/** * Saves password reset info and sends confirmation email. * * @return array Error message(s) if an error occurs. */ private function resetPasswordFirstStep($form) { $loginMail = $form->getSubmitValue('form_login'); $token = $form->getSubmitValue('form_token'); $password = $form->getSubmitValue('form_password'); // check the password try { Piwik_UsersManager::checkPassword($password); } catch (Exception $ex) { return array($ex->getMessage()); } // get the user's login if ($loginMail === 'anonymous') { return array(Piwik_Translate('Login_InvalidUsernameEmail')); } $user = self::getUserInformation($loginMail); if ($user === null) { return array(Piwik_Translate('Login_InvalidUsernameEmail')); } $login = $user['login']; // if valid, store password information in options table, then... Piwik_Login::savePasswordResetInfo($login, $password); // ... send email with confirmation link try { $this->sendEmailConfirmationLink($user); } catch (Exception $ex) { // remove password reset info Piwik_Login::removePasswordResetInfo($login); return array($ex->getMessage() . '<br/>' . Piwik_Translate('Login_ContactAdmin')); } return null; }
/** * Stores password reset info for a specific login. * * @param string $login The user login for whom a password change was requested. * @param string $password The new password to set. */ public static function savePasswordResetInfo($login, $password) { $optionName = self::getPasswordResetInfoOptionName($login); $optionData = Piwik_UsersManager::getPasswordHash($password); Piwik_SetOption($optionName, $optionData); }
/** * Updates a user in the database. * Only login and password are required (case when we update the password). * When the password changes, the key token for this user will change, which could break * its API calls. * * @see addUser() for all the parameters */ public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false) { Piwik::checkUserIsSuperUserOrTheUser($userLogin); $this->checkUserIsNotAnonymous($userLogin); $this->checkUserIsNotSuperUser($userLogin); $userInfo = $this->getUser($userLogin); if (empty($password)) { $password = $userInfo['password']; } else { $password = Piwik_Common::unsanitizeInputValue($password); if (!$_isPasswordHashed) { Piwik_UsersManager::checkPassword($password); $password = Piwik_UsersManager::getPasswordHash($password); } } if (empty($alias)) { $alias = $userInfo['alias']; } if (empty($email)) { $email = $userInfo['email']; } if ($email != $userInfo['email']) { $this->checkEmail($email); } $alias = $this->getCleanAlias($alias, $userLogin); $token_auth = $this->getTokenAuth($userLogin, $password); $db = Zend_Registry::get('db'); $db->update(Piwik_Common::prefixTable("user"), array('password' => $password, 'alias' => $alias, 'email' => $email, 'token_auth' => $token_auth), "login = '******'"); Piwik_Common::deleteTrackerCache(); Piwik_PostEvent('UsersManager.updateUser', $userLogin); }