function executeNewPasswordReset($user_guid, $conf_code, $password = null)
{
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($password === null) {
$password = generate_random_cleartext_password();
$reset = true;
} else {
$reset = false;
}
if (!$user instanceof \ElggUser) {
return false;
}
$saved_code = $user->getPrivateSetting('passwd_conf_code');
$code_time = (int) $user->getPrivateSetting('passwd_conf_time');
$codes_match = _elgg_services()->crypto->areEqual($saved_code, $conf_code);
if (!$saved_code || !$codes_match) {
return false;
}
// Discard for security if it is 24h old
if (!$code_time || $code_time < time() - 24 * 60 * 60) {
return false;
}
if (!$this->forcePasswordReset($user, $password)) {
return false;
}
remove_private_setting($user_guid, 'passwd_conf_code');
remove_private_setting($user_guid, 'passwd_conf_time');
// clean the logins failures
reset_login_failure_count($user_guid);
$ns = $reset ? 'resetpassword' : 'changepassword';
$message = _elgg_services()->translator->translate("email:{$ns}:body", array($user->username, $password), $user->language);
$subject = _elgg_services()->translator->translate("email:{$ns}:subject", array(), $user->language);
$params = ['action' => $ns, 'object' => $user, 'password' => $password];
notify_user($user->guid, elgg_get_site_entity()->guid, $subject, $message, $params, 'email');
return true;
}