3 files changed, 40 insertions, 12 deletions

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 38e68d30..496ed9ca 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -37,6 +37,12 @@ class Admin_Users_Controller extends Controller {
       $valid = false;
     }
 
+    if ($form->add_user->password->value &&
+        $form->add_user->password->value != $form->add_user->password2->value) {
+      $form->add_user->password2->add_error("mistyped", 1);
+      $valid = false;
+    }
+
     if ($valid) {
       $user = user::create(
         $name, $form->add_user->full_name->value, $form->add_user->password->value);
@@ -106,6 +112,12 @@ class Admin_Users_Controller extends Controller {
       }
     }
 
+    if ($form->edit_user->password->value &&
+        $form->edit_user->password->value != $form->edit_user->password2->value) {
+      $form->edit_user->password2->add_error("mistyped", 1);
+      $valid = false;
+    }
+
     if ($valid) {
       $user->name = $new_name;
       $user->full_name = $form->edit_user->full_name->value;
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index a285b32d..811e3a2d 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -28,19 +28,26 @@ class Users_Controller extends REST_Controller {
     $form = user::get_edit_form($user);
     $form->edit_user->password->rules("-required");
     if ($form->validate()) {
-      // @todo: allow the user to change their name
-      // @todo: handle password changing gracefully
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      $user->save();
+      if ($form->edit_user->password->value &&
+          $form->edit_user->password->value != $form->edit_user->password2->value) {
+        $form->edit_user->password2->add_error("mistyped", 1);
+        print json_encode(
+          array("result" => "error",
+                "form" => $form->__toString()));
+      } else {
+        // @todo: allow the user to change their name
+        $user->full_name = $form->edit_user->full_name->value;
+        if ($form->edit_user->password->value) {
+          $user->password = $form->edit_user->password->value;
+        }
+        $user->email = $form->edit_user->email->value;
+        $user->url = $form->edit_user->url->value;
+        $user->save();
 
-      print json_encode(
-        array("result" => "success",
-              "resource" => url::site("users/{$user->id}")));
+        print json_encode(
+          array("result" => "success",
+                "resource" => url::site("users/{$user->id}")));
+      }
     } else {
       print json_encode(
         array("result" => "error",
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index 14e3f09c..f125d67d 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -30,6 +30,9 @@ class user_Core {
     $group->input("name")->label(t("Name"))->id("gName")->value($user->name);
     $group->input("full_name")->label(t("Full Name"))->id("gFullName")->value($user->full_name);
     $group->password("password")->label(t("Password"))->id("gPassword");
+    $group->password("password2")->label(t("Confirm Password"))->id("gPassword2");
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
     $group->input("email")->label(t("Email"))->id("gEmail")->value($user->email);
     $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url);
     $group->submit("")->value(t("Save"));
@@ -46,6 +49,9 @@ class user_Core {
       "in_use", t("There is already a user with that name"));
     $group->input("full_name")->label(t("Full Name"))->id("gFullName")->value($user->full_name);
     $group->password("password")->label(t("Password"))->id("gPassword");
+    $group->password("password2")->label(t("Confirm Password"))->id("gPassword2");
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
     $group->input("email")->label(t("Email"))->id("gEmail")->value($user->email);
     $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url);
     $group->submit("")->value(t("Modify User"));
@@ -61,6 +67,9 @@ class user_Core {
       "in_use", t("There is already a user with that name"));
     $group->input("full_name")->label(t("Full Name"))->id("gFullName");
     $group->password("password")->label(t("Password"))->id("gPassword");
+    $group->password("password2")->label(t("Confirm Password"))->id("gPassword2");
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
     $group->input("email")->label(t("Email"))->id("gEmail");
     $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url);
     $group->submit("")->value(t("Add User"));