Magento2 – How to Check if Customer Password Matches

customermagento2password

I have a string variable, and i want to check if this string variable match with the current customer password, is there a way to do this?

Best Answer

Please check this model

Magento\Customer\Model\Authentication.php

In this You will find one method authenticate($customerId, $password)

    public function authenticate($customerId, $password)
    {
        $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
        $hash = $customerSecure->getPasswordHash();
        if (!$this->encryptor->validateHash($password, $hash)) {
            $this->processAuthenticationFailure($customerId);
            if ($this->isLocked($customerId)) {
                throw new UserLockedException(__('The account is locked.'));
            }
            throw new InvalidEmailOrPasswordException(__('Invalid login or password.'));
        }
        return true;
    }

You can call this method and pass $customerId, and Password string. If password will be correct then it will return true. Otherwise it will throw an exception.

Related Solutions

Magento 1.9 – Password Does Not Match Issue

Enable template path hints and look in template for this line:

<?php echo $this->getBlockHtml('formkey'); ?>

If this is missing, add it in your template file.

Magento 1.9.3 – Customer Can’t Edit Information Without Entering Current Password

You have to change app/code/core/Mage/Customer/controllers/AccountController.php

For this behavoir these lines have to be moved after if ($customer->getIsChangePassword()) {

if (!$customer->validatePassword($this->getRequest()->getPost('current_password'))) {
    $errors[] = $this->__('Invalid current password');
}

... BUT you shouldn't do this!

-1 IMHO this validation is fine like it is. If developer's intention was to check current password just for changing password this input would be hidden until marking checkbox "change password".

and

IMHO to edit non-passwords account data from version 1.9.3.0 you have to provide current password too.

Magento CE 1.9.3.0 Release Notes, section Password enhancements

When a user changes their e-mail address, they are required to provide their password and to acknowledge the change from the previous address.

Had same question/problem in the past ... and have closes this pull request.

Best Answer

Related Solutions

Magento 1.9 – Password Does Not Match Issue

Magento 1.9.3 – Customer Can’t Edit Information Without Entering Current Password

Related Topic