/** * If the token is valid, log in as the user. * * @param string $token */ protected function processRecoveryToken(string $token) { if (Util::stringLength($token) < UserAccounts::RECOVERY_CHAR_LENGTH) { \Airship\redirect($this->airship_cabin_prefix . '/login'); } $selector = Util::subString($token, 0, 32); $validator = Util::subString($token, 32); $ttl = (int) $this->config('password-reset.ttl'); if (empty($ttl)) { \Airship\redirect($this->airship_cabin_prefix . '/login'); } $recoveryInfo = $this->acct->getRecoveryData($selector, $ttl); if (empty($recoveryInfo)) { \Airship\redirect($this->airship_cabin_prefix . '/login'); } $state = State::instance(); if (Symmetric::verify($validator . $recoveryInfo['userid'], $state->keyring['auth.recovery_key'], $recoveryInfo['hashedtoken'])) { $_SESSION['userid'] = (int) $recoveryInfo['userid']; $_SESSION['session_canary'] = $this->acct->createSessionCanary($recoveryInfo['userid']); $this->acct->deleteRecoveryToken($selector); \Airship\redirect($this->airship_cabin_prefix . '/my/account'); } \Airship\redirect($this->airship_cabin_prefix . '/login'); }