/** * @param UserModel $user * @param $key * @return bool */ public function saveKey(UserModel $user, $key) { $model = $this->getNewUserKeyModel(); $model->userId = $user->getAttribute('id'); $model->key = $key; $model->expires = new DateTime('+ 1 week'); return $model->save(); }
/** * Do password reset. * * @access public * @since 2.0.0 * * @param int $UserID Unique. * @param string $PasswordResetKey Authenticate with unique, 1-time code sent via email. */ public function passwordReset($UserID = '', $PasswordResetKey = '') { $PasswordResetKey = trim($PasswordResetKey); if (!is_numeric($UserID) || $PasswordResetKey == '' || $this->UserModel->getAttribute($UserID, 'PasswordResetKey', '') != $PasswordResetKey) { $this->Form->addError('Failed to authenticate your password reset request. Try using the reset request form again.'); Logger::event('password_reset_failure', Logger::NOTICE, '{username} failed to authenticate password reset request.'); $this->fireEvent('PasswordResetFailed', ['UserID' => $UserID]); } $Expires = $this->UserModel->getAttribute($UserID, 'PasswordResetExpires'); if ($this->Form->errorCount() === 0 && $Expires < time()) { $this->Form->addError('@' . t('Your password reset token has expired.', 'Your password reset token has expired. Try using the reset request form again.')); Logger::event('password_reset_failure', Logger::NOTICE, '{username} has an expired reset token.'); $this->fireEvent('PasswordResetFailed', ['UserID' => $UserID]); } if ($this->Form->errorCount() == 0) { $User = $this->UserModel->getID($UserID, DATASET_TYPE_ARRAY); if ($User) { $User = arrayTranslate($User, array('UserID', 'Name', 'Email')); $this->setData('User', $User); } } else { $this->setData('Fatal', true); } if ($this->Form->errorCount() == 0 && $this->Form->isPostBack() === true) { $Password = $this->Form->getFormValue('Password', ''); $Confirm = $this->Form->getFormValue('Confirm', ''); if ($Password == '') { $this->Form->addError('Your new password is invalid'); Logger::event('password_reset_failure', Logger::NOTICE, 'Failed to reset the password for {username}. Password is invalid.'); } elseif ($Password != $Confirm) { $this->Form->addError('Your passwords did not match.'); } Logger::event('password_reset_failure', Logger::NOTICE, 'Failed to reset the password for {username}. Passwords did not match.'); if ($this->Form->errorCount() == 0) { $User = $this->UserModel->passwordReset($UserID, $Password); Logger::event('password_reset', Logger::NOTICE, '{username} has reset their password.'); Gdn::session()->start($User->UserID, true); // $Authenticator = Gdn::authenticator()->AuthenticateWith('password'); // $Authenticator->FetchData($Authenticator, array('Email' => $User->Email, 'Password' => $Password, 'RememberMe' => FALSE)); // $AuthUserID = $Authenticator->Authenticate(); redirect('/'); } } $this->render(); }