The password reset link is invalid or expired.
' - . 'You can request a new one here or change your password after' - . ' you log in.
', + . 'You can request a new one here or change your password after' + . ' you log in.
', [ 'link1' => Security::lost_password_url(), 'link2' => Security::login_url(), @@ -267,11 +268,24 @@ public function doChangePassword(array $data, $form) // Clear locked out status $member->LockedOutUntil = null; $member->FailedLoginCount = null; + // Clear the members login hashes $member->AutoLoginHash = null; $member->AutoLoginExpired = DBDatetime::create()->now(); $member->write(); + // Create a successful 'LoginAttempt' as the password is reset + $loginAttempt = LoginAttempt::create(); + $loginAttempt->Status = LoginAttempt::SUCCESS; + $loginAttempt->MemberID = $member->ID; + + if ($member->Email) { + $loginAttempt->setEmail($member->Email); + } + + $loginAttempt->IP = $this->getRequest()->getIP(); + $loginAttempt->write(); + if ($member->canLogin()) { $identityStore = Injector::inst()->get(IdentityStore::class); $identityStore->logIn($member, false, $this->getRequest()); @@ -279,9 +293,10 @@ public function doChangePassword(array $data, $form) $session->clear('AutoLoginHash'); - // Redirect to backurl + // Redirect to back url $backURL = $this->getBackURL(); - if ($backURL + if ( + $backURL // Don't redirect back to itself && $backURL !== Security::singleton()->Link('changepassword') ) {