CODEWITHSUNDEEP
phpformscodeignitervalidation
Mudassar Khani
Mudassar Khani

Reputation: 1479

Codeigniter Form Validation Rule for match (password)

I am trying to write Form validation rules in my Controller to submit Change Password form in which I am checking the old password too. I am getting the old password(current) from db and placing it in a hidden input field.

My Rules are simple and are given below

         $config=array(
            array(
                'field'   => 'old_password',
                'label'   => 'oldpass',
                'rules'   => 'trim|required'
            ),
            array(
                'field'   => 'conf_password',
                'label'   => 'connewpass',
                'rules'   => 'trim|required|matches[password]'
            ),
            array(
                'field'   => 'password',
                'label'   => 'newpass',
                'rules'   => 'trim|required'
            )

My hidden input field in the form to save current password is like 

<input type="hidden" name="old_pass" value="<?php echo $user['password']?>">

I know that matches(field name) in rules work for matching two field values but Where I am stuck is that the password coming from db is md5 encrypted. How can I encrypt the password coming from form and match with old pass field in the rule?

Upvotes: 6

Views: 35806

Answers (3)

Vishal P Gothi
Vishal P Gothi

Reputation: 997

Please use like this, if you are using form validation library, it is working for me.

$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('confirm_password', 'Confirm Password', 'required|matches[password]');

Thank You

Edit: Code formatting

Upvotes: 2

Adriano Gon&#231;alves
Adriano Gon&#231;alves

Reputation: 71

Another approach:

if (!$this - > checkValidLogin($username, $old_password)) {
  $this - > form_validation - > set_rules('password', 'Password', [
    [
      'old_password',
      function($value) {
        return false;
      }
    ]
  ]);
  $this - > form_validation - > set_message('old_password', 'Old password doesn\'t match.');
}

Upvotes: 2

jagad89
jagad89

Reputation: 2643

There is no need of putting old password hash in hidden field. it's not even safe. you can create callback function for your own custom validation. Notice the comment i have did in following code.

$config=array(
            array(
                'field'   => 'old_password',
                'label'   => 'oldpass',
                'rules'   => 'trim|required|callback_oldpassword_check' // Note: Notice added callback verifier.
            ),
            array(
                'field'   => 'conf_password',
                'label'   => 'connewpass',
                'rules'   => 'trim|required|matches[password]'
            ),
            array(
                'field'   => 'password',
                'label'   => 'newpass',
                'rules'   => 'trim|required'
            )

In side your controller create a method as below

public function oldpassword_check($old_password){
   $old_password_hash = md5($old_password);
   $old_password_db_hash = $this->yourmodel->fetchPasswordHashFromDB();

   if($old_password_hash != $old_password_db_hash)
   {
      $this->form_validation->set_message('oldpassword_check', 'Old password not match');
      return FALSE;
   } 
   return TRUE;
}

for more details of callback verification visit here

I have not verified above code. But hope you get the way to solve your problem.

Upvotes: 17

Related Questions