Change password with confirmation of existing password
41 views
Skip to first unread message
Maneki Neko
Feb 15, 2010, 5:17:57 PM2/15/10
to Authlogic
How can an application change a user's password with first a
confirmation of their current password? The database fields are
encrypted, so I'm not exactly sure how I can compare the user's input
of their current password against their actual current password before
changing a user's password.
confirmation of their current password? The database fields are
encrypted, so I'm not exactly sure how I can compare the user's input
of their current password against their actual current password before
changing a user's password.
Nick Pearson
Feb 16, 2010, 1:25:08 AM2/16/10
to auth...@googlegroups.com
You could attempt to authenticate again using the current password and
then only change the password if authentication was successful. Just
be sure you don't overwrite your current_user (or whatever you use) so
that the user isn't logged out upon providing an incorrect current
password. In other words, don't just duplicate your existing login
logic.
then only change the password if authentication was successful. Just
be sure you don't overwrite your current_user (or whatever you use) so
that the user isn't logged out upon providing an incorrect current
password. In other words, don't just duplicate your existing login
logic.
> --
> You received this message because you are subscribed to the Google Groups "Authlogic" group.
> To post to this group, send email to auth...@googlegroups.com.
> To unsubscribe from this group, send email to authlogic+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/authlogic?hl=en.
>
>
Reply all
Reply to author
Forward
0 new messages