Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
b8235c71
Commit
b8235c71
authored
Feb 05, 2014
by
Alexander Makarov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added password reset token expiration
parent
3b95aa9c
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
27 additions
and
8 deletions
+27
-8
User.php
apps/advanced/common/models/User.php
+24
-2
SiteController.php
apps/advanced/frontend/controllers/SiteController.php
+1
-1
PasswordResetRequestForm.php
apps/advanced/frontend/models/PasswordResetRequestForm.php
+1
-1
ResetPasswordForm.php
apps/advanced/frontend/models/ResetPasswordForm.php
+1
-4
No files found.
apps/advanced/common/models/User.php
View file @
b8235c71
...
@@ -67,7 +67,7 @@ class User extends ActiveRecord implements IdentityInterface
...
@@ -67,7 +67,7 @@ class User extends ActiveRecord implements IdentityInterface
* Finds user by username
* Finds user by username
*
*
* @param string $username
* @param string $username
* @return
null|User
* @return
self
*/
*/
public
static
function
findByUsername
(
$username
)
public
static
function
findByUsername
(
$username
)
{
{
...
@@ -75,6 +75,28 @@ class User extends ActiveRecord implements IdentityInterface
...
@@ -75,6 +75,28 @@ class User extends ActiveRecord implements IdentityInterface
}
}
/**
/**
* Finds user by password reset token
*
* @param string $token password reset token
* @return self
*/
public
static
function
findByPasswordResetToken
(
$token
)
{
$expire
=
\Yii
::
$app
->
getParam
(
'user.passwordResetTokenExpire'
,
3600
);
$parts
=
explode
(
'_'
,
$token
);
$timestamp
=
(
int
)
end
(
$parts
);
if
(
$timestamp
+
$expire
<
time
())
{
// token expired
return
null
;
}
return
User
::
find
([
'password_reset_token'
=>
$token
,
'status'
=>
User
::
STATUS_ACTIVE
,
]);
}
/**
* @inheritdoc
* @inheritdoc
*/
*/
public
function
getId
()
public
function
getId
()
...
@@ -124,7 +146,7 @@ class User extends ActiveRecord implements IdentityInterface
...
@@ -124,7 +146,7 @@ class User extends ActiveRecord implements IdentityInterface
*/
*/
public
function
generatePasswordResetToken
()
public
function
generatePasswordResetToken
()
{
{
$this
->
password_reset_token
=
Security
::
generateRandomKey
();
$this
->
password_reset_token
=
Security
::
generateRandomKey
()
.
'_'
.
time
()
;
}
}
/**
/**
...
...
apps/advanced/frontend/controllers/SiteController.php
View file @
b8235c71
...
@@ -87,7 +87,7 @@ class SiteController extends Controller
...
@@ -87,7 +87,7 @@ class SiteController extends Controller
public
function
actionContact
()
public
function
actionContact
()
{
{
$model
=
new
ContactForm
;
$model
=
new
ContactForm
;
if
(
$model
->
load
(
$_POST
)
&&
$model
->
contact
(
Yii
::
$app
->
params
[
'adminEmail'
]
))
{
if
(
$model
->
load
(
$_POST
)
&&
$model
->
contact
(
Yii
::
$app
->
getParam
(
'adminEmail'
)
))
{
Yii
::
$app
->
session
->
setFlash
(
'success'
,
'Thank you for contacting us. We will respond to you as soon as possible.'
);
Yii
::
$app
->
session
->
setFlash
(
'success'
,
'Thank you for contacting us. We will respond to you as soon as possible.'
);
return
$this
->
refresh
();
return
$this
->
refresh
();
}
else
{
}
else
{
...
...
apps/advanced/frontend/models/PasswordResetRequestForm.php
View file @
b8235c71
...
@@ -43,7 +43,7 @@ class PasswordResetRequestForm extends Model
...
@@ -43,7 +43,7 @@ class PasswordResetRequestForm extends Model
$user
->
generatePasswordResetToken
();
$user
->
generatePasswordResetToken
();
if
(
$user
->
save
())
{
if
(
$user
->
save
())
{
return
\Yii
::
$app
->
mail
->
compose
(
'passwordResetToken'
,
[
'user'
=>
$user
])
return
\Yii
::
$app
->
mail
->
compose
(
'passwordResetToken'
,
[
'user'
=>
$user
])
->
setFrom
([
\Yii
::
$app
->
params
[
'supportEmail'
]
=>
\Yii
::
$app
->
name
.
' robot'
])
->
setFrom
([
\Yii
::
$app
->
getParam
(
'supportEmail'
)
=>
\Yii
::
$app
->
name
.
' robot'
])
->
setTo
(
$this
->
email
)
->
setTo
(
$this
->
email
)
->
setSubject
(
'Password reset for '
.
\Yii
::
$app
->
name
)
->
setSubject
(
'Password reset for '
.
\Yii
::
$app
->
name
)
->
send
();
->
send
();
...
...
apps/advanced/frontend/models/ResetPasswordForm.php
View file @
b8235c71
...
@@ -30,10 +30,7 @@ class ResetPasswordForm extends Model
...
@@ -30,10 +30,7 @@ class ResetPasswordForm extends Model
if
(
empty
(
$token
)
||
!
is_string
(
$token
))
{
if
(
empty
(
$token
)
||
!
is_string
(
$token
))
{
throw
new
InvalidParamException
(
'Password reset token cannot be blank.'
);
throw
new
InvalidParamException
(
'Password reset token cannot be blank.'
);
}
}
$this
->
_user
=
User
::
find
([
$this
->
_user
=
User
::
findByPasswordResetToken
(
$token
);
'password_reset_token'
=>
$token
,
'status'
=>
User
::
STATUS_ACTIVE
,
]);
if
(
!
$this
->
_user
)
{
if
(
!
$this
->
_user
)
{
throw
new
InvalidParamException
(
'Wrong password reset token.'
);
throw
new
InvalidParamException
(
'Wrong password reset token.'
);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment