body('email', $_SESSION['password_reset_email'] ?? '')); $code = trim((string) $request->body('code', '')); $passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService(); if ($request->isMethod('POST')) { if (!Session::checkCsrfToken()) { $errorBag->addGlobal(t('Form expired, please try again')); } elseif ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) { $errorBag->addGlobal(t('Please enter a valid email address')); } elseif ($code === '' || !preg_match('/^\d{6}$/', $code)) { $errorBag->addGlobal(t('Please enter the 6-digit code')); } else { $result = $passwordResetService->verifyCode($email, $code); if ($result['ok'] ?? false) { $_SESSION['password_reset_id'] = (int) $result['reset_id']; unset($_SESSION['password_reset_email']); Flash::success(t('Code verified'), 'password/reset', 'reset_verified'); Router::redirect('password/reset'); } else { $errorBag->addGlobal(t('Invalid or expired code')); } } } $errors = $errorBag->toFlatList(); Buffer::set('title', t('Verify code'));