No Model Validations are happening On Update. $model->validate() returns true always. So save happens even if wrong data
Following is change password functionality
View
<?php echo $form->passwordField($model, 'currentpassword', array('class'=>'form-control','required'=>'required', 'value'=>'', 'maxlength'=>'40', 'pattern'=>'[a-zA-Z0-9-]{6,40}', 'title'=>'Password should be 6-40 characters containing a-z and 0-9')); ?>
<?php echo $form->error($model, 'currentpassword'); ?>
<?php echo $form->passwordField($model, 'password', array('class'=>'form-control','required'=>'required', 'value'=>'', 'maxlength'=>'40', 'pattern'=>'[a-zA-Z0-9-]{6,40}', 'title'=>'Password should be 6-40 characters containing a-z and 0-9')); ?>
<?php echo $form->error($model, 'password'); ?>
<?php echo $form->passwordField($model, 'confirmpassword', array('class'=>'form-control','required'=>'required', 'value'=>'', 'maxlength'=>'40', 'pattern'=>'[a-zA-Z0-9-]{6,40}', 'title'=>'Password should be 6-40 characters containing a-z and 0-9')); ?>
<?php echo $form->error($model, 'confirmpassword'); ?>
Controller
public function actionChangepassword()
{
$this->layout = (Yii::app()->request->isAjaxRequest) ? '//layouts/ajax' : '//layouts/precolumn2';
$model = new User('changepassword');
$data = array();
if (isset($_POST['User'])) {
$model = User::model()->findByPk(Yii::app()->User->getId());
$model->attributes=$_POST['User'];
if ($model->save()) {
$message = array(
'type' =>'success',
'message' =>'Password Changed.');
$data['message'] = $message;
}
}
$data['model'] = $model;
$this->render('changepassword',$data);
}
Model
public function rules()
{
// NOTE: you should only define rules for those attributes that
// will receive user inputs.
return array(
array('name, user_type_id', 'required','on'=>'signup'),
array('name, email', 'length', 'max'=>255),
array('email', 'required','on'=>array('recover','signup')),
array('email', 'exists','on'=> 'recover'),
array('email', 'unique'),
array('email', 'email'),
array('user_login_count, user_like_count, user_share_count, user_view_count, user_comment_count, user_rating_count', 'numerical', 'integerOnly'=>true),
array('password', 'length', 'max'=>100),
array('password, confirmpassword', 'required','on'=>array('signup','resetpassword','changepassword')),
array('confirmpassword', 'compare', 'compareAttribute'=>'password','on'=>array('signup','resetpassword','changepassword'),'message'=>'Passwords dont match'),
array('currentpassword', 'compareCurrentPassword','on'=>array('changepassword')),
);
}
Check out your line $model = User::model()->findByPk(Yii::app()->User->getId()); Looks like you need to set the scenario in there as you're creating a new user without the 'changepassword' scenario.
For example:
$model = User::model('changepassword')->findByPk(Yii::app()->User->getId());