public function save() { $user = new User_Model($_POST['id']); if (!$user->loaded) { $this->template->title = 'New Password Invocation Error'; $this->template->content = new View('login/login_message'); $this->template->content->message = 'Invalid user id.'; return; } $username = $user->username; $password = $_POST['password']; $password2 = $_POST['password2']; $email_key = $_POST['email_key']; $person = ORM::factory('person', $user->person_id); if ($email_key != '') { /* if the email_key field is filled in, then being called from a forgotten password email */ if ($user->forgotten_password_key != $email_key) { $this->template->title = 'New Password Invocation Error'; $this->template->content = new View('login/login_message'); $this->template->content->message = 'The forgotten password identification string embedded in this link is invalid for this user. This may be because there has been a valid login for this user between the point where the Set Password page was brought up and when the Submit button was pressed.'; return; } } else { if (!empty($_SESSION['auth_user']) and is_object($_SESSION['auth_user']) and $_SESSION['auth_user'] instanceof User_Model and $_SESSION['auth_user']->loaded) { if ($user->id != $_SESSION['auth_user']->id) { $this->template->title = 'New Password Invocation Error'; $this->template->content = new View('login/login_message'); $this->template->content->message = 'Inconsistent user id: POST vs logged in user.'; return; } } else { $this->template->title = 'New Password Invocation Error'; $this->template->content = new View('login/login_message'); $this->template->content->message = 'Attempt to set password when not logged in.'; return; } } $user_validation = new Validation($_POST); $person_validation = new Validation($_POST); // override the user_id for person in submission $person_validation['id'] = $user->person_id; // Can't just and following together as I want both functions to run $userstatus = $user->password_validate($user_validation, false); $personstatus = $person->email_validate($person_validation, false); if ($userstatus and $personstatus) { $user->save(); $person->save(); // we need different paths for core users and web site users if (is_null($user->core_role_id)) { // just return a success confirmation, can't log them in as not a core user $this->template->title = 'Password reset successfully'; $this->template->content = new View('login/login_message'); $this->template->content->message = 'Your indicia password has been reset and you can now use the new password to <a href="' . url::site() . '/login">log in</a>.<br />'; } else { // with the password updated, login and jump to the home page $this->auth->login($user->id, $password); url::redirect(arr::remove('requested_page', $_SESSION)); } } else { // errors are now embedded in the model $view = new View('login/new_password'); $user->load_values(array('username' => $username)); // repopulate for error condition after validate has removed it (is a disabled field so not present in POST) // have to reset passord as it gets encrypted $view->password = $password; $view->password2 = $password2; $view->email_key = $email_key; $view->user_model = $user; $view->person_model = $person; $this->template->title = 'Enter New Password'; $this->template->content = $view; } }