/** * Perform the necessary actions to send a password reset mail * * @param $user_name_or_email string Username or user's email * * @return bool success status */ public static function requestPasswordReset($user_name_or_email) { if (empty($user_name_or_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_EMAIL_FIELD_EMPTY')); return false; } // check if that username exists $result = UserModel::getUserDataByUserNameOrEmail($user_name_or_email); if (!$result) { Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST')); return false; } // generate integer-timestamp (to see when exactly the user (or an attacker) requested the password reset mail) // generate random hash for email password reset verification (40 char string) $temporary_timestamp = time(); $user_password_reset_hash = sha1(uniqid(mt_rand(), true)); // set token (= a random hash string and a timestamp) into database ... $token_set = PasswordResetModel::setPasswordResetDatabaseToken($result->user_name, $user_password_reset_hash, $temporary_timestamp); if (!$token_set) { return false; } // ... and send a mail to the user, containing a link with username and token hash string $mail_sent = PasswordResetModel::sendPasswordResetMail($result->user_name, $user_password_reset_hash, $result->user_email); if ($mail_sent) { return true; } // default return return false; }