public function save()
{
$user = new User_Model($_POST['id']);
if (!$user->loaded) {
$this->template->title = 'New Password Invocation Error';
$this->template->content = new View('login/login_message');
$this->template->content->message = 'Invalid user id.';
return;
}
$username = $user->username;
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email_key = $_POST['email_key'];
$person = ORM::factory('person', $user->person_id);
if ($email_key != '') {
/* if the email_key field is filled in, then being called from a forgotten password email */
if ($user->forgotten_password_key != $email_key) {
$this->template->title = 'New Password Invocation Error';
$this->template->content = new View('login/login_message');
$this->template->content->message = 'The forgotten password identification string embedded in this link is invalid for this user. This may be because there has been a valid login for this user between the point where the Set Password page was brought up and when the Submit button was pressed.';
return;
}
} else {
if (!empty($_SESSION['auth_user']) and is_object($_SESSION['auth_user']) and $_SESSION['auth_user'] instanceof User_Model and $_SESSION['auth_user']->loaded) {
if ($user->id != $_SESSION['auth_user']->id) {
$this->template->title = 'New Password Invocation Error';
$this->template->content = new View('login/login_message');
$this->template->content->message = 'Inconsistent user id: POST vs logged in user.';
return;
}
} else {
$this->template->title = 'New Password Invocation Error';
$this->template->content = new View('login/login_message');
$this->template->content->message = 'Attempt to set password when not logged in.';
return;
}
}
$user_validation = new Validation($_POST);
$person_validation = new Validation($_POST);
// override the user_id for person in submission
$person_validation['id'] = $user->person_id;
// Can't just and following together as I want both functions to run
$userstatus = $user->password_validate($user_validation, false);
$personstatus = $person->email_validate($person_validation, false);
if ($userstatus and $personstatus) {
$user->save();
$person->save();
// we need different paths for core users and web site users
if (is_null($user->core_role_id)) {
// just return a success confirmation, can't log them in as not a core user
$this->template->title = 'Password reset successfully';
$this->template->content = new View('login/login_message');
$this->template->content->message = 'Your indicia password has been reset and you can now use the new password to <a href="' . url::site() . '/login">log in</a>.<br />';
} else {
// with the password updated, login and jump to the home page
$this->auth->login($user->id, $password);
url::redirect(arr::remove('requested_page', $_SESSION));
}
} else {
// errors are now embedded in the model
$view = new View('login/new_password');
$user->load_values(array('username' => $username));
// repopulate for error condition after validate has removed it (is a disabled field so not present in POST)
// have to reset passord as it gets encrypted
$view->password = $password;
$view->password2 = $password2;
$view->email_key = $email_key;
$view->user_model = $user;
$view->person_model = $person;
$this->template->title = 'Enter New Password';
$this->template->content = $view;
}
}
