CakePHP: Ask user to enter password when entering account

How can I make a user have to re-enter their password when they access their account? So for example: domain.com/account and then they see a simple password field (eve开发者_开发问答n though they are logged in) if they get the password wrong then they are logged out and sent to the home page with a session message saying 'for security reasons you have been logged out of your account'.

Can anyone help?

The account is the edit method in my users controller.

Thanks

I'd do something like this ~

// edit.ctp View
echo $this->Form->input('password_check', array('type'=>'password'));

// user.php Model
function check_user_password($get_the_current_users_id) { 
    $salt = Configure::read('Security.salt');
    $this->User->id = $get_the_current_users_id;
    $hashed_password = $this->User->field('password');
    // check password  
    if($hashed_password == md5($data['User']['password_check'].$salt)) {  
        return true;
    } else {
        return false;
    }
}  

You'd need to adjust the password hashing bit; if you don't use the salt etc.

But the idea is to compare the users hashed password in the database, to the one they submit. If it matches; then you can proceed. Else, you can logout/return an error. (For usability I would not log out a user as that would just be annoying.)