root/trunk/app/controllers/recovers_controller.php

<?php
/**
*  Chipotle Software TM
*  Manuel Montoya 2002-2008 
*  GPLv3  manuel<at>mononeurona<dot>org
*  @version 0.3
*/ 
 
App::import('Sanitize');

class RecoversController extends AppController {
 
 public $helpers       = array('Javascript', 'Ajax', 'Form', 'Fck', 'Gags');
 
 public $components    = array('Portal', 'Email', 'Adds');
 
 public function beforeFilter() 
 {
    parent::beforeFilter();
    $this->Auth->allow(array('confirm', 'newpwd', 'recover'));
 }
 
 public function recover()
 {
  if ( $this->Auth->user() ):
    $this->msgFlash(__('You are logged', true), '/');
    return false;
  endif;

  $this->pageTitle = __('Recover password', true);
        
  $this->Portal->statics(); // Using Portal component 
        
  $this->layout    = 'portal';
 }
 /*** Recover password check, method to check if email exist and send email ****/
 public function confirm()
 { 
  if ( isset( $this->data['User']['email'] ) ):
       Sanitize::paranoid($this->data['User']['email']);
       $user_id = $this->Recover->User->field('User.id', array('User.email' => $this->data['User']['email'], 'User.active'=>1));
       if ($user_id == null):
               $this->set('error_message', 'Error: email <b>' . $this->data['User']['email'] . '</b> '.__('does not exist on database', true));
               $this->render('check', 'ajax');
       else:  // email exist 
               $this->Recover->deleteAll(array('Recover.user_id' => $user_id));  // remove previous               
           $this->data['Recover']['user_id']  = (int) $user_id;   //the user id
               $this->data['Recover']['random']   = $this->Adds->genPassword(20);
               if ( $this->Recover->save($this->data) ):
             if ( $this->__sendNewUserPwd($this->data['User']['email'], $this->data['Recover']['random'])):
                        $this->set('message', __('Success. An email has been sent to', true).": <b>".$this->data['User']['email']) . "</b>";
                        $this->render('check', 'ajax');
             endif;
           endif;
    endif;
   endif;   
  }
       
  public function newpwd($random = null)
  {  
      if ( $random == null ):  
        redirect('/');
      endif;
      
      $this->layout = 'popup';
      
      $this->pageTitle = __('Karamelo New Password', true);
      
      $conditions = array('random' => $random);
      
      $fields     = array('id', 'user_id');
      
      $data = $this->Recover->find($conditions, $fields);
      
      if ( $data == null ):
         $this->redirect('/');
      else:
     
         $this->data['User']['id']     = $data['Recover']['user_id'];
         $pwd                          = $this->Adds->genPassword(8);
         $this->data['User']['pwd']    = $this->Auth->password($pwd);
         
         if ( $this->Recover->User->save($this->data) ):
              $this->set('pwd', $pwd);
              $this->Recover->del($data['Recover']['user_id']);  //del the row
         endif;
      endif;
 }
 
 private function __sendNewUserPwd($email, $random) 
 {
    $this->Email->to       = $email;
    //$this->Email->bcc    = array('noreply@karamelo.org');  // note
    // this could be just a string too
    $this->Email->subject  = 'Karamelo e-Learning:: recover password';
    $this->Email->replyTo  = 'support@karamelo.org';
    $this->Email->from     = 'Chipotle-software.com';
    $this->Email->template = 'recover'; // note no '.ctp'
    //Send as 'html', 'text' or 'both' (default is 'text')
    $this->Email->sendAs   = 'text'; // because we like to send pretty mail
    //Set view variables as normal
    $this->set('random', $random);
    //Do not pass any args to send() 
    if ( $this->Email->send() ):
            return true;
    else:
            return false;
    endif;
 }
}
?>