/**
* @return \Phalcon\Http\ResponseInterface
*/
public function forgotpasswordAction()
{
//Resets any "template before" layouts because we use mutiple theme
$this->view->cleanTemplateBefore();
if ($this->session->has('auth')) {
$this->view->disable();
return $this->response->redirect();
}
$form = new ForgotPasswordForm();
if ($this->request->isPost()) {
if (!$form->isValid($_POST)) {
foreach ($form->getMessages() as $message) {
$this->flashSession->error($message);
}
} else {
$object = Users::findFirstByEmail($this->request->getPost('email'));
if (!$object) {
// @TODO: Implement brute force protection
$this->flashSession->error(t('User not found.'));
return $this->response->redirect('auth/forgotpassword');
}
$lastpass = $object->getLastPasswdReset();
if (!empty($lastpass) && date('Y-m-d H:i:s') - $object->getLastPasswdReset() > $this->config->application->passwdResetInterval) {
$this->flashSession->error(t('You need to wait ') . (date('Y-m-d H:i:s') - $object->getLastPasswdReset()) . ' minutes');
return $this->response->redirect('auth/forgotpassword');
}
$passwordForgotHash = sha1('forgot' . microtime());
$object->setPasswdForgotHash($passwordForgotHash);
$object->setLastPasswdReset(date('Y-m-d H:i:s'));
if (!$object->save()) {
$this->displayModelErrors($object);
} else {
$params = ['firstname' => $object->getFirstname(), 'lastname' => $object->getLastname(), 'link' => ($this->request->isSecureRequest() ? 'https://' : 'http://') . $this->request->getHttpHost() . '/auth/resetpassword/' . $passwordForgotHash];
if (!$this->mail->send($object->getEmail(), 'forgotpassword', $params)) {
$this->flashSession->error(t('Error sendig email.'));
} else {
$this->flashSession->success(t('An email was sent to your address in order to continue with the reset password process.'));
return $this->response->redirect();
}
}
}
}
$this->assets->addCss('css/login.css');
$this->view->form = $form;
}
