public function confirmAction($username = "", $activation = "")
{
if (empty($username) || empty($activation) || !($user = User::where(compact('username', 'activation'))->first())) {
App::abort(400, __('Invalid key.'));
}
if ($user->isBlocked()) {
App::abort(400, __('Your account has not been activated or is blocked.'));
}
if ('POST' === App::request()->getMethod()) {
try {
if (!App::csrf()->validate()) {
throw new Exception(__('Invalid token. Please try again.'));
}
$password = App::request()->request->get('password');
if (empty($password)) {
throw new Exception(__('Enter password.'));
}
if ($password != trim($password)) {
throw new Exception(__('Invalid password.'));
}
$user->password = App::get('auth.password')->hash($password);
$user->activation = null;
$user->save();
App::message()->success(__('Your password has been reset.'));
return App::redirect('@user/login');
} catch (Exception $e) {
$error = $e->getMessage();
}
}
return ['$view' => ['title' => __('Reset Confirm'), 'name' => 'system/user/reset-confirm.php'], 'username' => $username, 'activation' => $activation, 'error' => isset($error) ? $error : ''];
}