/** * Processes intial reset password request * * @return void */ public function resettingTask() { // Check the request token Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN')); // Grab the incoming username if (!($username = trim(Request::getVar('username', false)))) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MISSING_USERNAME'), 'warning'); return; } // Make sure it looks like a valid username require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php'; // Determine if attempting to log in via username or email address if (strpos($username, '@')) { $validator = 'validemail'; $field = 'email'; } else { $validator = 'validlogin'; $field = 'username'; } if (!\Components\Members\Helpers\Utility::$validator($username)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_INVALID_USERNAME'), 'warning'); return; } // Find the user for the given username $user = \Hubzero\User\User::whereEquals($field, $username)->rows(); // Make sure we have at least one and not more than one if ($user->count() < 1) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } else { if ($user->count() > 1) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MULTIPLE_RESULTS'), 'warning'); return; } } // Get the user object $user = $user->first(); // Make sure the user isn't blocked if ($user->get('block')) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } // Make sure the user isn't a super admin if ($user->authorise('core.admin')) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_IS_SUPER'), 'warning'); return; } // Make sure the user has not exceeded the reset limit if ($this->hasExceededResetLimit($user)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_EXCEEDED_LIMIT'), 'warning'); return; } // Set the confirmation token $token = App::hash(\JUserHelper::genRandomPassword()); $salt = \JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; // Save the token $user->tokens()->save(['token' => $hashedToken]); // Send an email $eview = new \Hubzero\Mail\View(array('name' => 'emails', 'layout' => 'reset_plain')); $eview->config = Config::getRoot(); $eview->baseUrl = rtrim(Request::base(), '/'); $eview->user = $user; $eview->token = $token; $eview->return = Route::url('index.php?option=' . $this->_option . '&task=verify'); $plain = $eview->loadTemplate(false); $plain = str_replace("\n", "\r\n", $plain); $eview->setLayout('reset_html'); $html = $eview->loadTemplate(); $html = str_replace("\n", "\r\n", $html); // Build message $message = new \Hubzero\Mail\Message(); $message->setSubject(Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_RESET_SUBJECT', Config::get('sitename')))->addFrom(Config::get('mailfrom'), Config::get('fromname'))->addTo($user->get('email'), $user->get('name'))->addHeader('X-Component', $this->_option)->addHeader('X-Component-Object', 'password_reset')->addPart($plain, 'text/plain')->addPart($html, 'text/html'); // Send mail if (!$message->send()) { Log::error('Members password reset email failed: ' . Lang::txt('Failed to mail %s', $user->get('email'))); App::redirect(Route::url('index.php?option=' . $this->_option . '&task=remind', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_FIAILED_TO_SEND_MAIL'), 'warning'); return; } // Push the user data into the session User::setState('com_users.reset.user', $user->get('id')); // Everything went well...go to the token verification page App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_SENT'), 'passed'); }