From: Alan Knowles <alan@roojs.com>
Date: Fri, 7 Dec 2018 02:35:47 +0000 (+0800)
Subject: Pman/Login.php
X-Git-Url: http://git.roojs.org/?p=Pman.Base;a=commitdiff_plain;h=3551e742271c5b2c447ac6ea38770210287a0aa9

Pman/Login.php
---

diff --git a/Pman/Login.php b/Pman/Login.php
index ddd353f..7aa7068 100644
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -462,20 +462,26 @@ class Pman_Login extends Pman
         //$u->company_id = $this->company->id;
         $u->active = 1;
         if (!$u->get($id) || !strlen($u->passwd)) {
-            return "invalid id";
+            $this->jerr("Password reset link is not valid (id)");
         }
         
         // validate key.. 
         if ($key != $u->genPassKey($t)) {
-            $this->jerr("Passwor reset key is not valid");
+            $this->jerr("Password reset link is not valid ($key)");
         }
+	
+	if ($t < strtotime("NOW - 1 DAY")) {
+            $this->jerr("Password reset link has expired");
+        }
+	
         $uu = clone($u);
         $u->no_reset_sent = 0;
+	if ($newpass != false) {
+	    $u->setPassword($newpass);
+	}
         $u->update($uu);
         
-        if ($t < strtotime("NOW - 1 DAY")) {
-            $this->jerr("Password reset link has expired");
-        }
+        
         $this->showNewPass = implode("/", array($id,$t,$key));
         return false;
     }