/**
* Process account recovery
*
* @param array $post
* @return bool
*/
protected function processRecoverAccount(array $post) : bool
{
$username = $post['forgot_passphrase_for'];
$airBrake = Gears::get('AirBrake');
if (IDE_HACKS) {
$airBrake = new AirBrake();
}
$failFast = $airBrake->failFast($username, $_SERVER['REMOTE_ADDR'], $airBrake::ACTION_RECOVER);
if ($failFast) {
$this->lens('recover_account', ['form_message' => \__('You are doing that too fast. Please wait a few seconds and try again.')]);
} elseif (!$airBrake->getFastExit()) {
$delay = $airBrake->getDelay($username, $_SERVER['REMOTE_ADDR'], $airBrake::ACTION_RECOVER);
if ($delay > 0) {
\usleep($delay * 1000);
}
}
try {
$recoverInfo = $this->acct->getRecoveryInfo($username);
} catch (UserNotFound $ex) {
// Username not found. Is this a harvester?
$airBrake->registerAccountRecoveryAttempt($username, $_SERVER['REMOTE_ADDR']);
$this->log('Password reset attempt for nonexistent user.', LogLevel::NOTICE, ['username' => $username]);
return false;
}
if (!$recoverInfo['allow_reset'] || empty($recoverInfo['email'])) {
// Opted out or no email address? Act like the user doesn't exist.
$airBrake->registerAccountRecoveryAttempt($username, $_SERVER['REMOTE_ADDR']);
return false;
}
$token = $this->acct->createRecoveryToken((int) $recoverInfo['userid']);
if (empty($token)) {
return false;
}
$state = State::instance();
if (IDE_HACKS) {
$state->mailer = new Sendmail();
$state->gpgMailer = new GPGMailer($state->mailer);
}
$message = (new Message())->addTo($recoverInfo['email'], $username)->setSubject('Password Reset')->setFrom($state->universal['email']['from'] ?? 'no-reply@' . $_SERVER['HTTP_HOST'])->setBody($this->recoveryMessage($token));
try {
if (!empty($recoverInfo['gpg_public_key'])) {
// This will be encrypted with the user's public key:
$state->gpgMailer->send($message, $recoverInfo['gpg_public_key']);
} else {
// This will be sent as-is:
$state->mailer->send($message);
}
} catch (InvalidArgumentException $ex) {
return false;
}
return true;
}
