Fix for token password reset

application/classes/Auth/OSB.php

@@ -129,10 +129,9 @@ class Auth_OSB extends Auth_ORM {
 	public function get_user($tokenuser=TRUE) {
 		$user = parent::get_user();
 
-		// If we are not logged in, see if there is token for the usre
-		if ($tokenuser AND $user === FALSE AND $token=Session::instance()->get('token')) {
+		// If we are not logged in, see if there is token for the user
+		if ($tokenuser AND $user === NULL AND $token=Session::instance()->get('token'))
 			$user = $this->_get_token_user($token);
-		}
 
 		return $user;
 	}

application/classes/Model/Module/Method/Token.php

@@ -94,9 +94,13 @@ class Model_Module_Method_Token extends ORM_OSB {
 			->find();
 
 		if ($mmto->loaded()) {
-			if ((is_null($mmto->date_expire) OR $mmto->date_expire > time()) AND (is_null($mmto->uses) OR $mmto->uses > 0))
-				return $mmto->token;
-			else
+			// Check that the token is still good
+			if ((is_null($mmto->date_expire) OR $mmto->date_expire > time()) AND (is_null($mmto->uses) OR $mmto->uses > 0)) {
+				$this->token = $mmto->token;
+				return $this->token;
+
+			// Token expired
+			} else
 				$mmto->delete();
 		}
 

modules/lnApp/classes/lnApp/Controller/Login.php

@@ -38,6 +38,10 @@ class lnApp_Controller_Login extends Controller_TemplateDefault {
 					HTTP::redirect('user/welcome/index');
 
 			} else {
+				// We are not successful logging in, so delete our session data
+				Session::instance()->delete(Kohana::$config->load('auth')->session_key);
+				Session::instance()->delete('password');
+
 				SystemMessage::add(array(
 					'title'=>_('Invalid username or password'),
 					'type'=>'error',