Forgot > Finish * @copyright Tamaranga */ class ForgotFinish extends AuthForm { /** @var string */ public $title = ''; public function init() { parent::init(); $this->setTemplate('auth/forgot.finish', 'users'); } public function data() { $data = parent::data(); if ($this->request->user()) { return Users::redirectToAccountSettings(); } $data['social'] = $this->fromSocial(); $data['code'] = $this->request->get('code', [TYPE_NOTAGS, 'limit' => 100]); $data['login_url'] = $this->loginUrl(); return $data; } public function fromSocial() { return $this->request->get('social', TYPE_BOOL); } public function validate($data = []) { $data = $this->validateUsingRules($data, [ 'code' => [TYPE_NOTAGS, 'limit' => 100], 'password' => [TYPE_NOTRIM], ]); $this->security->validatePassword($data['password']); if ($this->errors->no()) { $data = $this->validateBlocks($data); } return $data; } public function submit() { do { if ($this->request->user()) { $this->errors->reloadPage(); break; } if (! $this->security->validateReferer()) { $this->errors->reloadPage(); break; } $data = $this->validate(); if ($this->errors->any()) { break; } # Get user account data by recovery code $user = Users::model()->userDataByFilter( [ 'blocked' => 0, 'activate_key' => $data['code'], ['activate_expire > :expire', ':expire' => $this->db->now()], ], ['user_id', 'email', 'password', 'password_salt', 'activated'] ); # Не нашли, возможные причины: # 1) Истек срок действия ссылки восстановления / неверная ссылка восстановления # 2) Аккаунт заблокирован # 3) Запрещаем смену пароля администраторам if (empty($user) || Users::model()->userIsAdministrator($user['user_id'])) { $this->errors->set(_t('users', 'The password recovery link has expired or the link is invalid, retry.', [ 'link_fogot' => $this->forgotUrl(), ])); break; } $userID = $user['user_id']; # Update password & activate account (confirm email) Users::userActivate($userID, [ 'password' => $data['password'], 'passwordSalt' => $user['password_salt'], 'verifyEmail' => $this->emailOnly(), 'verifyPhone' => $this->phoneOnly(), # todo: $this->phoneAndEmail() 'registeredEvent' => empty($user['activated']), ]); # Link social account if ($this->fromSocial()) { Users::social()->authFinish($userID); } # Show success & redirect to login page $this->respond('success_message', _t('users', 'Your password has been changed successfully.')); $this->respond('redirect', $this->loginUrl()); } while (false); return parent::submit(); } }