Am quite new to Yii framework. I hit a problem with one of the existing Yii application.
There is a “forgot password” feature there. It's working like, enter username and security question answer. If both are correct, the system will send one link to the user’s email for password reset. Below is the function:
public function actionCheckAnswer()
{
if(IS_AJAX && isset($_POST['answer']) && isset($_POST['username']))
{
$username=$_POST['username'];
$answer=$_POST['answer'];
$user=User::model()->findByAttributes(array('username'=>$username));
if($user!=null)
{
$realAnswer = $user->secretAnswer;
if(strlen($realAnswer)>0)
{
$profile=Profile::model()->findByAttributes(array('userId'=>$user->id));
if($this->checkAnswerSpam($profile->id))
{
if(strtolower($realAnswer)==strtolower($answer))
{
Activity::log(22, null, $profile->id, -1);
$stamp=Activity::model()->getLogTime(null, $profile->id, -1, 22);
$hash=$profile->id.'_'.sha1($profile->id.$stamp);
$url=Yii::app()->createAbsoluteUrl('site/recover').'/'.$hash;
echo $url;
$this->sendPasswordRecoveryLink($profile->fullName, $profile->email, $url);
//echo '<br />'.CHtml::link($url, $url).'<br />';
echo 'Correct! A link to your password recovery form has been sent to your e-mail. The link expires in 1 hour.<br />If you don\'t receive a mail, please check your spam folder.';
} else {
Activity::log(24, null, $profile->id, -1);
echo 'Sorry, that answer is not correct.';
}
}
} else {
echo 'Sorry, you have not set a secret question answer.';
}
} else {
echo 'No user "'.$username.'" found.';
}
}
}
Currently, this function will not send out the email. I did some trouble shooting and found that Activity::log(22, null, $profile->id, -1); gave me an error. If I comment this line then it will send out the email with the password reset link, but it is always an expired link. Below is the log function:
public function log($action=0, $trainingId=null, $profileId=null, $piId=null)
{
if($profileId==null) $profileId=Yii::app()->user->profileId;
if($piId==null) $piId=(isset(Yii::app()->user->piId))?Yii::app()->user->piId:0;
$activity=new Activity;
$activity->trainingId=$trainingId;
$activity->profileId=$profileId;
$activity->piId=$piId;
$activity->action=$action;
$activity->save();
}
Below is the function to check the expiry limit.
public function getLogTime($trainingId, $profileId, $piId, $action)
{
$all = Activity::model()->findAllByAttributes(array(
'trainingId'=>$trainingId,
'profileId'=>$profileId,
'piId'=>$piId,
'action'=>$action,
));
foreach($all as $single) $return = $single;
return $return->timestamp;
}
public function checkRecoveryHash($hash)
{
$explode=explode('_', $hash);
$stamp=$this->getLogTime(null, $explode[0], -1, 22);
if(strlen($stamp)>0)
{
$time=time();
$stamptime=strtotime($stamp);
$passed=$time-$stamptime;
if($passed < 720*720) //1 hour
return true;
else
return false;
}
}
Am not sure which part and how to amend. Can anybody tell me what’s wrong?
