/** * Signed in users can change their password */ public function changePasswordAction() { $user = $this->auth->getUser(); if ($user === false) { $this->flash->success($this->translate->gettext('You must be signed in to change the password')); return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']); } $form = new ChangePasswordForm(); $form->setDI($this->getDI()); if ($this->request->isPost()) { if ($form->isValid($this->request->getPost()) !== false) { $user->password = $this->request->getPost('password'); $user->mustChangePassword = '******'; $passwordChange = new PasswordChanges(); $passwordChange->user = $user; $passwordChange->ipAddress = $this->request->getClientAddress(); $passwordChange->userAgent = $this->request->getUserAgent(); if ($passwordChange->save()) { $this->auth->clearNeedToChangePassword(); $this->flash->success($this->translate->gettext('Your password was successfully changed')); Tag::resetInput(); } else { $this->flash->error($passwordChange->getMessages()); } } } $this->view->form = $form; }
/** * Resets the users password if a password reset exists in the database. */ public function resetPasswordAction() { $t = $this->translate; $code = $this->dispatcher->getParam('code'); $resetPassword = ResetPasswords::findFirstByCode($code); if (!$resetPassword) { $this->flash->error($this->translate->gettext('The password reset code is invalid')); return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']); } $user = $resetPassword->user; if (!$user->isActive()) { $this->flash->error($t->gettext('User is inactive')); $this->flash->notice($t->gettext('Activate the user first before changing password.')); return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']); } else { if ($user->isBanned()) { $this->flash->error($t->gettext('User is banned')); return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']); } } $form = new ChangePasswordForm(); $form->setDI($this->getDI()); $this->view->form = $form; $this->view->setVar('email', $user->email); if ($this->request->isPost()) { if ($form->isValid($this->request->getPost()) !== false) { $user->password = $this->request->getPost('password'); $user->mustChangePassword = '******'; $resetPassword->reset = 'Y'; try { if ($resetPassword->save()) { // Authenticate the user $this->auth->clearNeedToChangePassword(); $this->auth->authUserById($resetPassword->usersId, 'pw_reset'); return $this->response->redirect($this->config->app->defaultPath); } else { foreach ($resetPassword->getMessages() as $message) { $this->flash->error($message); } return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']); } } catch (AuthException $e) { $this->flash->error($e->getMessage()); } } } }