<?php
/* setup includes */
require_once 'includes/master.inc.php';
// check for pending hash
$userId = (int) $_REQUEST['u'];
$passwordHash = $_REQUEST['h'];
$user = UserPeer::loadUserByPasswordResetHash($passwordHash);
if (!$user) {
redirect(WEB_ROOT);
}
// check user id passed is valid
if ($user->id != $userId) {
redirect(WEB_ROOT);
}
/* setup page */
define("PAGE_NAME", t("forgot_password_page_name", "Forgot Password"));
define("PAGE_DESCRIPTION", t("forgot_password_meta_description", "Forgot account password"));
define("PAGE_KEYWORDS", t("forgot_password_meta_keywords", "forgot, password, account, short, url, user"));
$success = false;
/* register user */
if ((int) $_REQUEST['submitme']) {
// validation
$password = trim($_REQUEST['password']);
$confirmPassword = trim($_REQUEST['confirmPassword']);
if (!strlen($password)) {
setError(t("please_enter_your_password", "Please enter your new password"));
} elseif (strlen($password) < 6 || strlen($password) > 20) {
setError(t("password_length_incorrect", "Password should be between 6 - 20 characters in length"));
} elseif (containsInvalidCharacters(strtolower($password, 'abcdefghijklmnopqrstuvwxyz1234567890@~#!-_£$&*()^%}{()'))) {
setError(t("password_contains_illegal_characters", "Password contains invalid characters, please choose another."));
