From eb56ee821f0261c0106252c561e314b753b4cbb5 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 3 Feb 2009 00:17:40 +0000
Subject: Add a confirmation password input field that must match the primary
 password field in order for the update to succeed.  If there is no data
 entered in the primary password field, the confirmation field is ignored.

Addresses Trac Ticket #4
---
 modules/user/controllers/users.php | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

(limited to 'modules/user/controllers/users.php')

diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index a285b32d..811e3a2d 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -28,19 +28,26 @@ class Users_Controller extends REST_Controller {
     $form = user::get_edit_form($user);
     $form->edit_user->password->rules("-required");
     if ($form->validate()) {
-      // @todo: allow the user to change their name
-      // @todo: handle password changing gracefully
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      $user->save();
+      if ($form->edit_user->password->value &&
+          $form->edit_user->password->value != $form->edit_user->password2->value) {
+        $form->edit_user->password2->add_error("mistyped", 1);
+        print json_encode(
+          array("result" => "error",
+                "form" => $form->__toString()));
+      } else {
+        // @todo: allow the user to change their name
+        $user->full_name = $form->edit_user->full_name->value;
+        if ($form->edit_user->password->value) {
+          $user->password = $form->edit_user->password->value;
+        }
+        $user->email = $form->edit_user->email->value;
+        $user->url = $form->edit_user->url->value;
+        $user->save();
 
-      print json_encode(
-        array("result" => "success",
-              "resource" => url::site("users/{$user->id}")));
+        print json_encode(
+          array("result" => "success",
+                "resource" => url::site("users/{$user->id}")));
+      }
     } else {
       print json_encode(
         array("result" => "error",
-- 
cgit v1.2.3