isLoggedIn()) throw new UserFacingException('You are already logged in.'); // Verifying an existing reset key? if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2) { $email = rawurldecode($_GET['email']); $id_user = Authentication::getUserid($email); if ($id_user === false) throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.'); $key = $_GET['key']; if (!Authentication::checkResetKey($id_user, $key)) throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.'); parent::__construct('Reset password - ' . SITE_TITLE); $form = new PasswordResetForm($email, $key); $this->page->adopt($form); // Are they trying to set something already? if (isset($_POST['password1'], $_POST['password2'])) { $missing = []; if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1'])) $missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).'; if ($_POST['password1'] != $_POST['password2']) $missing[] = 'The passwords you entered do not match.'; // So, are we good to go? if (empty($missing)) { Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1'])); $_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success']; header('Location: ' . BASEURL . '/login/'); exit; } else $form->adopt(new Alert('Some fields require your attention', '