Oleg Kostyuk wrote:
Hello subscribers,
On some pages I need to re-check user password (to be more concrete -
each time when user change any settings on "user settings" page). I
can't compare passwords directly (something like: $form->{password} eq
$c->user->password()), because in DB I have only hashed passwords.
You could always just hash the supplied password and compare the hashes
Seems that I can try to authenticate user again, by calling
$c->authenticate(name=>$c->user->name, pass=>$form->{password}), but I
concerned is this acceptable - calling authenticate, when user is
already authenticated. And what will be if provided password is
incorrect - user will be auto-logout'ed or not?
I'd probably use the authentication again, but ensure that it treated
logically as such and not lumped in with some CRUD (unless that's not
how it's being used in which case you probably shouldn't use it). I'm
fairly sure a failed auth doesn't result in a logout, so you could use
that as a means to redisplay the form with a message.
May be there is some other way, that is not obvious to me?
Any thoughts is welcome,
Thanks.
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
