public function act_password_reset()
{
Utils::check_request_method(array('GET'));
$id = $_GET['id'];
$hash = $_GET['hash'];
if ($user = User::get($id)) {
if (is_string($hash) && $user->info->password_reset == md5($hash)) {
// Send a new random password
$password = Utils::random_password();
$user->password = Utils::crypt($password);
if ($user->update()) {
$message = _t("Your password for %1\$s has been reset. Your credentials are as follows---\nUsername: %2\$s\nPassword: %3\$s", array(Site::get_url('habari'), $user->username, $password));
Utils::mail($user->email, _t('[%1$s] Password has been reset for %2$s', array(Options::get('title'), $user->displayname)), $message);
Session::notice(_t('A new password has been sent to the user.'));
} else {
Session::notice(_t('There was a problem resetting the password. It was not reset.'));
}
// Clear the request - it should only work once
unset($user->info->password_reset);
$user->info->commit();
} else {
Session::notice(_t('The supplied password reset token has expired or is invalid.'));
}
}
// Display the login form.
Utils::redirect(URL::get('auth', array('page' => 'login')));
}