// create the page
$page = new Page();
$page->name = "Reset my Password";
// check to see if a user is already logged in
if ($session->is_logged_in) {
$session->message("You are already logged in! To use the Reset my Password feature, please logout first.");
redirect_head(ROOT_URL);
}
//make sure the key is setup as a GET superglobal
if (!isset($_GET['reset_key'])) {
$session->message("You have a bad URL, please copy the correct URL.");
redirect_head(ROOT_URL);
}
//at this point, we know there is a key set
//now we need to make sure the key exists
$the_key = Reset_Password::find_by_name($_GET['reset_key'], 'random_key');
if (!$the_key) {
$session->message("You have a bad URL, please copy the correct URL.");
redirect_head(ROOT_URL);
}
//at this point, we now know that there is a key entered
//also, we now know that the key actually exists
//so now, we need to do the following checks
//1. Make sure that the request entered does not belong to a user who's deleted.
//2. Make sure that the request entered is the latest request for that user.
//3. Make sure that the request entered has not already been used.
//4. Make sure that the request entered is less than 24 hours old.
//check #1
if ($the_key->user_wk->is_deleted == '1') {
$session->message("You cannot reset a password for a disabled account.");
redirect_head(ROOT_URL);
