PasswordResetModel::verifyPasswordReset PHP Method

PasswordResetModel Class Documentation Usage Examples Of PasswordResetModel::verifyPasswordReset Exibir arquivo Open project: panique/huge

verifyPasswordReset() public static method

Verifies the password reset request via the verification hash token (that's only valid for one hour)

public static verifyPasswordReset ( string $user_name, string $verification_code ) : boolean
$user_name	string	Username
$verification_code	string	Hash token
return	boolean	Success status

    public static function verifyPasswordReset($user_name, $verification_code)
    {
        $database = DatabaseFactory::getFactory()->getConnection();
        // check if user-provided username + verification code combination exists
        $sql = "SELECT user_id, user_password_reset_timestamp\n                  FROM users\n                 WHERE user_name = :user_name\n                       AND user_password_reset_hash = :user_password_reset_hash\n                       AND user_provider_type = :user_provider_type\n                 LIMIT 1";
        $query = $database->prepare($sql);
        $query->execute(array(':user_password_reset_hash' => $verification_code, ':user_name' => $user_name, ':user_provider_type' => 'DEFAULT'));
        // if this user with exactly this verification hash code does NOT exist
        if ($query->rowCount() != 1) {
            Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_RESET_COMBINATION_DOES_NOT_EXIST'));
            return false;
        }
        // get result row (as an object)
        $result_user_row = $query->fetch();
        // 3600 seconds are 1 hour
        $timestamp_one_hour_ago = time() - 3600;
        // if password reset request was sent within the last hour (this timeout is for security reasons)
        if ($result_user_row->user_password_reset_timestamp > $timestamp_one_hour_ago) {
            // verification was successful
            Session::add('feedback_positive', Text::get('FEEDBACK_PASSWORD_RESET_LINK_VALID'));
            return true;
        } else {
            Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_RESET_LINK_EXPIRED'));
            return false;
        }
    }

Usage Example

Exemplo n.º 1

Exibir arquivo

Arquivo: LoginController.php Projeto: panique/huge

 /**
  * Verify the verification token of that user (to show the user the password editing view or not)
  * @param string $user_name username
  * @param string $verification_code password reset verification token
  */
 public function verifyPasswordReset($user_name, $verification_code)
 {
     // check if this the provided verification code fits the user's verification code
     if (PasswordResetModel::verifyPasswordReset($user_name, $verification_code)) {
         // pass URL-provided variable to view to display them
         $this->View->render('login/resetPassword', array('user_name' => $user_name, 'user_password_reset_hash' => $verification_code));
     } else {
         Redirect::to('login/index');
     }
 }

All Usage Examples Of PasswordResetModel::verifyPasswordReset

PasswordResetModel

changePassword

requestPasswordReset

saveChangedPassword

saveNewUserPassword

sendPasswordResetMail

setNewPassword

setPasswordResetDatabaseToken

validatePasswordChange

validateResetPassword

verifyPasswordReset