public function resetPasswordRequest($username, $remoteIP, Event $event)
{
/** @var UsersRepository $repo */
$repo = $this->app['storage']->getRepository('Bolt\\Storage\\Entity\\Users');
/** @var Entity\Users $userEntity */
$userEntity = $repo->getUser($username);
if (!$userEntity) {
// For safety, this is the message we display, regardless of whether user exists.
$this->app['logger.flash']->clear();
$this->app['logger.flash']->info(Trans::__('page.login.password-reset-link-sent', ['%user%' => $username]));
$this->app['dispatcher']->dispatch(AccessControlEvents::RESET_FAILURE, $event);
return false;
}
// Generate shadow password and hash
$shadowPassword = $this->app['randomgenerator']->generateString(12);
$shadowPasswordHash = $this->app['password_factory']->createHash($shadowPassword, '$2y$');
// Generate shadow token and hash
$shadowToken = $this->app['randomgenerator']->generateString(32);
$shadowTokenHash = md5($shadowToken . '-' . str_replace('.', '-', $remoteIP));
// Set the shadow password and related stuff in the database.
$userEntity->setShadowpassword($shadowPasswordHash);
$userEntity->setShadowtoken($shadowTokenHash);
$userEntity->setShadowvalidity(Carbon::create()->addHours(2));
$this->app['storage']->getRepository('Bolt\\Storage\\Entity\\Users')->save($userEntity);
$mailoptions = $this->app['config']->get('general/mailoptions');
// PHP 5.4 compatibility
if (empty($mailoptions)) {
$this->app['logger.flash']->danger(Trans::__('general.phrase.error-mail-options-not-set'));
}
// Sent the password reset notification
$this->resetPasswordNotification($userEntity, $shadowPassword, $shadowToken);
$this->app['dispatcher']->dispatch(AccessControlEvents::RESET_REQUEST, $event);
return true;
}