/**
* Validate the new email for a user
*/
public function validateNewEmail()
{
$tokenData = json_decode(Crypto::aes256Decode(base64_decode($this->token)), true);
try {
if (!$tokenData) {
// Token format is not valid
throw new \Exception();
}
$user = User::getById($tokenData['userId']);
if ($user->email !== $tokenData['currentEmail']) {
// Token does not have the correct email corresponding to the user email
throw new \Exception();
}
if ($tokenData['createTime'] < time() - 86400) {
// Token has expired
throw new \Exception();
}
// Everything OK, change the user's email address
$user->set('email', $tokenData['newEmail']);
$user->save();
// Disconnect the user
session_destroy();
$status = 'success';
$messageKey = 'main.reset-email-success';
} catch (\Exception $e) {
$messageKey = 'main.reset-email-invalid-token';
$status = 'error';
}
$this->addJavaScriptInline('
require(["app"], function(){
app.notify("' . $status . '", "' . addcslashes(Lang::get($messageKey), '"') . '");
});');
return MainController::getInstance()->main();
}
/**
* Display and treat the form to reset the user's password
*/
public function resetPassword()
{
$form = new Form(array('id' => 'reset-password-form', 'fieldsets' => array('form' => array(new TextInput(array('name' => 'code', 'required' => true, 'label' => Lang::get($this->_plugin . '.reset-pwd-form-code-label'))), new PasswordInput(array('name' => 'password', 'required' => true, 'label' => Lang::get($this->_plugin . '.reset-pwd-form-password-label'), 'encrypt' => array('\\Hawk\\Crypto', 'saltHash'))), new PasswordInput(array('name' => 'confirmation', 'required' => true, 'compare' => 'password', 'label' => Lang::get($this->_plugin . '.reset-pwd-form-confirmation-label')))), 'submits' => array(new SubmitInput(array('name' => 'valid', 'label' => Lang::get($this->_plugin . '.valid-button'))), new ButtonInput(array('name' => 'cancel', 'label' => Lang::get($this->_plugin . '.cancel-button'), 'href' => App::router()->getUri('login'), 'target' => 'dialog')))), 'onsuccess' => 'app.dialog(app.getUri("login"));'));
if (!$form->submitted()) {
return Dialogbox::make(array('title' => Lang::get($this->_plugin . '.reset-pwd-form-title'), 'icon' => 'lock-alt', 'page' => $form));
} else {
if ($form->check()) {
// Check the verficiation code
if ($form->getData('code') !== Crypto::aes256Decode(App::session()->getData('forgottenPassword.code'))) {
$form->error('code', Lang::get($this->_plugin . '.reset-pwd-form-bad-verification-code'));
return $form->response(Form::STATUS_CHECK_ERROR);
}
try {
$user = User::getByEmail(App::session()->getData('forgottenPassword.email'));
if ($user) {
$user->set('password', $form->inputs['password']->dbvalue());
$user->save();
} else {
return $form->response(Form::STATUS_ERROR, App::session()->getData('forgottenPassword.email'));
}
return $form->response(Form::STATUS_SUCCESS, Lang::get($this->_plugin . '.reset-pwd-form-success'));
} catch (\Exception $e) {
return $form->response(Form::STATUS_ERROR, Lang::get($this->_plugin . '.reset-pwd-form-error'));
}
}
}
}
