/** * Validate the new email for a user */ public function validateNewEmail() { $tokenData = json_decode(Crypto::aes256Decode(base64_decode($this->token)), true); try { if (!$tokenData) { // Token format is not valid throw new \Exception(); } $user = User::getById($tokenData['userId']); if ($user->email !== $tokenData['currentEmail']) { // Token does not have the correct email corresponding to the user email throw new \Exception(); } if ($tokenData['createTime'] < time() - 86400) { // Token has expired throw new \Exception(); } // Everything OK, change the user's email address $user->set('email', $tokenData['newEmail']); $user->save(); // Disconnect the user session_destroy(); $status = 'success'; $messageKey = 'main.reset-email-success'; } catch (\Exception $e) { $messageKey = 'main.reset-email-invalid-token'; $status = 'error'; } $this->addJavaScriptInline(' require(["app"], function(){ app.notify("' . $status . '", "' . addcslashes(Lang::get($messageKey), '"') . '"); });'); return MainController::getInstance()->main(); }
/** * Display and treat the form to reset the user's password */ public function resetPassword() { $form = new Form(array('id' => 'reset-password-form', 'fieldsets' => array('form' => array(new TextInput(array('name' => 'code', 'required' => true, 'label' => Lang::get($this->_plugin . '.reset-pwd-form-code-label'))), new PasswordInput(array('name' => 'password', 'required' => true, 'label' => Lang::get($this->_plugin . '.reset-pwd-form-password-label'), 'encrypt' => array('\\Hawk\\Crypto', 'saltHash'))), new PasswordInput(array('name' => 'confirmation', 'required' => true, 'compare' => 'password', 'label' => Lang::get($this->_plugin . '.reset-pwd-form-confirmation-label')))), 'submits' => array(new SubmitInput(array('name' => 'valid', 'label' => Lang::get($this->_plugin . '.valid-button'))), new ButtonInput(array('name' => 'cancel', 'label' => Lang::get($this->_plugin . '.cancel-button'), 'href' => App::router()->getUri('login'), 'target' => 'dialog')))), 'onsuccess' => 'app.dialog(app.getUri("login"));')); if (!$form->submitted()) { return Dialogbox::make(array('title' => Lang::get($this->_plugin . '.reset-pwd-form-title'), 'icon' => 'lock-alt', 'page' => $form)); } else { if ($form->check()) { // Check the verficiation code if ($form->getData('code') !== Crypto::aes256Decode(App::session()->getData('forgottenPassword.code'))) { $form->error('code', Lang::get($this->_plugin . '.reset-pwd-form-bad-verification-code')); return $form->response(Form::STATUS_CHECK_ERROR); } try { $user = User::getByEmail(App::session()->getData('forgottenPassword.email')); if ($user) { $user->set('password', $form->inputs['password']->dbvalue()); $user->save(); } else { return $form->response(Form::STATUS_ERROR, App::session()->getData('forgottenPassword.email')); } return $form->response(Form::STATUS_SUCCESS, Lang::get($this->_plugin . '.reset-pwd-form-success')); } catch (\Exception $e) { return $form->response(Form::STATUS_ERROR, Lang::get($this->_plugin . '.reset-pwd-form-error')); } } } }