<?php
list('activationCode'=>$code, 'email'=>$email, 'password'=>$password, 'confirm'=>$confirm) = $_POST;
// print_r($_POST);exit;
$core = $package->compo('Core');
// Check that activation code is valid.
if (!$core->checkActivationCode($code)){
//@TODO Create global keys for different urls that will survive changes to the actual urls
$lia->gotoWithMessage($package->url('/reset-password/'), "The code/link you used is invalid. Please reset your password to try again.");
return;
}
$user = $core->userFromEmail($email);
// lookup submitted activation code & ensure that user_ids match
$details = $core->activationDetails($code);
if ($user==null || (int)$details['user_id']!==(int)$user->id){
// @TODO Implement throttling. See https://github.com/davedevelopment/stiphle or implement own solution
// alternative is to delete this activation code & redirect to reset-password, but that's a terrible UX
$lia->gotoWithMessage($package->url('/set-password/'.$code.'/'), "The email you entered is invalid. Please try again.");
return;
}
$passwordMessage = 'Your password did not meet the requirements. Please try again.';
$wrongPasswordUrl = $package->url('/set-password/'.$code.'/');
//check password validity. See the PasswordRequirements view & make sure it's consistent between the two.
$c = 0;
if (strlen($password)<8){
echo 'length problem';exit;
$lia->gotoWithMessage($wrongPasswordUrl, $passwordMessage);
return;
}
if (preg_match('/[A-Z]/',$password)===1){
$c++;
}
if (preg_match('/[a-z]/',$password)===1){
$c++;
}
if (preg_match('/[0-9]/', $password)===1){
$c++;
}
$symbols = "!@#$%^&*?.,_:;(){}[]<&>\/|+-='\"`~";
$symbols = str_split($symbols,1);
foreach ($symbols as $s){
if (strpos($password, $s)!==false){
$c++;
break;
}
}
if ($c<3){
$lia->gotoWithMessage($wrongPasswordUrl, $passwordMessage);
return;
}
if ($password!==$confirm){
//@TODO when redirecting, include their email address
$lia->gotoWithMessage($wrongPasswordUrl, "Your passwords did not match. Please try again.");
return;
}
if (!$core->setPassword($user, $password)
||!$core->completeActivation($user,$code)){
$lia->gotoWithMessage($package->url('/reset-password/'), "There was an internal error setting your new password. Please reset your password & try again.");
return;
}
if (!$core->login($user)){
$lia->gotoWithMessage($package->url('/login/'), "Due to an internal error, we could not log you in automatically. You may login with your new password.");
return;
}
$lia->gotoWithMessage($package->url('/'), "Your password has been updated & you've been logged in.");
return;