/**
* This method attempts changing user email. If user's "unconfirmed_email" field is empty is returns false, else if
* somebody already has email that equals user's "unconfirmed_email" it returns false, otherwise returns true and
* updates user's password.
*
* @param string $code
* @return bool
* @throws \Exception
*/
public function attemptEmailChange($code)
{
/** @var Token $token */
$token = $this->finder->findToken(['user_id' => $this->id, 'code' => $code])->andWhere(['in', 'type', [Token::TYPE_CONFIRM_NEW_EMAIL, Token::TYPE_CONFIRM_OLD_EMAIL]])->one();
if (empty($this->unconfirmed_email) || $token === null || $token->isExpired) {
\Yii::$app->session->setFlash('danger', \Yii::t('user', 'Your confirmation token is invalid or expired'));
} else {
$token->delete();
if (empty($this->unconfirmed_email)) {
\Yii::$app->session->setFlash('danger', \Yii::t('user', 'An error occurred processing your request'));
} else {
if (static::find()->where(['email' => $this->unconfirmed_email])->exists() == false) {
if ($this->module->emailChangeStrategy == Module::STRATEGY_SECURE) {
switch ($token->type) {
case Token::TYPE_CONFIRM_NEW_EMAIL:
$this->flags |= self::NEW_EMAIL_CONFIRMED;
\Yii::$app->session->setFlash('success', \Yii::t('user', 'Awesome, almost there. Now you need to click the confirmation link sent to your old email address'));
break;
case Token::TYPE_CONFIRM_OLD_EMAIL:
$this->flags |= self::OLD_EMAIL_CONFIRMED;
\Yii::$app->session->setFlash('success', \Yii::t('user', 'Awesome, almost there. Now you need to click the confirmation link sent to your new email address'));
break;
}
}
if ($this->module->emailChangeStrategy == Module::STRATEGY_DEFAULT || $this->flags & self::NEW_EMAIL_CONFIRMED && $this->flags & self::OLD_EMAIL_CONFIRMED) {
$this->email = $this->unconfirmed_email;
$this->unconfirmed_email = null;
\Yii::$app->session->setFlash('success', \Yii::t('user', 'Your email address has been changed'));
}
$this->save(false);
}
}
}
}
/**
* Displays page where user can reset password.
* @param integer $id
* @param string $code
* @return string
* @throws \yii\web\NotFoundHttpException
*/
public function actionReset($id, $code)
{
if (!$this->module->enablePasswordRecovery) {
throw new NotFoundHttpException();
}
/** @var Token $token */
$token = $this->finder->findToken(['user_id' => $id, 'code' => $code, 'type' => Token::TYPE_RECOVERY])->one();
if ($token === null || $token->isExpired || $token->user === null) {
\Yii::$app->session->setFlash('danger', \Yii::t('user', 'Recovery link is invalid or expired. Please try requesting a new one.'));
return $this->render('/message', ['title' => \Yii::t('user', 'Invalid or expired link'), 'module' => $this->module]);
}
$model = \Yii::createObject(['class' => RecoveryForm::className(), 'scenario' => 'reset']);
$this->performAjaxValidation($model);
if ($model->load(\Yii::$app->getRequest()->post()) && $model->resetPassword($token)) {
return $this->render('/message', ['title' => \Yii::t('user', 'Password has been changed'), 'module' => $this->module]);
}
return $this->render('reset', ['model' => $model]);
}