Exemplo n.º 1
0
 /**
  * @return \Phalcon\Http\ResponseInterface
  */
 public function forgotpasswordAction()
 {
     //Resets any "template before" layouts because we use mutiple theme
     $this->view->cleanTemplateBefore();
     if ($this->session->has('auth')) {
         $this->view->disable();
         return $this->response->redirect();
     }
     $form = new ForgotPasswordForm();
     if ($this->request->isPost()) {
         if (!$form->isValid($_POST)) {
             foreach ($form->getMessages() as $message) {
                 $this->flashSession->error($message);
             }
         } else {
             $object = Users::findFirstByEmail($this->request->getPost('email'));
             if (!$object) {
                 // @TODO: Implement brute force protection
                 $this->flashSession->error(t('User not found.'));
                 return $this->response->redirect('auth/forgotpassword');
             }
             $lastpass = $object->getLastPasswdReset();
             if (!empty($lastpass) && date('Y-m-d H:i:s') - $object->getLastPasswdReset() > $this->config->application->passwdResetInterval) {
                 $this->flashSession->error(t('You need to wait ') . (date('Y-m-d H:i:s') - $object->getLastPasswdReset()) . ' minutes');
                 return $this->response->redirect('auth/forgotpassword');
             }
             $passwordForgotHash = sha1('forgot' . microtime());
             $object->setPasswdForgotHash($passwordForgotHash);
             $object->setLastPasswdReset(date('Y-m-d H:i:s'));
             if (!$object->save()) {
                 $this->displayModelErrors($object);
             } else {
                 $params = ['firstname' => $object->getFirstname(), 'lastname' => $object->getLastname(), 'link' => ($this->request->isSecureRequest() ? 'https://' : 'http://') . $this->request->getHttpHost() . '/auth/resetpassword/' . $passwordForgotHash];
                 if (!$this->mail->send($object->getEmail(), 'forgotpassword', $params)) {
                     $this->flashSession->error(t('Error sendig email.'));
                 } else {
                     $this->flashSession->success(t('An email was sent to your address in order to continue with the reset password process.'));
                     return $this->response->redirect();
                 }
             }
         }
     }
     $this->assets->addCss('css/login.css');
     $this->view->form = $form;
 }