public function getForgotAction()
{
if ($this->request->isPost()) {
if ($this->request->isAjax()) {
if ($this->token->check('token')) {
$records = UsersForgotPassword::find()->toArray();
$table = array();
$i = 0;
foreach ($records as $record) {
$table[$i] = array();
foreach ($record as $n => $v) {
$table[$i][$n] = $v;
if ($n == 'token' || $n == 'private_key') {
$table[$i][$n] = '***';
}
}
$i++;
}
$records = null;
$data = array('data' => $table);
return $this->sendAjax($data);
}
}
}
}
public function resetPassword($publicKey, $token, $newPassword)
{
$forgot = UsersForgotPassword::findFirstByToken(rawurldecode($token));
if ($forgot == false) {
throw new Auth\Exception(null, 400);
}
$privateKey = Crypto::decrypt(rawurldecode($token), rawurldecode($publicKey));
if ($forgot->private_key != $privateKey) {
$this->userThrottling($forgot->user->id);
$hacked = UsersStatus::findFirstByName(self::STATUS_HACKED);
$forgot->user->status_id = $hacked->id;
$forgot->save();
$forgot->delete();
throw new Auth\Exception(null, 600);
}
$active = UsersStatus::findFirstByName(self::STATUS_ACTIVE);
$forgot->user->status_id = $active->id;
$forgot->user->password = $this->security->hash($this->passwordHash($newPassword));
if ($forgot->save() != false && $forgot->delete() != false) {
$this->flash->success('The new password is stored !');
} else {
foreach ($forgot->getMessages() as $message) {
$this->flash->error($message);
}
}
}
