CODEWITHSUNDEEP
phpyii2yii2-advanced-app
Gyuzal
Gyuzal

Reputation: 1591

Moving reset password to backend, Yii2

I have user authorization on backend only (for admins) and I am trying to move password reset function to backend.

\backend\views\site\login.php

<?php $form = ActiveForm::begin(['id' => 'login-form']); ?>

            //fields for username and password

            <div class="form-group">
                <?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>
            </div>

        <?php ActiveForm::end(); ?>

        <div style="color:#999;margin:1em 0">
               If you forgot your password you can <?= Html::a('reset it', ['request-password-reset']) ?>.
           </div>

\backend\controllers\SiteController.php

public function actionLogin()
{
    if (!\Yii::$app->user->isGuest) {
        return $this->goHome();
    }

    $model = new LoginForm();
    if ($model->load(Yii::$app->request->post()) && $model->login()) {
        return $this->goBack();
    } else {
       //enters here instead
        return $this->render('login', [
            'model' => $model,
        ]);
    }
}
public function actionRequestPasswordReset()
    {
       //not entering here
        $model = new PasswordResetRequestForm(); //placed in \common\models
        if ($model->load(Yii::$app->request->post()) && $model->validate()) {
            if ($model->sendEmail()) {
                Yii::$app->session->setFlash('success', 'Check your email for further instructions.');

                return $this->goHome();
            } else {
                Yii::$app->session->setFlash('error', 'Sorry, we are unable to reset password for email provided.');
            }
        }

        return $this->render('requestPasswordResetToken', [
            'model' => $model,
        ]);
    }

The problem is when I click reset it the site redirects me to login.php again, so actionRequestPasswordReset() is not fired. Im new to Yii and would appreciate any help.

Upvotes: 0

Views: 2118

Answers (1)

topher
topher

Reputation: 14860

Update your controller's Access Control Filter to permit users who haven't logged in to access requestPasswordReset:

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'actions' => ['request-password-reset'],
                    'allow' => true,
                    'roles' => ['?'],
                ],
                ...

Upvotes: 1

Related Questions