_user = UserModel::findByPasswordResetToken($token); if (!$this->_user) { throw new InvalidParamException('Wrong password reset token.'); } parent::__construct($config); } /** * Resets password. * * @return boolean if password was reset. */ public function setPassword() { $user = $this->_user; $user->setScenario('setPassword'); $user->setPassword($this->password); $user->removePasswordResetToken(); return $user->save(false); } }