Correct for situation where tokens have expired / do not exist

opensolutions · Jan 20, 2016 · 0b4f563 · 0b4f563
1 parent f942293
commit 0b4f563
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/OSS/Controller/Trait/Auth.php b/src/OSS/Controller/Trait/Auth.php
@@ -370,7 +370,7 @@ public function resetPasswordAction()
                 if( $user->cleanExpiredPreferences() )
                     $this->getD2EM()->flush();
 
-                if( !in_array( $form->getValue( 'token' ), $user->getIndexedPreference( 'tokens.password_reset' ) ) )
+                if( !is_array( $user->getIndexedPreference( 'tokens.password_reset' ) ) || !in_array( $form->getValue( 'token' ), $user->getIndexedPreference( 'tokens.password_reset' ) ) )
                 {
                     $this->addMessage(
                         'Invalid username / token combination. Please check your details and try again.',