This code in UsersController.php:
if ($this->request->getData('password') != $this->request->getData('confirm_password')) {
$this->Flash->error('Your passwords do not match. Please check your passwords and try again.');
}
should be turned into validation rules in UsersTable::validationDefault(). That will make the handling of validation more consistent and will make this rule actually prevent the password from being updated.
This code in
UsersController.php:should be turned into validation rules in
UsersTable::validationDefault(). That will make the handling of validation more consistent and will make this rule actually prevent the password from being updated.