/** * Gets the NEW password from HTTP request parameter, decrypts it and writes * the decrypted value back into _POST request. * Note: Writing to _POST directly, as there doesn't seem to be another way, * because the parent function will re-read from request (i.e. _POST). * * @see the parent class function for parameters and return value */ protected function processPasswordChange($userLogin) { $password = Common::getRequestvar('password', false); CryptoForm::decryptAndWriteToPost('password', $password); $passwordBis = Common::getRequestvar('passwordBis', false); CryptoForm::decryptAndWriteToPost('passwordBis', $passwordBis); // call the original function on the decrypted values return parent::processPasswordChange($userLogin); }
private function processPasswordChange($userLogin) { $alias = Common::getRequestVar('alias'); $email = Common::getRequestVar('email'); $newPassword = false; $password = Common::getRequestvar('password', false); $passwordBis = Common::getRequestvar('passwordBis', false); if (!empty($password) || !empty($passwordBis)) { if ($password != $passwordBis) { throw new Exception($this->translator->translate('Login_PasswordsDoNotMatch')); } $newPassword = $password; } // UI disables password change on invalid host, but check here anyway if (!Url::isValidHost() && $newPassword !== false) { throw new Exception("Cannot change password with untrusted hostname!"); } APIUsersManager::getInstance()->updateUser($userLogin, $newPassword, $email, $alias); if ($newPassword !== false) { $newPassword = Common::unsanitizeInputValue($newPassword); } // logs the user in with the new password if ($newPassword !== false) { $sessionInitializer = new SessionInitializer(); $auth = StaticContainer::get('Piwik\\Auth'); $auth->setLogin($userLogin); $auth->setPassword($password); $sessionInitializer->initSession($auth, $rememberMe = false); } }
private function processPasswordChange($userLogin) { $alias = Common::getRequestVar('alias'); $email = Common::getRequestVar('email'); $newPassword = false; $password = Common::getRequestvar('password', false); $passwordBis = Common::getRequestvar('passwordBis', false); if (!empty($password) || !empty($passwordBis)) { if ($password != $passwordBis) { throw new Exception(Piwik::translate('Login_PasswordsDoNotMatch')); } $newPassword = $password; } // UI disables password change on invalid host, but check here anyway if (!Url::isValidHost() && $newPassword !== false) { throw new Exception("Cannot change password with untrusted hostname!"); } if (Piwik::isUserIsSuperUser()) { $superUser = Config::getInstance()->superuser; $updatedSuperUser = false; if ($newPassword !== false) { $newPassword = Common::unsanitizeInputValue($newPassword); $md5PasswordSuperUser = md5($newPassword); $superUser['password'] = $md5PasswordSuperUser; $updatedSuperUser = true; } if ($superUser['email'] != $email) { $superUser['email'] = $email; $updatedSuperUser = true; } if ($updatedSuperUser) { Config::getInstance()->superuser = $superUser; Config::getInstance()->forceSave(); } } else { APIUsersManager::getInstance()->updateUser($userLogin, $newPassword, $email, $alias); if ($newPassword !== false) { $newPassword = Common::unsanitizeInputValue($newPassword); } } // logs the user in with the new password if ($newPassword !== false) { \Piwik\Registry::get('auth')->initSession($userLogin, md5($newPassword), $rememberMe = false); } }