// Add alerts for any failed input validation
foreach ($validate->errors as $error) {
addAlert("danger", $error);
}
// Grab up the token and remove any whitespace
$token = $validate->requiredPostVar('token');
// Validate the token to make sure its valid
if ($token == "" || !validateLostPasswordToken($token)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
// Set up variables for new password
$username = $validate->requiredPostVar('username');
$password = $validate->requiredPostVar('password');
$passwordc = $validate->requiredPostVar('passwordc');
//Fetch user details
$userdetails = fetchUserAuth('user_name', $username);
// Get the time stamp of the last request
$request_time = $userdetails["lost_password_timestamp"];
// Get the timeout value from the configuration table
global $token_timeout;
$current_token_life = time() - $request_time;
// Check the token time to see if the token is still valid based on the timeout value
if ($current_token_life >= $token_timeout) {
// If not valid make the user restart the password request
$errors[] = lang("FORGOTPASS_OLD_TOKEN");
// Reset the password flag
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
}
}
//time is good, token is good process the password reset request
function fetchUserAuthByEmail($email)
{
return fetchUserAuth('email', $email);
}
