public function finishResetPW()
{
$result = PHPWS_User::checkPassword($_POST['password1'], $_POST['password2']);
if (PHPWS_Error::isError($result)) {
return $result;
}
@($auth = $_POST['authhash']);
@($user_id = (int) $_POST['user_id']);
if (empty($user_id) || empty($auth) || preg_match('/\\W/', $auth)) {
return 0;
}
$db = new PHPWS_DB('users_pw_reset');
$db->addWhere('user_id', $user_id);
$db->addWhere('authhash', $auth);
$db->addWhere('timeout', time(), '>');
$result = $db->select();
$db->reset();
$db->addWhere('user_id', $user_id);
if (PHPWS_Error::logIfError($result)) {
$db->delete();
return 0;
} elseif (empty($result)) {
$db->delete();
return 0;
} else {
$user = new PHPWS_User($user_id);
$user->setPassword($_POST['password1']);
$result = $user->save();
if (PHPWS_Error::logIfError($result)) {
return 0;
}
Current_User::loginUser($user->username, $_POST['password1']);
unset($user);
$db->delete();
return 1;
}
}
