 
     </form> 

而我在用戶的Controller中寫的功能如下;

function ChangeEmailUser() { 
     //get current language 
     $current_lang = !(get_current_language('code')) ? 'en' : get_current_language('code'); 
     //get user 
     $user = $this->_authenticate_user(); 

//  if (!$this->check_security_question()) { 
//   $this->redirect(array('action' => 'confirm_question', 'controller' => 'users')); 
//  } 
     if (!empty($_POST)) { 
      $this->set('submit_post', true); 

      $current_password = $user['password']; 
      $oldEmail = $this->User->get_his_old_email($user['account_num']); 
      $current_password_post = $_POST['repeat_password']; 
      $old_password = $this->User->get_his_old_password($user['account_num']); 

      $current_password_post = isset($_POST['repeat_password']) ? clean_string(trim(mysql_escape_string($_POST['repeat_password']))) : ''; 
      $newEmail = isset($_POST['newEmail']) ? clean_string(trim(mysql_escape_string($_POST['newEmail']))) : ''; 
      $confEmail = isset($_POST['confEmail']) ? clean_string(trim(mysql_escape_string($_POST['confEmail']))) : ''; 


      if (empty($newEmail) || empty($confEmail) || empty($current_password_post)) { 
       $this->User->logMessage($user['account_num'], TAHADI_LOG_SETTINGS, "FAILED - [ERROR: Missing Data]", "Change Email"); 
       $this->flashMessage(__('All Fields required', true)); 
      } elseif ($current_password != $current_password_post) { 
       // $this->flashMessage(__('New email not valid', true)); 
       $this->flashMessage(__('Old password incorrect', true)); 
      } elseif ($newEmail != $confEmail) { 
       $this->User->logMessage($user['account_num'], TAHADI_LOG_SETTINGS, "FAILED - [ERROR: New email and email confirmation do not match (Old Email : $oldEmail, New Email: $newEmail, Conf Email: $confEmail)]", "Change Email"); 
       $this->flashMessage(__('New email different from confirmation email', true)); 
      } elseif (!$this->User->custom_email(array('e_mail' => $newEmail))) { 
       $this->User->logMessage($user['account_num'], TAHADI_LOG_SETTINGS, "FAILED - [ERROR: New email is not correct (Old Email : $oldEmail, New Email: $newEmail, Conf Email: $confEmail)]", "Change Email"); 
       $this->flashMessage(__('New email not valid', true)); 
      } else { 
       $validEmail = $this->User->vaild_email($newEmail); 
       if ($validEmail !== false) { 
        $this->User->logMessage($user['account_num'], TAHADI_LOG_SETTINGS, "FAILED - [ERROR: Email address already taken (Old Email : $oldEmail, New Email: $newEmail, Conf Email: $confEmail)]", "Change Email"); 
        $this->flashMessage(__('This email is already taken', true)); 
       } else { 
        // send the verification link to the user 
        // Send notification email to the user. 
        if ($user['active'] == 1) { 
         $to = $user['email']; 
        } else { 
         $to = $newEmail; 
        } 
        $this->User->UpdatePendingEmailUser($newEmail, $user['account_num']); 

        $user2be_sent = md5(rc4Encrypt(strtolower($user['account_num']))); 
        $userinfo = getUser(); 
        $user_code = md5($user['id'] . "tahadichangeke@" . time()); 
        $this->User->add_email_change($user['account_num'], $user_code, $userinfo["active"]); 

        $link = Router::url('/users/confirmUserEmail', true) . "?code1=$user2be_sent&code2=$user_code"; 
        $this->flashMessage(__('Email is changed please visit this email', true) . ":" . $to, 'Sucmessage'); 

        $data = array(); 
        $data['link'] = $link; 
        $data['username'] = $user['account_num']; 

        $not_me_link = Router::url("/recover/disavow_change_email?code=$user_code", true); //$this->_get_not_me_link($user['account_num'], "Change Email", "Confirmation email sent to $to (Old Email : $oldEmail, New Email: $newEmail, Conf Email: $confEmail)"); 
        $this->set('not_me_link', $not_me_link); 
        $this->__notify_email(__('Confirm your email change request', true), "$current_lang/change_email", $to, $data); 
       } 
      } 
     } 

     $this->pageTitle = __("Change Email", true); 
    } 

現在的問題是，當我輸入密碼，它說，舊密碼不correct.I認爲蔭沒有得到舊密碼，它不是與貼password.When匹配我的評論檢查在那裏它們被匹配那就行了吧。好了，幫我解決這個問題。感謝提前。

Answer 1

這是未經測試的，因爲我不再配置我的cakePHP環境。

我並不熟悉您所說的文件，但我會假設您的密碼$user['password']與表格中發佈的格式不同。如果$user['password']取自cakePHP，如果我沒有記錯的話，它會被哈希，而從<input>標籤發送的文本是明文的。

也許這可以幫助：

} elseif ($current_password != AuthComponent::password($current_password_post)) {

PS：你知道你設置$current_password_post兩次？

Answer 2

你的代碼看起來真的很奇怪，爲什麼你不使用CakePHP？