public function remindReset(Request $request, Response $response, array $args)
{
$template = new \App\Template('remind_reset.twig');
// First check that the passwords match.
$password = $request->get('password');
if ($password !== $request->get('password-confirmation')) {
$template->alert('warning', 'Your passwords did not match.', true);
return new RedirectResponse($this->config->baseUrl() . "/remind/" . $args['userid'] . "/" . $args['token']);
}
// Then see if the token is valid.
$user = new User($this->db);
$user->load($args['userid']);
if (!$user->checkReminderToken($args['token'])) {
$template->alert('warning', 'That reminder token has expired. Please try again.', true);
return new RedirectResponse($this->config->baseUrl() . "/remind");
}
// Finally change the password. This will delete the token as well.
$user->changePassword($password);
$template->alert('success', 'Your password has been changed. Please log in.', true);
return new RedirectResponse($this->config->baseUrl() . "/login?name=" . $user->getName());
}
