/**
* restores password
*
* @param int $userId userId
* @param string $token token
* @return void
*/
public function restorePassword($userId, $token)
{
$this->layout = 'plain';
if (!empty($userId) && !empty($token)) {
$user = $this->Users->get($userId);
if (!empty($user)) {
$userHash = $this->Users->getHash($user);
$timestamp = substr($token, -10);
$hash = substr($token, 0, -10);
$time = new \Cake\I18n\Time($timestamp);
$expire = '1 day';
if (!($hash === $userHash && $time->wasWithinLast($expire))) {
$this->Flash->error(__('login.restore_password_link_invalid'));
return $this->redirect(['action' => 'login']);
}
}
// Save new Password
if ($this->request->is(['patch', 'post', 'put'])) {
if (empty($this->Users->changePassword($user, $this->request->data)->errors())) {
$this->Users->resetLoginRetries($user);
$this->Flash->success(__('login.new_password_saved'));
return $this->redirect(['action' => 'login']);
} else {
$this->Flash->error(__('login.invalid_password'));
}
}
} else {
return $this->redirect(['action' => 'login']);
}
$this->set(compact('user'));
}
