public function confirm_password_reset()
{
//////////////////////////////////////////////////
// Grab Some input //
//////////////////////////////////////////////////
if (!$this->input->post()) {
$code = $this->input->get('code');
$email = $this->input->get('email');
} else {
$code = $this->input->post('code');
$email = $this->input->post('email');
}
//////////////////////////////////////////////////
// Make sure they're legit //
//////////////////////////////////////////////////
// Have to have code and email in url params
if (!$code || !$email) {
redirect('main');
}
// Grab request by the code and make sure it exists
$reset_request = new PasswordReset();
$reset_request->where('code', $code);
$reset_request->get();
if (!$reset_request->exists()) {
redirect('main');
}
// Grab user from the reset request
$user = $reset_request->user;
$user->get();
// Make sure the user exists (redundant) and make sure
// the provided email matches.
if (!$user->exists() || $user->email != $email) {
redirect('main');
}
//////////////////////////////////////////////////
// Lets reset their password //
//////////////////////////////////////////////////
$this->load->library('form_validation');
$this->load->helper('form');
$data['code'] = $code;
$data['email'] = $email;
if (!$this->form_validation->run('users_confirm_password_reset')) {
$data['content'] = 'users/reset_password';
$this->load->view('master', $data);
} else {
// Just password, confirm matches in form validation
$password = $this->input->post('password');
$user->password = $password;
$user->save();
$reset_request->delete();
$this->session->set_userdata('user_id', $user->id);
redirect('users');
}
}
