/** * Sends an email to reset the password. * At this point we should be already sure the email address is valid * * @param string $email - the email address */ public static function sendPasswordForgotten($email) { $requestingUser = PcUserPeer::getUserByEmail($email); if (!is_object($requestingUser)) { throw new Exception('Couldn\'t send the password forgotten email. Problems while creating the user object.'); } // I need to use a token $token = ''; $c = new Criteria(); $c->add(PcPasswordResetTokenPeer::USER_ID, $requestingUser->getId(), Criteria::EQUAL); $tokenEntry = PcPasswordResetTokenPeer::doSelectOne($c); if (is_object($tokenEntry)) { $token = $tokenEntry->getToken(); } else { $secret = sfConfig::get('app_forgottenPassword_secret'); // token doesn't need to be 32-char long. It is better to keep it short // so there will be less chance the email client will break the link into 2 lines $token = substr(md5($requestingUser->getId() . $secret . time()), 0, 14); $tokenEntry = new PcPasswordResetToken(); $tokenEntry->setUserId($requestingUser->getId()); $tokenEntry->setToken($token); $tokenEntry->save(); } // now we can send the email $link = sfContext::getInstance()->getController()->genUrl('@password-reset?t=' . $token, true); $from = sfConfig::get('app_emailAddress_contact'); $subject = __('WEBSITE_FORGOTTEN_PSW_EMAIL_SUBJECT'); $body = sprintf(__('WEBSITE_FORGOTTEN_PSW_EMAIL_BODY'), $link); PcUtils::sendEmail($email, $subject, $body, $from); }