public function actionResetPw($l = '', $deactivate = '') { if (Yii::app()->params['reset_token_hours'] <= 0) { throw new CHttpException(404, Yii::t('mc', 'The requested page does not exist.')); } $model = new User(); $model->unsetAttributes(); $user = false; $hash = false; $l = trim(isset($_POST['l']) ? $_POST['l'] : $l); if (strlen($l)) { $exp = explode('l', $l); $tt = (int) @$exp[0]; $ll = @$exp[1]; if (strlen($ll) == 22 && $tt > time()) { $hash = md5($tt . '_' . $ll); $model->reset_hash = '=' . $hash; $prov = $model->search(); if ($prov->itemCount === 1) { $user = $prov->getData(); $user = $user[0]; } } if (!$hash || !$user || $user->reset_hash !== $hash) { Yii::app()->user->setFlash('reset-error', Yii::t('mc', 'Invalid password reset token.')); $this->redirect(array('site/requestResetPw', 'state' => 'info')); } if ($deactivate == 'true') { $user->reset_hash = ''; if ($user->save()) { Yii::app()->user->setFlash('reset-success', Yii::t('mc', 'Password reset token deactivated.')); Yii::log('Reset token deactivated'); } else { Yii::app()->user->setFlash('reset-error', Yii::t('mc', 'Failed to deactivate password reset token.')); } $this->redirect(array('site/requestResetPw', 'state' => 'info')); } if (isset($_POST['User']['password'])) { $user->scenario = 'reset'; $user->password = $_POST['User']['password']; $user->confirmPassword = @$_POST['User']['confirmPassword']; $user->reset_hash = ''; if ($user->save()) { Yii::log('Password reset!'); Yii::app()->user->setFlash('reset-success', Yii::t('mc', 'Your password has been successfully changed.')); $this->redirect(array('site/requestResetPw', 'state' => 'info')); } else { $model->addErrors($user->errors); $model->password = $_POST['User']['password']; $model->confirmPassword = @$_POST['User']['confirmPassword']; } } $model->scenario = 'reset'; } $this->render('resetPw', array('model' => $model, 'l' => $l)); }