在 Yii2 中更新用户配置文件时如何管理密码

我可以成功添加用户,对于密码散列,我正在使用 md5() 但是当我更新用户时出现错误。


public function rules()
    return [
        [['firstname', 'lastname', 'username', 'email', 'role', 'group_user','status'], 'required'],
        [['confirm'], 'compare', 'compareAttribute' => 'password','on'=>'create'],
        [['firstname', 'lastname', 'username', 'email', 'password', 'confirm', ], 'string', 'max' => 255],


<div class="form-group">
    if($case == 'create') { //this condition called when create user 
        echo $form->field($model, 'password')->passwordInput([
            'maxlength' => true,
            'placeholder' => 'Enter the Password',
    else { // during update
        echo $form->field($model, 'password')->passwordInput([
            'maxlength' => true,
            'placeholder' => 'Enter the Password',
            'value' => '',

<div class="form-group">
    <?= $form->field($model, 'confirm')->passwordInput([
        'maxlength' => true,
        'placeholder' => 'Confirm Password',
    ]) ?>   


public function actionUpdate($id)
    $model = $this->findModel($id);
    $case = "update";
    if ($model->load(Yii::$app->request->post())) {
        return $this->redirect(['view', 'id' => $model->id]);
    else {
        return $this->render('update', [
            'model' => $model,
            'all_users_array' => $all_users_array,
            'all_groups_array' => $all_groups_array,
            'case' => $case,


Undefined offset: 1 Failed to prepare SQL: UPDATE xbox_user SET password=:qp0, role=:qp1, modified=:qp2, status=:qp3 WHERE id=:qp4




[['confirm'], 'compare', 'compareAttribute' => 'password','on'=>'create']

如果不起作用,请按照以下步骤创建您的更新方案,不要比较密码 你试过场景了吗..我会举一个简单的用户注册和用户登录的例子希望对你有帮助

class User extends Model
    public $name;
    public $email;
    public $password;
    public function rules(){
        return [
            [['name', 'email', 'password'], 'required', 'on' => 'register'],
    public function scenarios()
        $scenarios = parent::scenarios();
        $scenarios['login'] = ['name','password'];//Scenario Values Only Accepted
        return $scenarios;

模型应用场景 看下面的代码,我们添加了两种设置模型场景的方法。默认情况下,场景将支持模型规则。

class UserController extends Controller
    // scenario is set as a property
    public function  actionLogin(){
        $model = new User;
        $model->scenario = 'login';
    // scenario is set through configuration
    public function  actionRegister(){
        $model = new User(['scenario' => 'register']);


public function rules()
    return [
        [['firstname', 'lastname', 'username', 'email', 'role', 'group_user','status'], 'required'],
        [['password', 'confirm'], 'required', 'on' => 'create'],

        ['confirm', 'compare', 'compareAttribute' => 'password', 'message'=>"Passwords does not match." ],
        [['firstname', 'lastname', 'username', 'email', 'password', 'confirm', ], 'string', 'max' => 255],


public function actionUpdate($id)
    $model = $this->findModel($id);
    $model->passowrd = '';
    $model->confirm = '';

    if ($model->load(Yii::$app->request->post())) {
        $model->role = $model->role[0]; 
        if (empty($model->password) || empty($model->confirm)) {
            $model->password = $model->getOldAttribute('password');
            $model->confirm = $model->getOldAttribute('confirm');
        if ($model->save()) {
            return $this->redirect(['view', 'id' => $model->id]);
    } else {
        return $this->render('update', [
            'model' => $model,


<div class="form-group">
    <?= $form->field($model, 'password')->passwordInput(['maxlength' => true,'placeholder'=>'Enter the Password']) ?>
<div class="form-group">
    <?= $form->field($model, 'confirm')->passwordInput(['maxlength' => true,'placeholder'=>'Confirm Password']) ?>   

我有自己的基本用户模型,我在大多数项目中重复使用它,它处理更新新密码或在更新表单未提供密码的情况下保留前一个密码。还实现了 IdentityInterface,因此它可用于登录到应用程序。



namespace app\models;

use Yii;
use yii\db\ActiveRecord;
use yii\web\IdentityInterface;

class User extends ActiveRecord implements IdentityInterface {
    const SCENARIO_LOGIN = 'login';
    const SCENARIO_CREATE = 'create';
    const SCENARIO_UPDATE = 'update';

    // We use $hash to save the hashed password we already have saved in the DB
    public $hash;
    public $password_repeat;

     * @inheritdoc
    public static function tableName() {
        return 'user';

     * @inheritdoc
    public function scenarios() {
        $scenarios = parent::scenarios();
        $scenarios[self::SCENARIO_LOGIN] = ['user', 'password'];
        $scenarios[self::SCENARIO_CREATE] = ['user', 'password', 'password_repeat', 'email', 'authKey'];
        $scenarios[self::SCENARIO_UPDATE] = ['user', 'password', 'password_repeat', 'email'];
        return $scenarios;

     * @inheritdoc
    public function rules() {
        return [
            [['user'], 'string', 'max' => 45],

