public function actionChangePassword() { if (Yii::app()->user->isGuest) { Yii::app()->request->redirect(basePath('')); } //do validation $model = new ChangePasswordForm(); $model->setAttributes(array('password_change' => $_POST['password_change'], 'password_new' => $_POST['password_new'], 'password_new_confirm' => $_POST['password_new_confirm'])); $model->validate(); $errors = $model->getErrors(); if (count($errors) != 0) { Yii::app()->user->setFlash('changepassworderror', true); foreach ($errors as $key => $value) { Yii::app()->user->setFlash($key, $value); } Yii::app()->request->redirect(basePath('app/myprofile')); return; } $user = User::model()->findByPk(Yii::app()->user->getState('id')); if ($user->password != $_POST['password_change']) { Yii::app()->user->setFlash('password_change', array('0' => 'Invalid password')); Yii::app()->request->redirect(basePath('app/myprofile')); return; } //update user's email $user->password = $model->password_new; $user->update(); //update session state $userControl = new userControl(); $userControl->update(); //redirect user to my profile page Yii::app()->request->redirect(basePath('app/properties')); }