public function actionResetpassword() { $code = $this->getParams('code'); $newPassword = $this->getParams('password'); $result = Validation::validateCode($code); if ($result == Validation::LINK_INVALID) { throw new BadRequestHttpException(Yii::t('common', 'link_invalid')); } else { if ($result == Validation::LINK_EXPIRED) { throw new BadRequestHttpException(Yii::t('common', 'link_expired')); } } $userId = $result; $user = User::findByPk($userId); if (empty($user)) { throw new BadRequestHttpException(Yii::t('commmon', 'incorrect_userid')); } // update the user password $user->password = User::encryptPassword($newPassword, $user->salt); if (!$user->save()) { throw new ServerErrorHttpException("Save user failed!"); } Validation::deleteAll(['userId' => $userId]); return ['status' => 'ok']; }