function logout_GET(Web &$w) { if ($w->Auth->loggedIn()) { // Unset all of the session variables. $w->sessionDestroy(); } $w->redirect($w->localUrl("/auth/login")); }
function resetpassword_POST(Web $w) { $email = $w->request('email'); // email $token = $w->request('token'); // token $password = $w->request('password'); // password $password_confirm = $w->request('password_confirm'); if ($password !== $password_confirm) { $w->error("Passwords do not match", "/auth/resetpassword?email={$email}&token={$token}"); return; } $user = $w->Auth->getUserForToken($token); //getObject("User", array("password_reset_token", $token)); $validData = false; if (!empty($user->id)) { // Check that the password reset hasn't expired if (time() - strtotime($user->dt_password_reset_at) < 0) { $w->msg("Your token has expired (max 24 hours), please submit for a new one", "/admin/forgotpassword"); return; } $user_contact = $user->getContact(); if (!empty($user_contact)) { if ($user_contact->email == $email) { $user->setPassword($password); $user->password_reset_token = null; $user->dt_password_reset_at = null; $user->update(true); // Precautionary logout if ($w->Auth->loggedIn()) { $w->sessionDestroy(); } $validData = true; } } } if (!$validData) { $w->Log->warn("Password reset attempt failed with email: {$email}, token: {$token}"); $w->out("Invalid email or token, this incident has been logged"); } else { $w->msg("Your password has been reset", "/auth/login"); } }