public function resetPasswordAction() { if (!$this->getRequest()->getParam('password_reset_key')) { return $this->_redirect('/auth/forgot-password'); } // check if the reset key is valid $password_reset_mapper = new Application_Model_PasswordResetMapper(); $password_reset = $password_reset_mapper->findByPassword_reset_key($this->getRequest()->getParam('password_reset_key')); if ($password_reset) { $password_reset = $password_reset[0]; /** * Check if the activation key has not expired (24 hours have not * passed) */ $now = date('Y-m-d H:i:s'); $time_elapsed = abs(strtotime($now) - strtotime($password_reset->getCreated())); $time_elapsed = (int) ($time_elapsed / 86400); if ($time_elapsed) { /** * Redirect the user back to the form to generate a fresh reset * key */ return $this->_redirect('/auth/forgot-password'); } // check if the user associated with the reset key exists $user_mapper = new Application_Model_UserMapper(); $user = $user_mapper->find($password_reset->getUser_id()); if (!$user) { $password_reset_mapper->delete($password_reset->getId()); return $this->_redirect('/'); } // process the form $form = new Application_Form_PasswordReset(); if ($this->getRequest()->isPost() && $form->isValid($_POST)) { if ($form->getValue('password') == $form->getValue('password_confirm')) { // Hash the password with a random salt $user->setPassword_salt(mcrypt_create_iv(64)); $user->setPassword_hash(hash('sha256', $user->getPassword_salt() . $form->getValue('password'))); // Save the new password $user_mapper->save($user); $password_reset_mapper->delete($password_reset->getId()); print 'Your password has been successfully reset.'; } else { print "The password was not confirmed."; $form->password_reset_key->setValue($this->getRequest()->getParam('password_reset_key')); $this->view->form = $form; } } else { $form->password_reset_key->setValue($this->getRequest()->getParam('password_reset_key')); $this->view->form = $form; } } else { return $this->_redirect('/'); } }
public function passwordresetAction() { //check the get string for the tokens http://mytoaster.com/login/reset/email/myemail@mytoaster.com/token/adadajqwek123klajdlkasdlkq2e3 $error = false; $form = new Application_Form_PasswordReset(); $email = filter_var($this->getRequest()->getParam('email', false), FILTER_SANITIZE_EMAIL); $token = filter_var($this->getRequest()->getParam('key', false), FILTER_SANITIZE_STRING); if (!$email || !$token) { $error = true; } $resetToken = Application_Model_Mappers_PasswordRecoveryMapper::getInstance()->findByTokenAndMail($token, $email); if (!$resetToken || $resetToken->getStatus() != Application_Model_Models_PasswordRecoveryToken::STATUS_NEW || $this->_isTokenExpired($resetToken)) { $error = true; } if ($error) { $error = false; $this->_helper->flashMessenger->addMessage('Token is incorrect. Please, enter your e-mail one more time.'); return $this->redirect($this->_helper->website->getUrl() . 'login/retrieve/'); } if ($this->getRequest()->isPost()) { if ($form->isValid($this->getRequest()->getParams())) { $resetToken->registerObserver(new Tools_Mail_Watchdog(array('trigger' => Tools_Mail_SystemMailWatchdog::TRIGGER_PASSWORDCHANGE))); $resetData = $form->getValues(); $mapper = Application_Model_Mappers_UserMapper::getInstance(); $user = $mapper->find($resetToken->getUserId()); $user->setPassword($resetData['password']); $mapper->save($user); $resetToken->setStatus(Application_Model_Models_PasswordRecoveryToken::STATUS_USED); Application_Model_Mappers_PasswordRecoveryMapper::getInstance()->save($resetToken); $this->_helper->flashMessenger->addMessage($this->_helper->language->translate('Your password was reset.')); $roleId = $user->getRoleId(); if ($roleId != Tools_Security_Acl::ROLE_ADMIN && $roleId != Tools_Security_Acl::ROLE_SUPERADMIN) { return $this->redirect($this->_helper->website->getUrl()); } return $this->redirect($this->_helper->website->getUrl() . 'go'); } else { $this->_helper->flashMessenger->addMessage($this->_helper->language->translate('Passwords should match')); return $this->redirect($resetToken->getResetUrl()); } } $this->view->messages = $this->_helper->flashMessenger->getMessages(); $this->view->form = $form; }