Records settings from the "User Settings" page
| public recordUserSettings ( ) |
/**
* Checks if the provided CURRENT password is correct and calls the parent
* class function if so. Otherwise provides error message.
*
* @see the parent class function for parameters and return value
*/
public function recordUserSettings()
{
try {
$passwordCurrent = Common::getRequestvar('passwordCurrent', false);
$passwordCurrent = Crypto::decrypt($passwordCurrent);
// Note: Compare loosely, so both, "" (password input empty; forms send strings)
// and "password input not sent" are covered - see
// https://secure.php.net/manual/en/types.comparisons.php
if ($passwordCurrent != "") {
$userName = Piwik::getCurrentUserLogin();
// gets username as string or "anonymous"
// see Piwik\Plugins\Login\Auth for used password hash function
// (in setPassword()) and access to hashed password (in getTokenAuthSecret())
if ($userName != 'anonymous') {
$model = new Model();
$user = $model->getUser($userName);
if (UsersManagerEncrypted::getPasswordHash($passwordCurrent) === $user['password']) {
$toReturn = parent::recordUserSettings();
} else {
throw new Exception(Piwik::translate('UsersManagerEncrypted_CurrentPasswordIncorrect'));
}
} else {
throw new Exception(Piwik::translate('UsersManagerEncrypted_UserNotAuthenticated'));
}
} else {
throw new Exception(Piwik::translate('UsersManagerEncrypted_CurrentPasswordNotProvided'));
}
} catch (Exception $e) {
$response = new ResponseBuilder(Common::getRequestVar('format'));
$toReturn = $response->getResponseException($e);
}
return $toReturn;
}
