/** * The user is allowed on this page * * @return bool */ private function isUserAllowed() { // catch the key and e-mail address from GET $this->email = urldecode(SpoonFilter::getGetValue('email', null, '')); $this->key = SpoonFilter::getGetValue('key', null, ''); // if the email or the key aren't set, redirect the user if ($this->email !== '' && $this->key !== '') { // fetch the user $userId = BackendUsersModel::getIdByEmail($this->email); $this->user = new BackendUser($userId); $requestTime = $this->user->getSetting('reset_password_timestamp'); // check if the request was made within 24 hours if (time() - $requestTime > 86400) { // remove the reset_password_key and reset_password_timestamp usersettings BackendUsersModel::deleteResetPasswordSettings($userId); // redirect to the login form, with a timeout error $this->redirect(BackendModel::createURLForAction('index', null, null, array('reset' => 'timeout'))); } // check if the provided key matches the one in the user record if ($this->key === $this->user->getSetting('reset_password_key')) { return true; } } // if we made it here the user is not allowed to access this page return false; }