/**
* Do password reset.
*
* @access public
* @since 2.0.0
*
* @param int $UserID Unique.
* @param string $PasswordResetKey Authenticate with unique, 1-time code sent via email.
*/
public function passwordReset($UserID = '', $PasswordResetKey = '')
{
$PasswordResetKey = trim($PasswordResetKey);
if (!is_numeric($UserID) || $PasswordResetKey == '' || $this->UserModel->getAttribute($UserID, 'PasswordResetKey', '') != $PasswordResetKey) {
$this->Form->addError('Failed to authenticate your password reset request. Try using the reset request form again.');
Logger::event('password_reset_failure', Logger::NOTICE, '{username} failed to authenticate password reset request.');
$this->fireEvent('PasswordResetFailed', ['UserID' => $UserID]);
}
$Expires = $this->UserModel->getAttribute($UserID, 'PasswordResetExpires');
if ($this->Form->errorCount() === 0 && $Expires < time()) {
$this->Form->addError('@' . t('Your password reset token has expired.', 'Your password reset token has expired. Try using the reset request form again.'));
Logger::event('password_reset_failure', Logger::NOTICE, '{username} has an expired reset token.');
$this->fireEvent('PasswordResetFailed', ['UserID' => $UserID]);
}
if ($this->Form->errorCount() == 0) {
$User = $this->UserModel->getID($UserID, DATASET_TYPE_ARRAY);
if ($User) {
$User = arrayTranslate($User, array('UserID', 'Name', 'Email'));
$this->setData('User', $User);
}
} else {
$this->setData('Fatal', true);
}
if ($this->Form->errorCount() == 0 && $this->Form->isPostBack() === true) {
$Password = $this->Form->getFormValue('Password', '');
$Confirm = $this->Form->getFormValue('Confirm', '');
if ($Password == '') {
$this->Form->addError('Your new password is invalid');
Logger::event('password_reset_failure', Logger::NOTICE, 'Failed to reset the password for {username}. Password is invalid.');
} elseif ($Password != $Confirm) {
$this->Form->addError('Your passwords did not match.');
}
Logger::event('password_reset_failure', Logger::NOTICE, 'Failed to reset the password for {username}. Passwords did not match.');
if ($this->Form->errorCount() == 0) {
$User = $this->UserModel->passwordReset($UserID, $Password);
Logger::event('password_reset', Logger::NOTICE, '{username} has reset their password.');
Gdn::session()->start($User->UserID, true);
// $Authenticator = Gdn::authenticator()->AuthenticateWith('password');
// $Authenticator->FetchData($Authenticator, array('Email' => $User->Email, 'Password' => $Password, 'RememberMe' => FALSE));
// $AuthUserID = $Authenticator->Authenticate();
redirect('/');
}
}
$this->render();
}