// Add alerts for any failed input validation foreach ($validate->errors as $error) { addAlert("danger", $error); } // Grab up the token and remove any whitespace $token = $validate->requiredPostVar('token'); // Validate the token to make sure its valid if ($token == "" || !validateLostPasswordToken($token)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { // Set up variables for new password $username = $validate->requiredPostVar('username'); $password = $validate->requiredPostVar('password'); $passwordc = $validate->requiredPostVar('passwordc'); //Fetch user details $userdetails = fetchUserAuth('user_name', $username); // Get the time stamp of the last request $request_time = $userdetails["lost_password_timestamp"]; // Get the timeout value from the configuration table global $token_timeout; $current_token_life = time() - $request_time; // Check the token time to see if the token is still valid based on the timeout value if ($current_token_life >= $token_timeout) { // If not valid make the user restart the password request $errors[] = lang("FORGOTPASS_OLD_TOKEN"); // Reset the password flag if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } } //time is good, token is good process the password reset request
function fetchUserAuthByEmail($email) { return fetchUserAuth('email', $email); }