private function isUserAllowed()
{
// catch the key and e-mail address from GET
$this->email = urldecode(\SpoonFilter::getGetValue('email', null, ''));
$this->key = \SpoonFilter::getGetValue('key', null, '');
// if the email or the key aren't set, redirect the user
if ($this->email !== '' && $this->key !== '') {
// fetch the user
$userId = BackendUsersModel::getIdByEmail($this->email);
$this->user = new BackendUser($userId);
$requestTime = $this->user->getSetting('reset_password_timestamp');
// check if the request was made within 24 hours
if (time() - $requestTime > 86400) {
// remove the reset_password_key and reset_password_timestamp usersettings
BackendUsersModel::deleteResetPasswordSettings($userId);
// redirect to the login form, with a timeout error
$this->redirect(BackendModel::createURLForAction('Index', null, null, array('reset' => 'timeout')));
}
// check if the provided key matches the one in the user record
if ($this->key === $this->user->getSetting('reset_password_key')) {
return true;
}
}
// if we made it here the user is not allowed to access this page
return false;
}