/**
* @return string the user's new password.
*/
public static function resetPassword($username, $expires, $hash, $password = null)
{
$user = User::get($username);
$validhash = User::getPasswordResetHash($username, $expires, $user);
if (!$validhash) {
return false;
}
if ($expires < time()) {
return false;
}
if ($hash != $validhash) {
return false;
}
if ($user === false || $user->username != $username) {
return false;
}
if ($password === null) {
//If we don't get a password, generate an 8-character one for the user, using the Base64 character set (0-9A-Za-z+-.
$password = base64_encode(pack("n*", mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535)));
}
User::changePassword($user->username, $password);
return $password;
}
function send_reset_email($username, $email)
{
$user = User::get($username);
if ($user === false || $user->username != $username || $user->email != $email) {
return false;
}
$expires = time() + 24 * 60 * 60;
$hash = User::getPasswordResetHash($user->username, $expires, $user);
if (!$hash) {
return false;
}
$url = 'http://' . $_SERVER['SERVER_NAME'] . '/passwordreset.php?u=' . $user->username . '&e=' . $expires . '&h=' . $hash;
$emailbody = "Dear [{$user->username}],\n\n";
$emailbody .= "We received a request at www.grinnellplans.com to reset your Plans password.\n";
$emailbody .= "To confirm this request and reset your GrinnellPlans password, please click the link below: \n\n";
$emailbody .= $url . "\n\n";
$emailbody .= "If you are still having trouble accessing your GrinnellPlans account, reply to this email, and tell us what's going on.\n";
$emailbody .= "If you did not request a password reset, you may safely ignore this email. Your password will not be changed.\n\n";
$emailbody .= "Thanks for your continued interest in Plans!\nThe Plans Admins";
return send_mail($email, "GrinnellPlans password reset", $emailbody);
}
