public function resetPasswordAction() { $code = $this->dispatcher->getParam('code'); /** @var \Talon\Models\Users\ResetPasswords $resetPassword */ $resetPassword = ResetPasswords::findFirstByCode($code); // if the record cannot be found by code then redirect to home // probably a naughty person trying to hack an account if (!$resetPassword) { $this->redirect(); return; } // if we are receiving post then we just need to forward to the change password form if (!$this->request->isPost()) { // if the record is not still active then redirect to login page // the user probably got here by mistake or from an old link if ($resetPassword->reset !== 0) { $this->redirect('session', 'login'); return; } $resetPassword->reset = 1; /** * Change the confirmation to 'reset' */ if (!$resetPassword->save()) { foreach ($resetPassword->getMessages() as $message) { $this->flashSession->error($message); } $this->redirect(); return; } } /** * Identify the user in the application */ try { $this->auth->authUserById($resetPassword->usersId); } catch (AuthException $e) { $this->flashSession->error($e->getMessage()); $this->redirect('session', 'login'); } $this->forward('users/changePassword'); }
public function changePasswordAction() { // get the user resetting password and then log them out so they can't navigate // to other protected parts of the site // rewrite comment,idea has changed /** @var \Talon\Models\Users\Users $user */ $user = $this->auth->getUser(); if (!$user) { $this->flashSession->error(Users::USER_DOES_NOT_EXIST); $this->redirect('session', 'login'); } $form = new ChangePasswordForm(); $code = $this->dispatcher->getParam('code'); if ($code) { $resetPasswords = ResetPasswords::findFirstByCode($code); if ($resetPasswords->reset === 1) { $this->auth->unregisterIdentity(); } } if ($this->request->isPost()) { if ($form->isValid($this->request->getPost()) !== false) { $passwordChange = new PasswordChanges(); $passwordChange->usersId = $user->id; $passwordChange->ipAddress = $this->request->getClientAddress(); $passwordChange->userAgent = $this->request->getUserAgent(); if (!$passwordChange->save()) { $this->flashSession->error($passwordChange->getMessages()); } else { $user->setPassword($this->request->getPost('password')); if ($user->save() === false) { // log user back in so they can get to the form // in case they were resetting password and were logged out $this->auth->authUserById($user->id); foreach ($user->getMessages() as $message) { $this->flashSession->error($message); } } else { $this->flashSession->success('Password changed successfully.'); return $this->redirect('session', 'login'); } } } } Tag::resetInput(); $this->view->setVar('form', $form); }