<?php $uid = isset($vars[1]) ? trim(strip_tags($vars[1])) : null; $salt = isset($vars[2]) ? trim(strip_tags($vars[2])) : null; $salt = is_null($salt) ? $salt : decrypt($salt); // validation if (is_null($uid) || is_null($salt)) { HTML::forward('core/404'); } $user = SiteUser::findById($uid); if (is_null($user) || $salt != $user->getSalt()) { Message::register(new Message(Message::INFO, i18n(array('en' => 'This password reset link has expired', 'zh' => '本密码重置链接已失效')) . '<br /><small><a href="' . uri('users') . '">' . i18n(array('en' => 'go to login page', 'zh' => '前往登录页面')) . '</a></small>')); HTML::forward('confirm'); } // process submission if (isset($_POST['submit'])) { $password = isset($_POST['password']) ? trim(strip_tags($_POST['password'])) : null; $password_confirm = isset($_POST['password_confirm']) ? trim(strip_tags($_POST['password_confirm'])) : null; // validation if (is_null($password) || strlen($password) < 6) { Message::register(new Message(Message::DANGER, i18n(array('en' => 'Password needs to be more than 6 characters. Please try again', 'zh' => '密码至少需要6位。请重试')))); HTML::forwardBackToReferer(); } else { if ($password != $password_confirm) { Message::register(new Message(Message::DANGER, i18n(array('en' => 'Password and confirmed password don\'t match. Please try again', 'zh' => '密码和确认密码不符。 请重试')))); HTML::forwardBackToReferer(); } } // success $user->putPassword($password); $user->save();
$messages[] = new Message(Message::DANGER, i18n(array('en' => 'Your password and confirmed password don\'t match. Please try again', 'zh' => '确认密码和原密码不匹配,请重新输入'))); } } } // profile if (module_enabled('siteuser_profile')) { require MODULESROOT . '/siteuser_profile/controllers/fields_validation.php'; } // eorror handling if (sizeof($messages) > 0) { foreach ($messages as $message) { Message::register($message); } // if success } else { $user = empty($uid) ? new SiteUser() : SiteUser::findById($uid); if (isset($username)) { $user->setUsername($username); } $user->setEmail($email); $user->putPassword($password); // if the updated user is current user, we need to update user session, so that he won't be kicked out if ($_SESSION['siteuser_id'] == $user->getId()) { $_SESSION['siteuser_password'] = $user->getPassword(); } if (isset($company_id) && $company_id) { $user->setCompanyId($company_id); } if ($active !== false) { $user->setActive($active == "1" ? 1 : 0); $user->setEmailActivated(1);