/** * Checks whether the user is allowed to change his password. * * If the password is the same as one of his $lastPasswordChangesCount previous passwords, the user is not allowed. * * @param Event $event */ public function allowPasswordChange(Event $event) { $form = $event->sender; // The ChangePasswordForm if ($form->oldPassword == $form->newPassword) { Yii::info("The system doesn't allow a password change because the current " . "password of the user is the same as the new one!", __CLASS__); $form->addError('newPassword', Yii::t(Module::I18N_CATEGORY, 'Passwords must not be the same!')); return; } $security = Yii::$app->security; $userModel = $form->getUser(); $previousPasswords = PasswordHistory::findAllByUserId($userModel->id, $this->lastPasswordChangesCount); if (!count($previousPasswords)) { // The password is changed for a first time Yii::info("Save the first password of the user to the password history table", __CLASS__); PasswordHistory::createAndSave($userModel->id, $userModel->password_hash); // Save the first password } else { foreach ($previousPasswords as $passwordHistory) { if ($security->validatePassword($form->newPassword, $passwordHistory->password_hash)) { Yii::info("The system doesn't allow a password change, because " . "the current password is the same as one of the previous passwords of the user!", __CLASS__); $form->addError('newPassword', Yii::t(Module::I18N_CATEGORY, 'Your password is the same as a previous password of yours. For security reasons, please add another password.')); return; } } } Yii::info("Save the new password of the user to the password history table", __CLASS__); PasswordHistory::createAndSave($userModel->id, $security->generatePasswordHash($form->newPassword)); // Save the new password }