public function getForgotAction() { if ($this->request->isPost()) { if ($this->request->isAjax()) { if ($this->token->check('token')) { $records = UsersForgotPassword::find()->toArray(); $table = array(); $i = 0; foreach ($records as $record) { $table[$i] = array(); foreach ($record as $n => $v) { $table[$i][$n] = $v; if ($n == 'token' || $n == 'private_key') { $table[$i][$n] = '***'; } } $i++; } $records = null; $data = array('data' => $table); return $this->sendAjax($data); } } } }
public function resetPassword($publicKey, $token, $newPassword) { $forgot = UsersForgotPassword::findFirstByToken(rawurldecode($token)); if ($forgot == false) { throw new Auth\Exception(null, 400); } $privateKey = Crypto::decrypt(rawurldecode($token), rawurldecode($publicKey)); if ($forgot->private_key != $privateKey) { $this->userThrottling($forgot->user->id); $hacked = UsersStatus::findFirstByName(self::STATUS_HACKED); $forgot->user->status_id = $hacked->id; $forgot->save(); $forgot->delete(); throw new Auth\Exception(null, 600); } $active = UsersStatus::findFirstByName(self::STATUS_ACTIVE); $forgot->user->status_id = $active->id; $forgot->user->password = $this->security->hash($this->passwordHash($newPassword)); if ($forgot->save() != false && $forgot->delete() != false) { $this->flash->success('The new password is stored !'); } else { foreach ($forgot->getMessages() as $message) { $this->flash->error($message); } } }