Auth forgot password question

[appel268576]

Hi there.

I have made use of this very handy tutorial that helped me set up a
user authentication system within about 10 mins.

I added an extra function which is basically the ability to allow
users to request a new password, user receives an email with the new
password, however this password is the already hashed password, NOT
WHAT I WANT.

Do you know where I could be going wrong?

Below is the code

VIEW

<?php
echo $form->create('User', array('action' => 'forgotpassword'));
echo $form->input('email', array('label' => ''));
echo $form->end('Reset Password');
?>

CONTROLLER

function forgotpassword() {
                if(!empty($this->data)) {
                        $this->User->recursive = 0;
                        $user = 
$this->User->findByEmail($this->data['User']['email']);
                        if($user) {
                                $user['User']['tmp_password'] = 
$this->User->createTempPassword
(7);
                                $user['User']['password'] = 
$this->Auth->password($user['User']
['tmp_password']);

                                if($this->User->save($user, false)) {
                                        // send a mail to finish the 
registration
                        $this->Email->to = $this->data['User']['email'];
                        $this->Email->subject = 'XYZ new password';
                        $this->Email->replyTo = 'nore...@xyz.com';
                        $this->Email->from = 'XYZ New Password
<nore...@xyz.com>';
                        $this->Email->sendAs = 'text';
                        $this->Email->charset = 'utf-8';
                        $body = "Please visit  
http://localhost:8888/xyz/users/login.
Your new password: {$user['User']['password']}";

                        if ($this->Email->send($body)) {
                            $this->Session->setFlash(__('Your new password
has been sent, please check your inbox', true), 'warning');
                        } else {
                            $this->Session->setFlash(__('Failed to send the
confirmation email. Please contact the administrator at supp...@xxx',
true), 'error');
                        }
                        $this->redirect(array('controller' => 'users',
'action' => 'login'));
                                }
                        } else {
                                $this->Session->setFlash('No user was found 
with the submitted
email address.');
                        }
                }
        }

MODEL

function createTempPassword($len) {
                $pass = '';
                $lchar = 0;
                $char = 0;
                for($i = 0; $i < $len; $i++) {
                        while($char == $lchar) {
                                $char = rand(48, 109);
                                if($char > 57) $char += 7;
                                if($char > 90) $char += 6;
                        }
                        $pass .= chr($char);
                        $lchar = $char;
                }
                return $pass;
        }

--

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-...@googlegroups.com.
To unsubscribe from this group, send email to 
cake-php+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=.