When trying to set the new & confirm passwords I get the error ‘Old password’ length must be at least 5 characters long (or something like that). The issue is the ‘change password’ app is used for both normal password changes (where the user knows his old password) and the ‘Forgot Password’ feature.
The form does hide the ‘old_pswd’ field but because it has a minimum length of 5 it still fails the form validation. So I have moved the minimum length validation into the onValidate event and removed it from the field properties. Just one line of code is changed to fix this problem (see attached image). I have also uploaded the new ‘sec_change_password’ app backup.
sc9_202206070756_export_PropertyManagement.zip (1.7 MB)
1 Like
Thanks, worked like a charm on version 9.9!
I made a copy of your onValidate code, and a picture of the field property change for the next member who need it: 
//if( (!isset({old_pswd}) || empty({old_pswd}) ) && (!isset([act_code]) || empty([act_code]) ) )
if( (strlen({old_pswd}) >0 && strlen({old_pswd}) <5) && (!isset([act_code]) || empty([act_code]) ) )
{
sc_error_message({lang_error_old_pswd});
sc_error_exit();
}
if({pswd} != {confirm_pswd})
{
sc_error_message({lang_error_pswd});
sc_error_exit();
}
$spswd = sc_sql_injection(hash("sha512",{pswd}));
$sold_pswd = ( isset([act_code]) && !empty([act_code]) ) ? "activation_code= ". sc_sql_injection([act_code]) : " pswd = ". sc_sql_injection(hash("sha512",{old_pswd}));
unset([act_code]);
$sql = "SELECT count(*) FROM sec_users WHERE ". $sold_pswd ." AND login = '". [usr_login] . "'";
sc_lookup(rs, $sql);
if({rs} === FALSE || {rs}[0][0] == 0)
{
sc_error_message({lang_error_old_pswd});
sc_error_exit();
}
