public function resetPasswordAction()
{
$code = $this->dispatcher->getParam('code');
/** @var \Talon\Models\Users\ResetPasswords $resetPassword */
$resetPassword = ResetPasswords::findFirstByCode($code);
// if the record cannot be found by code then redirect to home
// probably a naughty person trying to hack an account
if (!$resetPassword) {
$this->redirect();
return;
}
// if we are receiving post then we just need to forward to the change password form
if (!$this->request->isPost()) {
// if the record is not still active then redirect to login page
// the user probably got here by mistake or from an old link
if ($resetPassword->reset !== 0) {
$this->redirect('session', 'login');
return;
}
$resetPassword->reset = 1;
/**
* Change the confirmation to 'reset'
*/
if (!$resetPassword->save()) {
foreach ($resetPassword->getMessages() as $message) {
$this->flashSession->error($message);
}
$this->redirect();
return;
}
}
/**
* Identify the user in the application
*/
try {
$this->auth->authUserById($resetPassword->usersId);
} catch (AuthException $e) {
$this->flashSession->error($e->getMessage());
$this->redirect('session', 'login');
}
$this->forward('users/changePassword');
}
public function changePasswordAction()
{
// get the user resetting password and then log them out so they can't navigate
// to other protected parts of the site
// rewrite comment,idea has changed
/** @var \Talon\Models\Users\Users $user */
$user = $this->auth->getUser();
if (!$user) {
$this->flashSession->error(Users::USER_DOES_NOT_EXIST);
$this->redirect('session', 'login');
}
$form = new ChangePasswordForm();
$code = $this->dispatcher->getParam('code');
if ($code) {
$resetPasswords = ResetPasswords::findFirstByCode($code);
if ($resetPasswords->reset === 1) {
$this->auth->unregisterIdentity();
}
}
if ($this->request->isPost()) {
if ($form->isValid($this->request->getPost()) !== false) {
$passwordChange = new PasswordChanges();
$passwordChange->usersId = $user->id;
$passwordChange->ipAddress = $this->request->getClientAddress();
$passwordChange->userAgent = $this->request->getUserAgent();
if (!$passwordChange->save()) {
$this->flashSession->error($passwordChange->getMessages());
} else {
$user->setPassword($this->request->getPost('password'));
if ($user->save() === false) {
// log user back in so they can get to the form
// in case they were resetting password and were logged out
$this->auth->authUserById($user->id);
foreach ($user->getMessages() as $message) {
$this->flashSession->error($message);
}
} else {
$this->flashSession->success('Password changed successfully.');
return $this->redirect('session', 'login');
}
}
}
}
Tag::resetInput();
$this->view->setVar('form', $form);
}