3

When a user successfully login and come to home page there is a link "change password" for changing password .It displays a form to change password having three input box for old password, new password confirm new password

Here is my code.

forms.py

class reset_form(forms.Form):


    oldpassword = forms.CharField(max_length = 20, widget=forms.TextInput(attrs={'type':'password', 'placeholder':'your old Password',  'class' : 'span'}))
    newpassword1 = forms.CharField(max_length = 20, widget=forms.TextInput(attrs={'type':'password', 'placeholder':'New Password',  'class' : 'span'}))
    newpassword2 = forms.CharField(max_length = 20, widget=forms.TextInput(attrs={'type':'password', 'placeholder':'Confirm New Password',  'class' : 'span'}))


    def clean(self):
        if 'newpassword1' in self.cleaned_data and 'newpassword2' in self.cleaned_data:
            if self.cleaned_data['newpassword1'] != self.cleaned_data['newpassword2']:
                raise forms.ValidationError(_("The two password fields did not match."))
        return self.cleaned_data

views.py

def change_password(request):

    if request.method == 'POST':
        form = reset_form(request.POST)
        if form.is_valid():
            newpassword=form.cleaned_data['newpassword1'],
            username=request.user.username
            password=request.user.password

            user = authenticate(username=username, password=password)
            if user is not None:
                user.set_password(newpassword)
                user.save()
                return HttpResponseRedirect('/reset/success/')

            else:
                return render(request, 'reset_password.html',{'error':'You have entered wrong old password','form': form})

        else:
           return render(request, 'reset_password.html',{'error':'You have entered old password','form': form})
    else:
        form = reset_form()
    content = RequestContext(request, {'form': form})  
    return render(request, 'reset_password.html', content,)

After submitting the form with correct old password i am getting this message You have entered wrong old password I dont know why i am geeting this error message please help with this code

Binit Singh
  • 973
  • 4
  • 14
  • 35
  • Does this answer your question? [How to implement password change form in Django 1.9](https://stackoverflow.com/questions/35256802/how-to-implement-password-change-form-in-django-1-9) – Tomerikoo Jul 21 '21 at 09:57

1 Answers1

6

For some reason you're using the password field stored in the database, via request.user, rather than then one they've actually entered in the form. The database version is hashed, and when you call authenticate it hashes it again, so fails to match.

You should be using the value the user enters in the form:

username = request.user.username
password = form.cleaned_data['oldpassword']

user = authenticate(username=username, password=password)
Daniel Roseman
  • 588,541
  • 66
  • 880
  • 895
  • Thanks Daniel for answer it really helped me. But now i am getting another issue my password is changed but to some other text. Now my password is not the old one nor the new password which i have supplied. What i should do ? – Binit Singh Jan 17 '14 at 12:19
  • 1
    How are you determining that? Don't forget, as I mentioned in the answer, the password is stored hashed in the database. – Daniel Roseman Jan 17 '14 at 12:34