Customer can't edit his information without entering current password
https://magento.stackexchange.com/questions/183978
-
10-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have problem in customer/account/edit/ page the customer can't update his information without fill current password field even if he doesn't checked the change password checkbox, if the customer try to change his date this message will appear "Invalid current password"
Anyone could help me please ?
The codes used
<li class="control">
<input type="checkbox" name="change_password" id="change_password" value="1" onclick="setPasswordForm(this.checked)" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Change Password')) ?>"<?php if($this->getCustomer()->getChangePassword()==1): ?> checked="checked"<?php endif; ?> class="checkbox" /><label for="change_password"><?php echo $this->__('Change Password') ?></label>
</li>
<li class="fields">
<div>
<label for="current_password" class="required"><em>*</em><?php echo $this->__('Current Password') ?></label>
<div class="input-box">
<!-- This is a dummy hidden field to trick firefox from auto filling the password -->
<input type="text" disabled class="input-text no-display" name="dummy" id="dummy" />
<input type="password" disabled title="<?php echo Mage::helper('core')->quoteEscape($this->__('Current Password')) ?>" class="input-text" name="current_password" id="current_password" />
</div>
</div>
</li>
<li class="fields">
<div>
<label for="password" class="required"><em>*</em><?php echo $this->__('New Password') ?></label>
<div class="input-box">
<input type="password" title="<?php echo Mage::helper('core')->quoteEscape($this->__('New Password')) ?>" class="input-text validate-password" name="password" id="password" />
</div>
</div>
</li>
<li class="fields">
<label for="confirmation" class="required"><em>*</em><?php echo $this->__('Confirm New Password') ?></label>
<div class="input-box">
<input type="password" title="<?php echo Mage::helper('core')->quoteEscape($this->__('Confirm New Password')) ?>" class="input-text validate-cpassword" name="confirmation" id="confirmation" />
</div>
</li>
//<![CDATA[
var dataForm = new VarienForm('form-validate', true);
function setPasswordForm(arg){
if (arg){
$('current_password').up(4).show();
$('current_password').addClassName('required-entry');
$('password').addClassName('required-entry');
$('confirmation').addClassName('required-entry');
} else {
$('current_password').up(4).hide();
$('current_password').removeClassName('required-entry');
$('password').removeClassName('required-entry');
$('confirmation').removeClassName('required-entry');
}
}
<?php if($this->getCustomer()->getChangePassword()): ?>
setPasswordForm(true);
<?php endif; ?>
//]]>
Solution
You have to change app/code/core/Mage/Customer/controllers/AccountController.php
For this behavoir these lines have to be moved after if ($customer->getIsChangePassword()) {
if (!$customer->validatePassword($this->getRequest()->getPost('current_password'))) {
$errors[] = $this->__('Invalid current password');
}
... BUT you shouldn't do this!
-1 IMHO this validation is fine like it is. If developer's intention was to check current password just for changing password this input would be hidden until marking checkbox "change password".
and
IMHO to edit non-passwords account data from version 1.9.3.0 you have to provide current password too.
Magento CE 1.9.3.0 Release Notes, section Password enhancements
- When a user changes their e-mail address, they are required to provide their password and to acknowledge the change from the previous address.
Had same question/problem in the past ... and have closes this pull request.
