public function passwordresetAction() { //check the get string for the tokens http://mytoaster.com/login/reset/email/myemail@mytoaster.com/token/adadajqwek123klajdlkasdlkq2e3 $error = false; $form = new Application_Form_PasswordReset(); $email = filter_var($this->getRequest()->getParam('email', false), FILTER_SANITIZE_EMAIL); $token = filter_var($this->getRequest()->getParam('key', false), FILTER_SANITIZE_STRING); if (!$email || !$token) { $error = true; } $resetToken = Application_Model_Mappers_PasswordRecoveryMapper::getInstance()->findByTokenAndMail($token, $email); if (!$resetToken || $resetToken->getStatus() != Application_Model_Models_PasswordRecoveryToken::STATUS_NEW || $this->_isTokenExpired($resetToken)) { $error = true; } if ($error) { $error = false; $this->_helper->flashMessenger->addMessage('Token is incorrect. Please, enter your e-mail one more time.'); return $this->redirect($this->_helper->website->getUrl() . 'login/retrieve/'); } if ($this->getRequest()->isPost()) { if ($form->isValid($this->getRequest()->getParams())) { $resetToken->registerObserver(new Tools_Mail_Watchdog(array('trigger' => Tools_Mail_SystemMailWatchdog::TRIGGER_PASSWORDCHANGE))); $resetData = $form->getValues(); $mapper = Application_Model_Mappers_UserMapper::getInstance(); $user = $mapper->find($resetToken->getUserId()); $user->setPassword($resetData['password']); $mapper->save($user); $resetToken->setStatus(Application_Model_Models_PasswordRecoveryToken::STATUS_USED); Application_Model_Mappers_PasswordRecoveryMapper::getInstance()->save($resetToken); $this->_helper->flashMessenger->addMessage($this->_helper->language->translate('Your password was reset.')); $roleId = $user->getRoleId(); if ($roleId != Tools_Security_Acl::ROLE_ADMIN && $roleId != Tools_Security_Acl::ROLE_SUPERADMIN) { return $this->redirect($this->_helper->website->getUrl()); } return $this->redirect($this->_helper->website->getUrl() . 'go'); } else { $this->_helper->flashMessenger->addMessage($this->_helper->language->translate('Passwords should match')); return $this->redirect($resetToken->getResetUrl()); } } $this->view->messages = $this->_helper->flashMessenger->getMessages(); $this->view->form = $form; }