/** * restores password * * @param int $userId userId * @param string $token token * @return void */ public function restorePassword($userId, $token) { $this->layout = 'plain'; if (!empty($userId) && !empty($token)) { $user = $this->Users->get($userId); if (!empty($user)) { $userHash = $this->Users->getHash($user); $timestamp = substr($token, -10); $hash = substr($token, 0, -10); $time = new \Cake\I18n\Time($timestamp); $expire = '1 day'; if (!($hash === $userHash && $time->wasWithinLast($expire))) { $this->Flash->error(__('login.restore_password_link_invalid')); return $this->redirect(['action' => 'login']); } } // Save new Password if ($this->request->is(['patch', 'post', 'put'])) { if (empty($this->Users->changePassword($user, $this->request->data)->errors())) { $this->Users->resetLoginRetries($user); $this->Flash->success(__('login.new_password_saved')); return $this->redirect(['action' => 'login']); } else { $this->Flash->error(__('login.invalid_password')); } } } else { return $this->redirect(['action' => 'login']); } $this->set(compact('user')); }