I have a SiteController and created an action named actionForgotpassword.
The idea is to make a recover password token so when the user clicks a link in his email inbox after he chose to recover his password, the applicaton can verify its authenticity and allow/not allow his password to be changed. The link is something like:
http://localhost/project/index.php?r=site/forgotpassword?token=3dd0e0(..)16712dac3
*localhost for testing locally, not in production
And I have these access rules in the Sites Controller:
public function accessRules()
{
return array(
array('allow',
'actions'=>array('recover', 'forgotpassword', 'login'),
'users'=>array('?'),
),
array('allow',
'actions'=>array('index', 'logout'),
'users'=>array('@'),
),
array('deny',
'users'=>array('*'),
)
);
}
My issue is:
When I access the page like localhost/project/index.php?r=site/forgotpassword everything is OK but when I click the email link and the URL is like:
localhost/project/index.php?r=site/forgotpassword?token=3dd0e0(..)16712dac3
I get redirected to the projects Index (in this case the site/login action).
Why is this adopting this bahavior with parameters in the URL? Do I need to specify anything else in the accessRules?
You have two ? in your reset URL. I assume that you somehow manually created your URL. You should use createUrl() or probably better createAbsoluteUrl() instead:
$url = Yii::app()->createAbsoluteUrl('site/forgotpassword', array(
'token' => $token,
));