/** * Validate the key. */ public function clean_key() { $this->cleaned_data['key'] = trim($this->cleaned_data['key']); $error = __('We are sorry but this validation key is not valid. Maybe you should directly copy/paste it from your validation email.'); if (false === ($cres = IDF_Form_PasswordInputKey::checkKeyHash($this->cleaned_data['key']))) { throw new Pluf_Form_Invalid($error); } $guser = new Pluf_User(); $sql = new Pluf_SQL('email=%s AND id=%s', array($cres[0], $cres[1])); if ($guser->getCount(array('filter' => $sql->gen())) != 1) { throw new Pluf_Form_Invalid($error); } if (time() - $cres[2] > 86400) { throw new Pluf_Form_Invalid(__('Sorry, but this verification key has expired, please restart the password recovery sequence. For security reasons, the verification key is only valid 24h.')); } return $this->cleaned_data['key']; }
/** * Just a simple input box to provide the code and redirect to * passwordRecovery */ public function passwordRecoveryInputCode($request, $match) { $title = __('Password Recovery'); if ($request->method == 'POST') { $form = new IDF_Form_PasswordInputKey($request->POST); if ($form->isValid()) { $url = $form->save(); return new Pluf_HTTP_Response_Redirect($url); } } else { $form = new IDF_Form_PasswordInputKey(); } return Pluf_Shortcuts_RenderToResponse('idf/user/passrecovery-inputkey.html', array('page_title' => $title, 'form' => $form), $request); }