function reset($code = null) { if ($code != null) { // Process reset // If two passwords submitted then check, otherwise show form if (isset($_POST['password1']) && $_POST['password1'] != '' && isset($_POST['password2']) && $_POST['password2'] != '') { if (User::check_password_reset_code($code) == FALSE) { exit; } $error = ''; // Check password $password_check = $this->check_password($_POST['password1'], $_POST['password2']); if ($password_check !== TRUE) { $error .= $password_check; } // Error processing if ($error == '') { $user_id = User::check_password_reset_code($code); // Get user object $user = User::get_by_id($user_id); // Do update $user->update_password($_POST['password1'], $this->config->encryption_salt); $user->authenticate($_POST['password1'], $this->config->encryption_salt); // Set welcome message Application::flash('success', 'Password updated! Welcome back to ' . $this->config->name . '!'); // Get redirected if (isset($this->uri['params']['redirect_to'])) { $redirect_url = $this->uri['params']['redirect_to']; } else { $redirect_url = $this->config->url; } // Go forth header('Location: ' . $redirect_url); exit; } else { // Show error message if (User::check_password_reset_code($code) == TRUE) { Application::flash('error', $error); $this->loadView('users/reset', array('valid_code' => TRUE, 'code' => $code)); } else { $this->loadView(); } } } else { // Code present so show password reset form if (User::check_password_reset_code($code) == TRUE) { // Invite code valid $this->loadView('users/reset', array('valid_code' => TRUE, 'code' => $code)); } else { throw new RoutingException($uri, "Page not found"); } } } else { // No code in URL so show new reset form if (isset($_POST['email'])) { // Email submitted so send password reset email $user = User::get_by_email($_POST['email']); // Check is a user if ($user != NULL) { // Generate code $code = $user->generate_password_reset_code(); $to = array('email' => $_POST['email']); $link = substr($this->config->url, 0, -1) . $this->url_for('users', 'reset', $code); $subject = '[' . $this->config->name . '] Password reset'; $body = $this->twig_string->render(file_get_contents("themes/{$this->config->theme}/emails/password_reset.html"), array('user' => $user, 'link' => $link, 'app' => $this)); // Email user $this->email->send_email($to, $subject, $body); } Application::flash('info', 'Check your email for instructions about how to reset your password!'); } $this->loadView('users/reset', array('valid_code' => FALSE, 'code' => $code)); } }