/**
* Signed in users can change their password
*/
public function changePasswordAction()
{
$user = $this->auth->getUser();
if ($user === false) {
$this->flash->success($this->translate->gettext('You must be signed in to change the password'));
return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']);
}
$form = new ChangePasswordForm();
$form->setDI($this->getDI());
if ($this->request->isPost()) {
if ($form->isValid($this->request->getPost()) !== false) {
$user->password = $this->request->getPost('password');
$user->mustChangePassword = '******';
$passwordChange = new PasswordChanges();
$passwordChange->user = $user;
$passwordChange->ipAddress = $this->request->getClientAddress();
$passwordChange->userAgent = $this->request->getUserAgent();
if ($passwordChange->save()) {
$this->auth->clearNeedToChangePassword();
$this->flash->success($this->translate->gettext('Your password was successfully changed'));
Tag::resetInput();
} else {
$this->flash->error($passwordChange->getMessages());
}
}
}
$this->view->form = $form;
}
/**
* Resets the users password if a password reset exists in the database.
*/
public function resetPasswordAction()
{
$t = $this->translate;
$code = $this->dispatcher->getParam('code');
$resetPassword = ResetPasswords::findFirstByCode($code);
if (!$resetPassword) {
$this->flash->error($this->translate->gettext('The password reset code is invalid'));
return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']);
}
$user = $resetPassword->user;
if (!$user->isActive()) {
$this->flash->error($t->gettext('User is inactive'));
$this->flash->notice($t->gettext('Activate the user first before changing password.'));
return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']);
} else {
if ($user->isBanned()) {
$this->flash->error($t->gettext('User is banned'));
return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']);
}
}
$form = new ChangePasswordForm();
$form->setDI($this->getDI());
$this->view->form = $form;
$this->view->setVar('email', $user->email);
if ($this->request->isPost()) {
if ($form->isValid($this->request->getPost()) !== false) {
$user->password = $this->request->getPost('password');
$user->mustChangePassword = '******';
$resetPassword->reset = 'Y';
try {
if ($resetPassword->save()) {
// Authenticate the user
$this->auth->clearNeedToChangePassword();
$this->auth->authUserById($resetPassword->usersId, 'pw_reset');
return $this->response->redirect($this->config->app->defaultPath);
} else {
foreach ($resetPassword->getMessages() as $message) {
$this->flash->error($message);
}
return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']);
}
} catch (AuthException $e) {
$this->flash->error($e->getMessage());
}
}
}
}
