public function remindReset(Request $request, Response $response, array $args) { $template = new \App\Template('remind_reset.twig'); // First check that the passwords match. $password = $request->get('password'); if ($password !== $request->get('password-confirmation')) { $template->alert('warning', 'Your passwords did not match.', true); return new RedirectResponse($this->config->baseUrl() . "/remind/" . $args['userid'] . "/" . $args['token']); } // Then see if the token is valid. $user = new User($this->db); $user->load($args['userid']); if (!$user->checkReminderToken($args['token'])) { $template->alert('warning', 'That reminder token has expired. Please try again.', true); return new RedirectResponse($this->config->baseUrl() . "/remind"); } // Finally change the password. This will delete the token as well. $user->changePassword($password); $template->alert('success', 'Your password has been changed. Please log in.', true); return new RedirectResponse($this->config->baseUrl() . "/login?name=" . $user->getName()); }