function signOn($errors = array())
{
global $ost;
if (!isset($_POST['userid']) || !isset($_POST['token'])) {
return false;
} elseif (!($_config = new Config('pwreset'))) {
return false;
} elseif (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) {
$errors['msg'] = __('Invalid user-id given');
} elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) {
$errors['msg'] = __('Invalid reset token');
} elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) {
$errors['msg'] = __('Invalid reset token');
} elseif (!$staff->forcePasswdRest()) {
$errors['msg'] = __('Unable to reset password');
} else {
return $staff;
}
}
}
} else {
$msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']);
}
break;
case 'newpasswd':
// TODO: Compare passwords
$tpl = 'pwreset.login.php';
$_config = new Config('pwreset');
if (($staff = new StaffSession($_POST['userid'])) && !$staff->getId()) {
$msg = 'Invalid user-id given';
} elseif (!($id = $_config->get($_POST['token'])) || $id != $staff->getId()) {
$msg = 'Invalid reset token';
} elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) {
$msg = 'Invalid reset token';
} elseif (!$staff->forcePasswdRest()) {
$msg = 'Unable to reset password';
} else {
$info = array('page' => 'index.php');
Signal::send('auth.pwreset.login', $staff, $info);
Staff::_do_login($staff, $_POST['userid']);
$_SESSION['_staff']['reset-token'] = $_POST['token'];
header('Location: ' . $info['page']);
exit;
}
break;
}
} elseif ($_GET['token']) {
$msg = 'Re-enter your username or email';
$_config = new Config('pwreset');
if (($id = $_config->get($_GET['token'])) && ($staff = Staff::lookup($id))) {
