public function actionResetPw($l = '', $deactivate = '')
{
if (Yii::app()->params['reset_token_hours'] <= 0) {
throw new CHttpException(404, Yii::t('mc', 'The requested page does not exist.'));
}
$model = new User();
$model->unsetAttributes();
$user = false;
$hash = false;
$l = trim(isset($_POST['l']) ? $_POST['l'] : $l);
if (strlen($l)) {
$exp = explode('l', $l);
$tt = (int) @$exp[0];
$ll = @$exp[1];
if (strlen($ll) == 22 && $tt > time()) {
$hash = md5($tt . '_' . $ll);
$model->reset_hash = '=' . $hash;
$prov = $model->search();
if ($prov->itemCount === 1) {
$user = $prov->getData();
$user = $user[0];
}
}
if (!$hash || !$user || $user->reset_hash !== $hash) {
Yii::app()->user->setFlash('reset-error', Yii::t('mc', 'Invalid password reset token.'));
$this->redirect(array('site/requestResetPw', 'state' => 'info'));
}
if ($deactivate == 'true') {
$user->reset_hash = '';
if ($user->save()) {
Yii::app()->user->setFlash('reset-success', Yii::t('mc', 'Password reset token deactivated.'));
Yii::log('Reset token deactivated');
} else {
Yii::app()->user->setFlash('reset-error', Yii::t('mc', 'Failed to deactivate password reset token.'));
}
$this->redirect(array('site/requestResetPw', 'state' => 'info'));
}
if (isset($_POST['User']['password'])) {
$user->scenario = 'reset';
$user->password = $_POST['User']['password'];
$user->confirmPassword = @$_POST['User']['confirmPassword'];
$user->reset_hash = '';
if ($user->save()) {
Yii::log('Password reset!');
Yii::app()->user->setFlash('reset-success', Yii::t('mc', 'Your password has been successfully changed.'));
$this->redirect(array('site/requestResetPw', 'state' => 'info'));
} else {
$model->addErrors($user->errors);
$model->password = $_POST['User']['password'];
$model->confirmPassword = @$_POST['User']['confirmPassword'];
}
}
$model->scenario = 'reset';
}
$this->render('resetPw', array('model' => $model, 'l' => $l));
}
