public function resetpass() { try { //how do we find them? if ($this->args('id')) { $user = new User($this->args('id')); } else { if ($this->args('username')) { $user = User::byUsername($this->args('username')); } else { $user = User::$me; } } //are we cool? if (!$user->isHydrated()) { $this->set('megaerror', "Could not find that user."); } //is that hash good? pass it bro! if ($user->get('pass_reset_hash') != $this->args('hash')) { throw new Exception("Invalid hash. Die hacker scum."); } //one time use only. $user->set('pass_reset_hash', ''); $user->save(); User::createLogin($user); $this->forwardToUrl('/user/changepass'); } catch (Exception $e) { $this->setTitle('Reset Pass - Error'); $this->set('megaerror', $e->getMessage()); } }