public function action_recover($hash = null)
{
if (Input::Method() === "POST") {
if ($user = \Model\Auth_User::find_by_email(Input::POST('email'))) {
// generate a recovery hash
$hash = \Auth::instance()->hash_password(\Str::random()) . $user->id;
// and store it in the user profile
\Auth::update_user(array('lostpassword_hash' => $hash, 'lostpassword_created' => time()), $user->username);
// send an email out with a reset link
\Package::load('email');
$email = \Email::forge();
$html = 'Your password recovery link <a href="' . Uri::Create('login/recover/' . $hash) . '">Recover My Password!</a>';
// use a view file to generate the email message
$email->html_body($html);
// give it a subject
$email->subject(\Settings::Get('site_name') . ' Password Recovery');
// GET ADMIN EMAIL FROM SETTINGS?
$admin_email = Settings::get('admin_email');
if (empty($admin_email) === false) {
$from = $admin_email;
} else {
$from = 'support@' . str_replace('http:', '', str_replace('/', '', Uri::Base(false)));
}
$email->from($from);
$email->to($user->email, $user->fullname);
// and off it goes (if all goes well)!
try {
// send the email
$email->send();
Session::set('success', 'Email has been sent to ' . $user->email . '! Please check your spam folder!');
} catch (\Exception $e) {
Session::Set('error', 'We failed to send the eamil , contact ' . $admin_email);
\Response::redirect_back();
}
} else {
Session::Set('error', 'Sorry there is not a matching email!');
}
} elseif (empty($hash) === false) {
$hash = str_replace(Uri::Create('login/recover/'), '', Uri::current());
$user = substr($hash, 44);
if ($user = \Model\Auth_User::find_by_id($user)) {
// do we have this hash for this user, and hasn't it expired yet , must be within 24 hours
if (isset($user->lostpassword_hash) and $user->lostpassword_hash == $hash and time() - $user->lostpassword_created < 86400) {
// invalidate the hash
\Auth::update_user(array('lostpassword_hash' => null, 'lostpassword_created' => null), $user->username);
// log the user in and go to the profile to change the password
if (\Auth::instance()->force_login($user->id)) {
Session::Set('current_password', Auth::reset_password($user->username));
Response::Redirect(Uri::Create('user/settings'));
}
}
}
Session::Set('error', 'Invalid Hash!');
}
$this->template->content = View::forge('login/recover');
}
public function action_recover($hash = null)
{
/*
* https://myturbotax.intuit.com/account-recovery?offering_id=Intuit.cg.myturbotax&username=daniel.rodas1&locale=en-Us&offering_env=prd&confirmation_id=910855&namespace_id=50000003
*/
//email use a link
// was the lostpassword form posted?
if (\Input::method() == 'POST') {
// do we have a posted email address?
if ($email = \Input::post('email')) {
// do we know this user?
if ($user = \Model\Auth_User::find_by_email($email)) {
// generate a recovery hash
$hash = \Auth::instance()->hash_password(\Str::random()) . $user->id;
// and store it in the user profile
\Auth::update_user(array('lostpassword_hash' => $hash, 'lostpassword_created' => time()), $user->username);
\Package::load('email');
$email = \Email::forge();
$data = array();
$hash = Crypt::encode($hash, 'R@nd0mK~Y');
$data['url'] = \Uri::create('user/password/recover/' . $hash);
$data['user'] = $user;
// use a view file to generate the email message
$email->html_body(View::forge('user/password/email', $data));
// give it a subject
$email->subject('RN | WJS Password Recovery');
// $email->subject(__('user.login.password-recovery'));
// add from- and to address
// $from = \Config::get('application.email-addresses.from.website');
// $from = array('email' => '*****@*****.**', 'name' => 'RN | Wall Street Journal');
// $email->from($from['email']);
$email->from('*****@*****.**');
$email->to($user->email);
// and off it goes (if all goes well)!
try {
// send the email
// $email->send();
\Messages::success('Please check your email for instructions to reset your password');
// \Messages::success(__('user.login.recovery-email-send'));
\Response::redirect('user/password/confirm/' . $user->id);
} catch (\EmailValidationFailedException $e) {
\Messages::error('INVALID EMAIL !');
\Messages::error($e->getMessage());
// \Messages::error(__('user.login.invalid-email-address'));
\Response::redirect_back();
} catch (\Exception $e) {
// log the error so an administrator can have a look
logger(\Fuel::L_ERROR, '*** Error sending email (' . __FILE__ . '#' . __LINE__ . '): ' . $e->getMessage());
// \Messages::error($e->getMessage());
\Messages::error('ERROR SENDING EMAIL !');
// \Messages::error(__('user.login.error-sending-email'));
}
}
} else {
// inform the user and fall through to the form
\Messages::error(__('user.login.error-missing-email'));
}
// inform the user an email is on the way (or not ;-))
\Messages::info(__('user.login.recovery-email-send'));
\Response::redirect_back();
} elseif ($hash !== null) {
$hash = Crypt::decode($hash, 'R@nd0mK~Y');
// get the userid from the hash
$user = substr($hash, 44);
// and find the user with this id
if ($user = \Model\Auth_User::find_by_id($user)) {
// do we have this hash for this user, and hasn't it expired yet (we allow for 24 hours response)?
if (isset($user->lostpassword_hash) and $user->lostpassword_hash == $hash and time() - $user->lostpassword_created < 86400) {
// invalidate the hash
\Auth::update_user(array('lostpassword_hash' => null, 'lostpassword_created' => null), $user->username);
// log the user in and go to the profile to change the password
if (\Auth::instance()->force_login($user->id)) {
// \Messages::info('LOGGED IN');
$tempPass = \Auth::instance()->reset_password($user->username);
if ($tempPass) {
// \Messages::info(__('user.login.password-recovery-accepted'));
\Messages::info("Your temporary password is : {$tempPass} ");
\Response::redirect('backend/account/index/password');
} else {
return 'Something went wrong resetting password';
// something wrong with the hash
// \Messages::error(__('user.login.recovery-hash-invalid'));
// \Response::redirect_back();
}
}
}
}
// something wrong with the hash
\Messages::error(__('user.login.recovery-hash-invalid'));
\Response::redirect_back();
} else {
// display the login page
$this->template->content = View::forge('user/password/recover');
}
}
