/**
* Forgot Password page.
*
* Request the email address, because the form is less easily abused this way
* (restting another person's password, or spamming another person's emails)
*
* Still too simplistic, ideally should add another step so that the password
* is not automatically reset.
*
*/
public function executeForgotPassword($request)
{
if ($request->getMethod() != coreRequest::POST) {
return coreView::SUCCESS;
}
// handle the form submission
$validator = new coreValidator($this->getActionName());
if ($validator->validate($request->getParameterHolder()->getAll())) {
$email_address = trim($request->getParameter('email_address'));
$user = UsersPeer::getUserByEmail($email_address);
if ($user) {
// set new random password
$raw_password = strtoupper(substr(md5(rand(100000, 999999)), 0, 8));
// update the password on main site and forum
$this->getUser()->changePassword($user['username'], $raw_password);
// send email with new password, user username from db here to email user with the
// username in the exact CaSe they registered with
$mailer = new rtkMail();
$mailer->sendForgotPasswordConfirmation($user['email'], $user['username'], $raw_password);
return 'MailSent';
} else {
$request->setError('email_invalid', 'Sorry, no user found with that email address.');
return coreView::SUCCESS;
}
}
}
