- $new_password = User::generateNewPassword();
- $result = User::updatePassword($user['uid'], $new_password);
- if (DBM::is_result($result)) {
- $tpl = get_markup_template('pwdreset.tpl');
- $o .= replace_macros($tpl,
- [
- '$lbl1' => t('Password Reset'),
- '$lbl2' => t('Your password has been reset as requested.'),
- '$lbl3' => t('Your new password is'),
- '$lbl4' => t('Save or copy your new password - and then'),
- '$lbl5' => '<a href="' . System::baseUrl() . '">' . t('click here to login') . '</a>.',
- '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'),
- '$newpass' => $new_password,
- '$baseurl' => System::baseUrl()
- ]);
-
- info("Your password has been reset." . EOL);
-
- $sitename = $a->config['sitename'];
- $preamble = deindent(t('
- Dear %1$s,
- Your password has been changed as requested. Please retain this
- information for your records (or change your password immediately to
- something that you will remember).
- ', $user['username']));
- $body = deindent(t('
- Your login details are as follows:
-
- Site Location: %1$s
- Login Name: %2$s
- Password: %3$s
-
- You may change that password from your account settings page after logging in.
- ', System::baseUrl(), $user['email'], $new_password));
-
- notification([
- 'type' => SYSTEM_EMAIL,
- 'to_email' => $user['email'],
- 'subject' => t('Your password has been changed at %s', $sitename),
- 'preamble' => $preamble,
- 'body' => $body
- ]);
-
- return $o;
+ // Password reset requests expire in 60 minutes
+ if ($user['pwdreset_time'] < DateTimeFormat::utc('now - 1 hour')) {
+ $fields = [
+ 'pwdreset' => null,
+ 'pwdreset_time' => null
+ ];
+ DBA::update('user', $fields, ['uid' => $user['uid']]);
+
+ DI::sysmsg()->addNotice(DI::l10n()->t('Request has expired, please make a new one.'));
+
+ return lostpass_form();