From eb56ee821f0261c0106252c561e314b753b4cbb5 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 3 Feb 2009 00:17:40 +0000
Subject: Add a confirmation password input field that must match the primary
 password field in order for the update to succeed.  If there is no data
 entered in the primary password field, the confirmation field is ignored.

Addresses Trac Ticket #4
---
 modules/user/controllers/admin_users.php | 12 ++++++++++++
 modules/user/controllers/users.php       | 31 +++++++++++++++++++------------
 2 files changed, 31 insertions(+), 12 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 38e68d30..496ed9ca 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -37,6 +37,12 @@ class Admin_Users_Controller extends Controller {
       $valid = false;
     }
 
+    if ($form->add_user->password->value &&
+        $form->add_user->password->value != $form->add_user->password2->value) {
+      $form->add_user->password2->add_error("mistyped", 1);
+      $valid = false;
+    }
+
     if ($valid) {
       $user = user::create(
         $name, $form->add_user->full_name->value, $form->add_user->password->value);
@@ -106,6 +112,12 @@ class Admin_Users_Controller extends Controller {
       }
     }
 
+    if ($form->edit_user->password->value &&
+        $form->edit_user->password->value != $form->edit_user->password2->value) {
+      $form->edit_user->password2->add_error("mistyped", 1);
+      $valid = false;
+    }
+
     if ($valid) {
       $user->name = $new_name;
       $user->full_name = $form->edit_user->full_name->value;
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index a285b32d..811e3a2d 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -28,19 +28,26 @@ class Users_Controller extends REST_Controller {
     $form = user::get_edit_form($user);
     $form->edit_user->password->rules("-required");
     if ($form->validate()) {
-      // @todo: allow the user to change their name
-      // @todo: handle password changing gracefully
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      $user->save();
+      if ($form->edit_user->password->value &&
+          $form->edit_user->password->value != $form->edit_user->password2->value) {
+        $form->edit_user->password2->add_error("mistyped", 1);
+        print json_encode(
+          array("result" => "error",
+                "form" => $form->__toString()));
+      } else {
+        // @todo: allow the user to change their name
+        $user->full_name = $form->edit_user->full_name->value;
+        if ($form->edit_user->password->value) {
+          $user->password = $form->edit_user->password->value;
+        }
+        $user->email = $form->edit_user->email->value;
+        $user->url = $form->edit_user->url->value;
+        $user->save();
 
-      print json_encode(
-        array("result" => "success",
-              "resource" => url::site("users/{$user->id}")));
+        print json_encode(
+          array("result" => "success",
+                "resource" => url::site("users/{$user->id}")));
+      }
     } else {
       print json_encode(
         array("result" => "error",
-- 
cgit v1.2.3