Standalone edit mode form for changing account password

Standalone edit mode form for changing account password

toni.petrovictoni.petrovic Posts: 8Questions: 4Answers: 0
edited January 6 in Free community support

Hi,

I am using Datatables Editor with PHP 2.2.2.

I would like to make a standalone form that would be triggered by user to show form for changing old password for the new one.

The js script is:

    var change_password_editor = new DataTable.Editor({
        ajax: "Ajax/ChangePassword.php", idSrc: "id", fields: 
            [
                {label: "ID", name: "id", type: "hidden"}, 
                {label: "Old Password", name: "old_password", type: "password"}, 
                {label: "New Password", name: "new_password", type: "password"}, 
                {label: "Confirm New Password", name: "confirm_new_password", type: "password"}
            ]
    });

function openChangePasswordForm() {
        // Open the Editor in 'create' mode but use it for editing the password
        change_password_editor.create({
            title: 'Change Password', buttons: 'Change'
        });

        // Manually set the ID of the user whose password is being changed
        change_password_editor.set('id', user.id);

        // Show only the password fields
        change_password_editor.show(['old_password', 'new_password', 'confirm_new_password']);
    }

In this way the action create is triggered, but if I change to edit, than the datatable should be lined to, but I do not have any, since it is a standalone form.

In the PHP side I would like to check if the old password is the same with the connection to the user id. If it is, then I would update the password field with new_password.

The perfect code would be like this (but it is not working - I guess the setFormatter does not support the field and use $db).

Editor::inst($db, 'users', 'id')
    ->fields(
        Field::inst('old_password')->set(false), // Prevents saving to DB
        Field::inst('new_password')->set(false),
        Field::inst('confirm_new_password')->set(false),
        Field::inst('password')->setFormatter(function ($val, $data, $field) use ($db) {
            // Access the data using the correct format
            $formData = $data['data'][0];

            if (isset($formData['old_password']) && isset($formData['new_password'])) {
                error_log(print_r($formData, true));
                $userId = $formData['id'];

                // Fetch the current password from the database
                $currentPassword = $db->sql('select password from users where id = ?', [$userId])->fetch();

                // Check if the old password matches
                if (md5($formData['old_password']) === $currentPassword['password']) {
                    // If it matches, hash and return the new password
                    return md5($formData['new_password']);
                } else {
                    // If it doesn't match, return an error
                    $field->setError('Old password is incorrect.');
                    return null;
                }
            }
            // If the old or new password isn't set, do nothing
            return null;
        })
    )
    ->process($_POST)
    ->json();

Could you be so kind and advise?

Regards,
Toni

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 63,679Questions: 1Answers: 10,498 Site admin
    Answer ✓

    Hi Toni,

    The Editor PHP libraries are designed to be used with row editing, which this isn't. What I think you'll need to do is make use of the data being sent to you by Editor from the client-side and build some PHP / SQL statements that will process the data as needed, rather than attempting to use our Editor PHP libraries.

    The format of the data being submitted to the server-side is documented here and it is quite easy to use in PHP.

    One important point, which is not Editor related - don't use md5 for password hashing (see the PHP docs on this). Use crypt instead.

    Allan

  • toni.petrovictoni.petrovic Posts: 8Questions: 4Answers: 0

    Dear Allan,

    thank you for prompt answer. I will do it in my part of the API.

    Regarding for the md5 - this is a part of the old code and yes, I will do the transition to the BCRYPT algorithm. Thank you for highlighting this :).

    I will soon have another complicated table with CRUD functionality and two sub tables. Is that doable with PHP API?

    Kind regards,
    Toni

  • allanallan Posts: 63,679Questions: 1Answers: 10,498 Site admin

    Hi Toni,

    By two sub-tables, do you mean something like this nesting Editor example, or do you mean something more like a left join to two tables?

    Allan

  • toni.petrovictoni.petrovic Posts: 8Questions: 4Answers: 0

    Hi Allan,

    I would have a group item with specific data, than a sub items that would be from another table and then sub-sub items that would be connected via link table to another one :). I guess your nesting Editor would work for the last relation.

    The structure:

    Group 1 (fields: title, description, ...):
    - Mission1 (fields: title, description, location, ...)
    - Team 1
    - Team 2
    - Mission 2 (fields: title, description, location, ...)
    - Team 2
    Group 2 (fields: title, description, ...):
    - Mission XX (fields: title, description, location, ...)
    - Team XX

    The Group section and Mission could be handled with Child tables, but do not have an idea how to handle the team tables.

    Hope I made it clear enough :).

    Regards,
    Toni

Sign In or Register to comment.