Craft CMS Asked by Josh Parylak on June 13, 2021
I’m adding an update password form. This is not a reset password in case of a forgotten pw, but a form that allows users to update at their leisure. I have the current password field name="currentPassword" and the new password field name="newPassword".
When I run the form locally, it works as expected, and does not save the user when the currentPassword value is incorrect. When I run it on our production site, the current password field accepts any value at all, still saves, and changes the password to the new password value despite the current password not being correct. Is there some environment setting I could be missing here that’s responsible for this?
Running Craft 3.4.30, no Commerce.
If the user already has an elevated session then they do not need to enter their current password. You can see the relevant code for this check here: https://github.com/craftcms/cms/blob/bd3820f19a0680c635a89c7f16805299964d97f2/src/controllers/UsersController.php#L1713-L1721
That is the only explanation I can come up with for the difference in what you are seeing locally and in production.
Correct answer by Ben Croker on June 13, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP