From: Alan Knowles <alan@roojs.com>
Date: Fri, 7 Dec 2018 02:40:24 +0000 (+0800)
Subject: Pman/Login.php
X-Git-Url: http://git.roojs.org/?p=Pman.Base;a=commitdiff_plain;h=70f4bc125d4dab61e404c7a836d97406c6a5dd65

Pman/Login.php
---

diff --git a/Pman/Login.php b/Pman/Login.php
index ed06d38..536f392 100644
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -460,6 +460,34 @@ class Pman_Login extends Pman
         $uu->update($u);
         $this->jok("done");
         
+    }
+    
+    function verifyResetPassword($id,$t, $key)
+    {
+	$au = $this->getAuthUser();
+        if ($au) {
+            $this->jerr( "Already Logged in - no need to use Password Reset");
+        }
+        
+        $u = DB_DataObject::factory('core_person');
+        //$u->company_id = $this->company->id;
+        $u->active = 1;
+        if (!$u->get($id) || !strlen($u->passwd)) {
+            $this->jerr("Password reset link is not valid (id)");
+        }
+        
+        // validate key.. 
+        if ($key != $u->genPassKey($t)) {
+            $this->jerr("Password reset link is not valid ($key)");
+        }
+	
+	if ($t < strtotime("NOW - 1 DAY")) {
+            $this->jerr("Password reset link has expired");
+        }
+	return true;
+	
+	
+	
     }
     
     
@@ -468,7 +496,7 @@ class Pman_Login extends Pman
         
         $au = $this->getAuthUser();
         if ($au) {
-            return "Already Logged in - no need to use Password Reset";
+            $this->jerr( "Already Logged in - no need to use Password Reset");
         }
         
         $u = DB_DataObject::factory('core_person');