* Allows users to begin the password reset process. * * @package User */ // process the form if ('POST' == $_SERVER['REQUEST_METHOD']) { $users = new Model_User(); $users->where('email = ?', $_REQUEST['email']); if (1 == $users->getTotal()) { // get userid, resetkey, and set to expire in 1 day $user = $users->getFirst(); $userid = $user->get('userid'); $resetkey = randomID(); $expire = date('Y-m-d H:i:s', time() + 86400); // create an entry in the password reset table $reset = Model_UserReset::Create(); $reset->set('userid', $userid); $reset->set('resetkey', $resetkey); $reset->set('expire', $expire); $reset->save(); // construct e-mail body $mm = new Pagemill($pm->root()->fork()); $mm->setVariable('username', $user->get('username')); $mm->setVariable('reseturl', sprintf('http://%s%s/password?userid=%d&resetkey=%s', $_SERVER['HTTP_HOST'], TYPEF_WEB_DIR, $userid, $resetkey)); $body = str_replace('&', '&', $mm->writeString('<pm:include template="/users/reset.eml" />', true)); // e-mail the user so they can reset their password $mailer = new Mailer(); $mailer->Configure(); $mailer->IsHTML(true); $mailer->AddAddress($_POST['email']); $mailer->Subject = 'Request to Reset Password for ' . TYPEF_TITLE;
<?php /** * User new password controller. * * Allows users to complete the password reset process. * * @package User */ // delete expired resets // get userid, resetkey $userid = trim(@$_REQUEST['userid']); $resetkey = trim(@$_REQUEST['resetkey']); // count resets for userid-resetkey; load user $reset = Model_UserReset::Get(array('userid' => $userid, 'resetkey' => $resetkey)); $user = Model_User::Get($userid); // if no resets or invalid user, report error if (!$reset->exists() || !$user->exists()) { Typeframe::Redirect('Invalid reset key.', TYPEF_WEB_DIR . '/', -1); return; } // process form if ('POST' == $_SERVER['REQUEST_METHOD']) { // get password and password2 $password = trim(@$_POST['password']); $password2 = trim(@$_POST['password2']); // check for errors if (!strlen($password) && !strlen($password2)) { $pm->addLoop('errors', array('message' => 'A password is required.')); } elseif ($password != $password2) { $pm->addLoop('errors', array('message' => 'The passwords you entered did not match.'));