/** * Adds password validation rule for login scenario * * @param \DevGroup\Users\models\LoginForm $loginForm * * @return array */ protected function validatePassword(LoginForm &$loginForm) { return ['password', function ($attribute) use(&$loginForm) { if ($loginForm->user === null || !PasswordHelper::validate($loginForm->password, $loginForm->user->password_hash)) { $loginForm->addError($attribute, Yii::t('users', 'Invalid login or password')); } }]; }
public function changePassword() { /** @var User $user */ $this->trigger(self::EVENT_BEFORE_PASSWORD_CHANGE); $user = Yii::$app->user->identity; if ($user === null) { throw new ServerErrorHttpException("No user identity found"); } if (PasswordHelper::validate($this->oldPassword, $user->password_hash) !== true) { $this->addError('oldPassword', Yii::t('users', 'Old Password not valid')); return false; } else { $this->trigger(self::EVENT_PASSWORD_CHANGE); $user->password = $this->newPassword; return $user->changePassword(); } return false; }