public function resetPasswordConfirm($token, $remoteIP, Event $event)
{
// Hash the remote caller's IP with the token
$tokenHash = md5($token . '-' . str_replace('.', '-', $remoteIP));
/** @var UsersRepository $repo */
$repo = $this->app['storage']->getRepository('Bolt\\Storage\\Entity\\Users');
if ($userEntity = $repo->getUserShadowAuth($tokenHash)) {
$userAuth = $repo->getUserAuthData($userEntity->getId());
// Update entries
$userEntity->setPassword($userAuth->getShadowpassword());
$userEntity->setShadowpassword(null);
$userEntity->setShadowtoken(null);
$userEntity->setShadowvalidity(null);
$this->app['storage']->getRepository('Bolt\\Storage\\Entity\\Users')->save($userEntity);
$this->app['logger.flash']->clear();
$this->app['logger.flash']->success(Trans::__('general.access-control.reset-successful'));
$this->app['dispatcher']->dispatch(AccessControlEvents::RESET_SUCCESS, $event);
return true;
} else {
// That was not a valid token, or too late, or not from the correct IP.
$this->app['logger.system']->error('Somebody tried to reset a password with an invalid token.', ['event' => 'authentication']);
$this->app['logger.flash']->error(Trans::__('general.access-control.reset-failed'));
$this->app['dispatcher']->dispatch(AccessControlEvents::RESET_FAILURE, $event);
return false;
}
}