Set the new password (for DEFAULT user, FACEBOOK-users don't have a password)
Please note: At this point the user has already pre-verified via verifyPasswordReset() (within one hour),
so we don't need to check again for the 60min-limit here. In this method we authenticate
via username & password-reset-hash from (hidden) form fields.
public static setNewPassword ( string $user_name, string $user_password_reset_hash, string $user_password_new, string $user_password_repeat ) : boolean | ||
$user_name | string | |
$user_password_reset_hash | string | |
$user_password_new | string | |
$user_password_repeat | string | |
return | boolean | success state of the password reset |
/** * Set the new password * Please note that this happens while the user is not logged in. The user identifies via the data provided by the * password reset link from the email, automatically filled into the <form> fields. See verifyPasswordReset() * for more. Then (regardless of result) route user to index page (user will get success/error via feedback message) * POST request ! * TODO this is an _action */ public function setNewPassword() { PasswordResetModel::setNewPassword(Request::post('user_name'), Request::post('user_password_reset_hash'), Request::post('user_password_new'), Request::post('user_password_repeat')); Redirect::to('login/index'); }
require_once __DIR__ . '/../classes/SessionWrapper.php'; Tools::startSession(); $email1 = Request::get('email'); $code1 = Request::get('code'); if (empty($email1) || empty($code1)) { // redirect to the home page header("HTTP/1.0 301 Moved Permanently"); header("Location: " . Tools::getBaseUrl()); exit; } SessionWrapper::clearFeedback(); $verified = PasswordResetModel::verifyPasswordReset($email1, $code1); if ($verified) { SessionWrapper::clearFeedback(); if (!empty($_POST)) { $reset = PasswordResetModel::setNewPassword($email1, $code1, $_POST['user_password_new'], $_POST['user_password_repeat']); } } $headerMeta = array('es' => array('title' => 'Reestablecer contraseƱa'), 'en' => array('title' => 'Reset password')); $headerResources = ' <link href="' . Tools::getBaseUrl() . '/css/style-registro.css" rel="stylesheet" />'; require_once '../header.php'; ?> <main class="text-center"> <?php if ($verified) { if (!$reset) { ?> <form id="register_form" method="post"> <h1><?php