I have user authorization on backend only (for admins) and I am trying to move password reset function to backend.
\backend\views\site\login.php
<?php $form = ActiveForm::begin(['id' => 'login-form']); ?>
//fields for username and password
<div class="form-group">
<?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>
</div>
<?php ActiveForm::end(); ?>
<div style="color:#999;margin:1em 0">
If you forgot your password you can <?= Html::a('reset it', ['request-password-reset']) ?>.
</div>
\backend\controllers\SiteController.php
public function actionLogin()
{
if (!\Yii::$app->user->isGuest) {
return $this->goHome();
}
$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {
return $this->goBack();
} else {
//enters here instead
return $this->render('login', [
'model' => $model,
]);
}
}
public function actionRequestPasswordReset()
{
//not entering here
$model = new PasswordResetRequestForm(); //placed in \common\models
if ($model->load(Yii::$app->request->post()) && $model->validate()) {
if ($model->sendEmail()) {
Yii::$app->session->setFlash('success', 'Check your email for further instructions.');
return $this->goHome();
} else {
Yii::$app->session->setFlash('error', 'Sorry, we are unable to reset password for email provided.');
}
}
return $this->render('requestPasswordResetToken', [
'model' => $model,
]);
}
The problem is when I click reset it the site redirects me to login.php again, so actionRequestPasswordReset() is not fired. Im new to Yii and would appreciate any help.
Update your controller's Access Control Filter to permit users who haven't logged in to access requestPasswordReset:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['request-password-reset'],
'allow' => true,
'roles' => ['?'],
],
...