Backend\Modules\Authentication\Actions\ResetPassword::isUserAllowed PHP Method

isUserAllowed() private method

The user is allowed on this page
private isUserAllowed ( ) : boolean
return boolean
    private function isUserAllowed()
    {
        // catch the key and e-mail address from GET
        $this->email = urldecode(\SpoonFilter::getGetValue('email', null, ''));
        $this->key = \SpoonFilter::getGetValue('key', null, '');
        // if the email or the key aren't set, redirect the user
        if ($this->email !== '' && $this->key !== '') {
            // fetch the user
            $userId = BackendUsersModel::getIdByEmail($this->email);
            $this->user = new BackendUser($userId);
            $requestTime = $this->user->getSetting('reset_password_timestamp');
            // check if the request was made within 24 hours
            if (time() - $requestTime > 86400) {
                // remove the reset_password_key and reset_password_timestamp usersettings
                BackendUsersModel::deleteResetPasswordSettings($userId);
                // redirect to the login form, with a timeout error
                $this->redirect(BackendModel::createURLForAction('Index', null, null, array('reset' => 'timeout')));
            }
            // check if the provided key matches the one in the user record
            if ($this->key === $this->user->getSetting('reset_password_key')) {
                return true;
            }
        }
        // if we made it here the user is not allowed to access this page
        return false;
    }