public function passwordChangeAction() { //uses separate layout without a navigation. $this->_helper->layout->setLayout('login'); $request = $this->getRequest(); $token = $request->getParam("token", false); $user_id = $request->getParam("user_id", 0); $form = new Application_Form_PasswordChange(); $auth = new Application_Model_Auth(); $user = CcSubjsQuery::create()->findPK($user_id); //check validity of token if (!$auth->checkToken($user_id, $token, 'password.restore')) { Logging::debug("token not valid"); $this->_helper->redirector('index', 'login'); } if ($request->isPost() && $form->isValid($request->getPost())) { $user->setDbPass(md5($form->password->getValue())); $user->save(); $auth->invalidateTokens($user, 'password.restore'); $zend_auth = Zend_Auth::getInstance(); $zend_auth->clearIdentity(); $authAdapter = Application_Model_Auth::getAuthAdapter(); $authAdapter->setIdentity($user->getDbLogin())->setCredential($form->password->getValue()); $zend_auth->authenticate($authAdapter); //all info about this user from the login table omit only the password $userInfo = $authAdapter->getResultRowObject(null, 'password'); //the default storage is a session with namespace Zend_Auth $authStorage = $zend_auth->getStorage(); $authStorage->write($userInfo); $this->_helper->redirector('index', 'showbuilder'); } $this->view->form = $form; }