Hi,
Im trying to create a password reset procedure. The user will receive an email, with a link. The link consist of route with userid and reset key
The user need to enter 2 password with validation, password the same, before the form will be submitted. Using vlucas/valitron validation.
The problem im having is that I cant pass values the userid and reset key in the route, the only way I got it to work is to sacrifice the password validation routines.
The link in the email http://…/auth/reset/1/c15ec3a77934f0beda55
The route.
$this->get('/reset/{_userid}/{_key}', App\Controllers\Auth\ForgotController::class . ':reset1')->setName('auth.reset');
$this->post('/reset', App\Controllers\Auth\ForgotController::class . ':reset2');
The twig file.
<form action="{{ route('auth.reset') }}" method="POST">
<input type="hidden" name="{{ csrf.key }}" value="{{ csrf.token }}">
<input type="hidden" name="userid" value="{{ data1.userid }}">
<input type="hidden" name="key" value="{{ data1.key }}">
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" class="form-control{{ errors.password ? ' is-invalid' : '' }}" id="password">
{% if errors.password %}
<div class="invalid-feedback">
{{ errors.password | first }}
</div>
{% endif %}
</div>
<div class="form-group">
<label for="password_confirmation">Password confirmation</label>
<input type="password" name="password_confirmation" class="form-control{{ errors.password_confirmation ? ' is-invalid' : '' }}" id="password_confirmation">
{% if errors.password_confirmation %}
<div class="invalid-feedback">
{{ errors.password_confirmation | first }}
</div>
{% endif %}
</div>
<button type="submit" class="btn btn-primary">Change password</button>
</form>
The functions
public function reset1(Request $request, Response $response, DB $db, Flash $flash, $_userid=null, $_key=null) {
$userinfo = [
'userid' => $_userid,
'key' => $_key
];
return $this->view->render($response, 'auth/reset.twig', compact('userinfo'));
}
public function reset2(Request $request, Response $response) {
$data = $this->validatePassword($request);
// do more stuff
}
protected
function validatePassword(Request $request) {
return $this->validate($request, [
'password' => ['required'],
'password_confirmation' => ['required', ['equals', 'password']],
]);
}