            [['email'], 'string', 'max' => 45],
            [['email'], 'email'],

            [['password', 'password_repeat'], 'string', 'max' => 60],

            [['authKey'], 'string', 'max' => 32],

            [['user', 'password'], 'required', 'on' => self::SCENARIO_LOGIN],
            [['user', 'password', 'password_repeat', 'email'], 'required', 'on' => self::SCENARIO_CREATE],
            [['user', 'email'], 'required', 'on' => self::SCENARIO_UPDATE],

            // Generate a random String with 32 characters to use as AuthKey
            [['authKey'], 'default', 'on' => self::SCENARIO_CREATE, 'value' => Yii::$app->getSecurity()->generateRandomString()],

            [['password'], 'compare', 'on' => self::SCENARIO_CREATE, 'skipOnEmpty' => true],

            [['user'], 'unique'],

     * @inheritdoc
    public function attributeLabels() {
        return [
            'id' => 'Id',
            'user' => 'User',
            'password' => 'Password',
            'authKey' => 'AuthKey',
            'email' => 'Email',

     * @inheritdoc
    public function beforeSave($insert) {
        if (parent::beforeSave($insert)) {
            if($insert) {
                $this->password = Yii::$app->getSecurity()->generatePasswordHash($this->password);
            else {
                if(strlen($this->password) > 0) {
                    $this->password = Yii::$app->getSecurity()->generatePasswordHash($this->password);
                else {
                    $this->password = $this->hash;
            return true;
        return false;

     * @inheritdoc
    public function afterFind() {
        $this->hash = $this->password;
        $this->password = '';

     * @inheritdoc
    public static function findIdentity($id) {
        return self::findOne($id);

     * @inheritdoc
    public static function findIdentityByAccessToken($token, $type = null) {
        throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');

     * @inheritdoc
    public static function findByUsername($username) {
        $model = static::findOne(['user' => $username]);
        return $model;

     * @inheritdoc
    public function getId() {
        return $this->getPrimaryKey();

     * @inheritdoc
    public function getAuthKey() {
        return $this->authKey;

     * @inheritdoc
    public function validateAuthKey($authKey) {
        return $this->authKey === $authKey;

     * Validates password
     * @param string $password password to validate
     * @return boolean if password provided is valid for current user
    public function validatePassword($password) {
        return Yii::$app->getSecurity()->validatePassword($password, $this->hash);


$model->scenario = User::SCENARIO_LOGIN;
$model->scenario = User::SCENARIO_CREATE;
$model->scenario = User::SCENARIO_UPDATE;

在你的情况下最好使用 scenarios 并且对于其他要求也使用 rules() ,在 Users.php 模型文件中编写以下代码:

public function scenarios(){
  $scenarios = parent::scenarios();
  $scenarios['create'] = ['firstname', 'lastname', 'username', 'email', 'role', 'group_user','status', 'password','confirm'];
  $scenarios['update'] = ['firstname', 'lastname', 'username', 'email', 'role', 'group_user','status'];
  return $scenarios;

 * @inheritdoc
public function rules()
    return [
        [['firstname', 'lastname', 'username', 'email', 'role', 'group_user','status', 'password','confirm'], 'required'],
        ['email', 'filter', 'filter' => 'trim'],
        ['email', 'unique' ],
        ['email', 'unique' ,'targetAttribute' => 'email'],
        ['email', 'required'],
        ['email', 'email'],
        ['email', 'unique', 'targetClass' => '\common\models\Users', 'message' => 'This email address has already been taken.'],
        ['confirm', 'compare', 'compareAttribute'=>'password', 'message'=>"Passwords does not match." ],
        [['firstname', 'lastname', 'username', 'email', 'password', 'confirm', ], 'string', 'max' => 255],


<div class="form-group">
  if($case == 'create'){
    echo $form->field($model, 'password')->passwordInput(['maxlength' => true,'placeholder'=>'Enter the Password']);
    echo $form->field($model, 'password')->passwordInput(['maxlength' => true,'placeholder'=>'Enter the Password']);
<div class="form-group">
    <?= $form->field($model, 'confirm')->passwordInput(['maxlength' =>true,'placeholder'=>'Confirm Password']) ?>   

并在您的控制器文件中,UsersController.php 使用以下代码:

public function actionUpdate($id)
  $model = $this->findModel($id);

  $model->scenario = 'update'; // calling scenario of update
  if ($model->load(Yii::$app->request->post())) {

        $req_array = yii::$app->request->post();
        $role  = $req_array['Users']['role'][0];

        $model->role = $role;
        if($req_array['Users']['password'] !== $req_array['Users']['confirm'])
          $model->addError('confirm','Password and Confirm should be same.');
          $model->password = $req_array['Users']['password'];
          $model->confirm = $req_array['Users']['confirm'];
          return $this->render('update', [
              'model' => $model,
        elseif( ($req_array['Users']['password'] == $req_array['Users']['confirm']) && (!empty($req_array['Users']['password'])))
          $model->password = MD5($req_array['Users']['password']);
          return $this->redirect(['view', 'id' => $model->id]);

          return $this->redirect(['view', 'id' => $model->id]);
      } else {
          $model->password = '';
          return $this->render('update', [
              'model' => $model,

使用此代码,您将不会在更新时收到所需密码的错误,如果您填写密码,则确认密码和所需密码的过程将为 运行。 希望对你有所帮助。