public function reset_pass() { $token = $_POST['reset_token']; $pass = $_POST['pass']; $constraints = new \CODOF\Constraints\User(); $constraints->password($pass); $errors = $constraints->get_errors(); if (empty($errors)) { $username = \DB::table(PREFIX . 'codo_users')->where('token', $token)->pluck('username'); if ($username != null) { $parts = explode("&", $token); $expiry = $parts[1]; if ($expiry > time()) { $user = \CODOF\User\User::getByUsername($username); if ($user) { $user->updatePassword($pass); \DB::table(PREFIX . 'codo_users')->where('token', $token)->update(array('token' => null)); } } else { $errors[] = _t("Password reset token has expired"); } } else { $errors[] = _t("Incorrect token"); } } if (!empty($errors)) { $resp = array("status" => "fail", "msg" => $errors); } else { $resp = array("status" => "success", "msg" => _t("Password changed successfully...Redirecting to login page")); } echo json_encode($resp); }
public function confirm() { $this->view = 'user/confirm'; $action = array(); if (empty($_GET['user']) || empty($_GET['token'])) { $action['result'] = 'VAR_NOT_PASSED'; //$action['text'] = 'We are missing variables. Please double check your email.'; } else { //cleanup the variables $username = $_GET['user']; $token = $_GET['token']; //check if the key is in the database $qry = "SELECT username FROM " . PREFIX . "codo_signups WHERE username=:username AND token=:token LIMIT 1 OFFSET 0"; $stmt = $this->db->prepare($qry); $result = $stmt->execute(array("username" => $username, "token" => $token)); if ($result) { //get the confirm info $res = $stmt->fetch(); $reg_req_admin = \CODOF\Util::get_opt('reg_req_admin'); $user_status = 1; if ($reg_req_admin == 'yes') { $user_status = 2; } //confirm the email and update the users database $qry = "UPDATE " . PREFIX . "codo_users SET user_status={$user_status} WHERE username=:username"; $stmt = $this->db->prepare($qry); $stmt->execute(array("username" => $username)); if ($reg_req_admin == 'no') { $user = \CODOF\User\User::getByUsername($username); $qry = "UPDATE " . PREFIX . "codo_user_roles SET rid=:rid WHERE uid=" . $user->id; $stmt = $this->db->prepare($qry); $stmt->execute(array("rid" => ROLE_USER)); } //delete the signup rows associated with the selected username $qry = "DELETE FROM " . PREFIX . "codo_signups WHERE username = '******'username'] . "'"; $this->db->query($qry); $action['result'] = 'SUCCESS'; } else { $action['result'] = 'VAR_NOT_FOUND'; } } \CODOF\Store::set('sub_title', _t('Confirm user')); $this->smarty->assign('result', $action['result']); }