public function executePasswordReset(sfWebRequest $request) { $token = ''; if ($request->getParameter('t')) { $token = $request->getParameter('t'); } else { $param = $request->getParameter('passwordReset'); $token = $param['t']; } $token = trim($token); // if the user is authenticated, they shouldn't get here PcUtils::redirectLoggedInUser($this->getUser(), $this); // Check the token is valid $c = new Criteria(); $c->add(PcPasswordResetTokenPeer::TOKEN, $token, Criteria::EQUAL); $entry = PcPasswordResetTokenPeer::doSelectOne($c); if (!is_object($entry)) { // the token is not valid PcWatchdog::alert('Invalid Password Reset Token', 'This is the token ' . $token); $this->forward('customAuth', 'passwordResetInvalidToken'); } $this->form = new PasswordResetForm(array('t' => $token)); if ($request->isMethod('post')) { $this->form->bind($request->getParameter('passwordReset')); if ($this->form->isValid()) { $fields = $request->getParameter('passwordReset'); $user = CustomAuth::resetPassword($token, $fields['password1']); $this->redirect('/' . sfConfig::get('app_accountApp_frontController')); } } }
/** * Takes care after the user resets their password succcessfully * * @param string $token * @param string $password - the new password to set (plain password) * @return PcUser - the user who has reset their own password */ public static function resetPassword($token, $password) { $c = new Criteria(); $c->add(PcPasswordResetTokenPeer::TOKEN, $token, Criteria::EQUAL); $tokenEntry = PcPasswordResetTokenPeer::doSelectOne($c); $userId = $tokenEntry->getUserId(); $tokenEntry->delete(); $sfContext = sfContext::getInstance(); $user = PcUserPeer::retrieveByPk($userId); $user->setPassword($password); $user->save(); self::login($sfContext->getUser(), $user); sfContext::getInstance()->getEventDispatcher()->notify(new sfEvent('userSetPassword', 'user.set_password', array('user' => $user, 'plainPassword' => $password))); return $user; }