Reset a forgotten password
Posted: Fri Aug 26, 2011 10:51 am
For reference, I'm using Kohana 3.2 Auth module with ORM driver. Yes, the controller is a little fatter than I'd like, but I don't much feel like mucking about in their user model. What I'd particularly like feedback on are action_forgotpassword() and reset_password(). They feel a little kludgy, but I'm not sure where to improve them. Thanks.
Code: Select all
<?php defined('SYSPATH') or die('No direct script access.');
class Controller_User extends Controller_Template_Basic
{
public function action_index()
{
$this->template->title = "Account Overview";
$this->template->content = View::factory('user/home')
->bind('user', $user);
$user = Auth::instance()->get_user();
// If user isn't logged in, redirect to login page
if (!$user)
{
$this->request->redirect('user/login');
}
}
public function action_login()
{
$this->template->title = "Login";
$this->template->content = View::factory('user/login')
->bind('message', $message);
if ($this->request->method() == HTTP_Request::POST)
{
$remember = array_key_exists('remember', $this->request->post());
$user = Auth::instance()->login($this->request->post('username'), $this->request->post('password'), $remember);
if ($user)
{
$this->request->redirect('user');
}
else
{
$message = "Login failed.";
}
}
}
public function action_logout()
{
Auth::instance()->logout();
$this->request->redirect('user/login');
}
public function action_create()
{
$this->template->title = "Create an Account";
$this->template->content = View::factory('user/create')
->bind('message', $message)
->bind('errors', $errors);
if ($this->request->method() == HTTP_Request::POST)
{
try
{
$user = ORM::factory('user')->create_user($this->request->post(), array(
'username', 'password', 'email',
));
$user->add('roles', ORM::factory('role', array('name' => 'login')));
$message = "Account successfully created for user " . $this->request->post('username');
}
catch (ORM_Validation_Exception $e)
{
$errors = $e->errors('controllers');
}
}
}
public function action_update()
{
$this->template->title = "Update Account Information";
$this->template->content = View::factory('user/update')
->bind('user', $user)
->bind('message', $message)
->bind('errors', $errors);
$user = Auth::instance()->get_user();
if ($this->request->method() == HTTP_Request::POST)
{
try
{
$user->update_user($this->request->post(), array(
'username', 'password', 'email',
));
$message = "Account updated successfully.";
}
catch (ORM_Validation_Exception $e)
{
$errors = $e->errors('controllers');
}
}
}
public function action_forgotpassword()
{
$this->template->title = "Reset Forgotten Password";
$this->template->content = View::factory('user/password')
->bind('message', $message);
if ($this->request->method() == HTTP_Request::POST)
{
$user = ORM::factory('user')
->where('username', '=', $this->request->post('username'))
->where('email', '=', $this->request->post('email'))
->find();
if ($user->loaded())
{
$password_reset = $this->reset_password($user);
if ($password_reset === TRUE)
{
$message = "An email containing your new password has been sent.";
}
else
{
$errors = $password_reset;
}
}
else
{
$message = "User not found.";
}
}
}
public function reset_password(Model_User $user)
{
/**
* Model_User::update_user() requires an array as the first argument
*/
$update['username'] = $user->username;
$update['email'] = $user->email;
$update['password'] = substr(uniqid(), 0, 7);
try
{
$user->update_user($update, array('username', 'email', 'password'));
$msg_body = file_get_contents('media/templates/forgot_password.txt');
$msg_body = str_replace('{@PASSWORD}', $update['password'], $msg_body);
if (!mail($user->email, "Password Reset", $msg_body))
{
$errors['email'] = "Could not send email.";
}
}
catch (ORM_Validation_Exception $e)
{
$errors = $e->errors('controllers');
}
return (isset($errors)) ? $errors : TRUE;
}
}
?>