$this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
}
+
+ if (!empty($_REQUEST['_verifyCheckSum'])) {
+ if (empty($_REQUEST['id']) ||
+ empty($_REQUEST['ts']) ||
+ empty($_REQUEST['key'])
+
+ ) {
+ $this->jerr("Invalid request to reset password");
+ }
+
+ $this->verifyCheckSum($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
+ $this->jok("Checksum is ok");
+ }
+
// this is 'classic' change password...
if (!empty($_REQUEST['changePassword'])) {
return $this->changePassword($_REQUEST);
}
-
- function resetPassword($id,$t, $key, $newpass )
+ function verifyResetPassword($id,$t, $key)
{
-
- $au = $this->getAuthUser();
+ $au = $this->getAuthUser();
if ($au) {
- return "Already Logged in - no need to use Password Reset";
+ $this->jerr( "Already Logged in - no need to use Password Reset");
}
$u = DB_DataObject::factory('core_person');
if ($t < strtotime("NOW - 1 DAY")) {
$this->jerr("Password reset link has expired");
}
+ return $u;
+
+
+
+ }
+
+
+ function resetPassword($id,$t, $key, $newpass )
+ {
+
+ $u = $this->verifyResetPassword($id,$t,$k);
+
$uu = clone($u);
$u->no_reset_sent = 0;