Resolved : Routing, password validation via a emailed link, problem

1

Hi,
Im trying to create a password reset procedure. The user will receive an email, with a link. The link consist of route with userid and reset key
The user need to enter 2 password with validation, password the same, before the form will be submitted. Using vlucas/valitron validation.

The problem im having is that I cant pass values the userid and reset key in the route, the only way I got it to work is to sacrifice the password validation routines.

The link in the email http://…/auth/reset/1/c15ec3a77934f0beda55

The route.

$this->get('/reset/{_userid}/{_key}', App\Controllers\Auth\ForgotController::class . ':reset1')->setName('auth.reset');
$this->post('/reset', App\Controllers\Auth\ForgotController::class . ':reset2');

The twig file.

<form action="{{ route('auth.reset') }}" method="POST">
                            <input type="hidden" name="{{ csrf.key }}" value="{{ csrf.token }}">
                            <input type="hidden" name="userid" value="{{ data1.userid }}">
                            <input type="hidden" name="key" value="{{ data1.key }}">

                            <div class="form-group">
                                <label for="password">Password</label>
                                <input type="password" name="password" class="form-control{{ errors.password ? ' is-invalid' : '' }}" id="password">

                                {% if errors.password %}
                                    <div class="invalid-feedback">
                                        {{ errors.password | first }}
                                    </div>
                                {% endif %}
                            </div>
                            <div class="form-group">
                                <label for="password_confirmation">Password confirmation</label>
                                <input type="password" name="password_confirmation" class="form-control{{ errors.password_confirmation ? ' is-invalid' : '' }}" id="password_confirmation">

                                {% if errors.password_confirmation %}
                                    <div class="invalid-feedback">
                                        {{ errors.password_confirmation | first }}
                                    </div>
                                {% endif %}
                            </div>

                            <button type="submit" class="btn btn-primary">Change password</button>
  </form>

The functions

public function reset1(Request $request, Response $response, DB $db, Flash $flash, $_userid=null, $_key=null) {

        $userinfo = [
            'userid' => $_userid,
            'key' => $_key
        ];
        return $this->view->render($response, 'auth/reset.twig', compact('userinfo'));
    }

  public function reset2(Request $request, Response $response) {
       $data = $this->validatePassword($request);
       // do more stuff
   }

protected
            function validatePassword(Request $request) {
        return $this->validate($request, [
                    'password' => ['required'],
                    'password_confirmation' => ['required', ['equals', 'password']],
        ]);
    }
2

I think that the best way to solve your problem is using get parameters like : http://…/auth/reset?_userid=example&_key=examplekey

Routes:
$this->get('/reset', App\Controllers\Auth\ForgotController::class . ':reset1')

And some Controller as:

 public function reset1(Request $request, Response $response)
{
    // acces to query params
    $userinfo = $request->getQueryParams()

    // do more stuff
}
1 Like
3

In rest1 method variable name is $userinfo but in twig template you access data with data1.userid and data1.key. not understood. possible way is userinfo.userid and userinfo.key.
As per documentation Router - Slim Framework you can get those data _userid and _key with $args as below.
public function reset1(Request $request, Response $response, $args, DB $db, Flash $flash) {

    $userinfo = [
        'userid' => $args['_userid'],
        'key' => $args['_key']
    ];
    return $this->view->render($response, 'auth/reset.twig', compact('userinfo'));
}

This might be solve your problem.

4

Thank you, this work 100%

1 Like
5

Thank you for responding

1 Like
6

You are welcome. Its my pleasure