public function executePasswordReset(sfWebRequest $request)
{
$token = '';
if ($request->getParameter('t')) {
$token = $request->getParameter('t');
} else {
$param = $request->getParameter('passwordReset');
$token = $param['t'];
}
$token = trim($token);
// if the user is authenticated, they shouldn't get here
PcUtils::redirectLoggedInUser($this->getUser(), $this);
// Check the token is valid
$c = new Criteria();
$c->add(PcPasswordResetTokenPeer::TOKEN, $token, Criteria::EQUAL);
$entry = PcPasswordResetTokenPeer::doSelectOne($c);
if (!is_object($entry)) {
// the token is not valid
PcWatchdog::alert('Invalid Password Reset Token', 'This is the token ' . $token);
$this->forward('customAuth', 'passwordResetInvalidToken');
}
$this->form = new PasswordResetForm(array('t' => $token));
if ($request->isMethod('post')) {
$this->form->bind($request->getParameter('passwordReset'));
if ($this->form->isValid()) {
$fields = $request->getParameter('passwordReset');
$user = CustomAuth::resetPassword($token, $fields['password1']);
$this->redirect('/' . sfConfig::get('app_accountApp_frontController'));
}
}
}
/**
* Takes care after the user resets their password succcessfully
*
* @param string $token
* @param string $password - the new password to set (plain password)
* @return PcUser - the user who has reset their own password
*/
public static function resetPassword($token, $password)
{
$c = new Criteria();
$c->add(PcPasswordResetTokenPeer::TOKEN, $token, Criteria::EQUAL);
$tokenEntry = PcPasswordResetTokenPeer::doSelectOne($c);
$userId = $tokenEntry->getUserId();
$tokenEntry->delete();
$sfContext = sfContext::getInstance();
$user = PcUserPeer::retrieveByPk($userId);
$user->setPassword($password);
$user->save();
self::login($sfContext->getUser(), $user);
sfContext::getInstance()->getEventDispatcher()->notify(new sfEvent('userSetPassword', 'user.set_password', array('user' => $user, 'plainPassword' => $password)));
return $user;
}
