/**
* Create a user upon call from frontend
* This API method will be called from Controller of this module
*
* @param String $userLogin
* @param String $userPassword
* @param String $userEmail
* @return Boolean
*/
public function createUser($userLogin, $userPassword, $userEmail)
{
if ($userLogin and $userPassword) {
$userManager = UserManagerAPI::getInstance();
if (!$this->userManagerModel->userEmailExists($userEmail) and !$this->userManagerModel->userExists($userLogin)) {
$password = Common::unsanitizeInputValue($userPassword);
UserManager::checkPassword($password);
$passwordTransformed = UserManager::getPasswordHash($password);
$token_auth = $userManager->getTokenAuth($userEmail, $passwordTransformed);
try {
$this->userManagerModel->addUser($userEmail, $passwordTransformed, $userEmail, $userLogin, $token_auth, Date::now()->getDatetime());
return true;
} catch (Exception $e) {
//throw new Exception($e->getMessage());
$this->__errors[] = 'Error in creating the user in database.';
}
} else {
$this->__errors[] = 'User email already exists or the login name already exists';
}
}
return false;
}
/**
* Saves password reset info and sends confirmation email.
*
* @param QuickForm2 $form
* @return array Error message(s) if an error occurs.
*/
private function resetPasswordFirstStep($form)
{
$loginMail = $form->getSubmitValue('form_login');
$password = $form->getSubmitValue('form_password');
// check the password
try {
UsersManager::checkPassword($password);
} catch (Exception $ex) {
return array($ex->getMessage());
}
// get the user's login
if ($loginMail === 'anonymous') {
return array(Piwik::translate('Login_InvalidUsernameEmail'));
}
$user = self::getUserInformation($loginMail);
if ($user === null) {
return array(Piwik::translate('Login_InvalidUsernameEmail'));
}
$login = $user['login'];
// if valid, store password information in options table, then...
Login::savePasswordResetInfo($login, $password);
// ... send email with confirmation link
try {
$this->sendEmailConfirmationLink($user);
} catch (Exception $ex) {
// remove password reset info
Login::removePasswordResetInfo($login);
return array($ex->getMessage() . Piwik::translate('Login_ContactAdmin'));
}
return null;
}
/**
* Updates a user in the database.
* Only login and password are required (case when we update the password).
* When the password changes, the key token for this user will change, which could break
* its API calls.
*
* @see addUser() for all the parameters
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false)
{
Piwik::checkUserIsSuperUserOrTheUser($userLogin);
$this->checkUserIsNotAnonymous($userLogin);
$this->checkUserIsNotSuperUser($userLogin);
$userInfo = $this->getUser($userLogin);
if (empty($password)) {
$password = $userInfo['password'];
} else {
$password = Common::unsanitizeInputValue($password);
if (!$_isPasswordHashed) {
UsersManager::checkPassword($password);
$password = UsersManager::getPasswordHash($password);
}
}
if (empty($alias)) {
$alias = $userInfo['alias'];
}
if (empty($email)) {
$email = $userInfo['email'];
}
if ($email != $userInfo['email']) {
$this->checkEmail($email);
}
$alias = $this->getCleanAlias($alias, $userLogin);
$token_auth = $this->getTokenAuth($userLogin, $password);
$db = Db::get();
$db->update(Common::prefixTable("user"), array('password' => $password, 'alias' => $alias, 'email' => $email, 'token_auth' => $token_auth), "login = '******'");
Cache::deleteTrackerCache();
/**
* Triggered after an existing user has been updated.
*
* @param string $userLogin The user's login handle.
*/
Piwik::postEvent('UsersManager.updateUser.end', array($userLogin));
}
/**
* Updates a user in the database.
* Only login and password are required (case when we update the password).
* When the password changes, the key token for this user will change, which could break
* its API calls.
*
* @see addUser() for all the parameters
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false)
{
Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin);
$this->checkUserIsNotAnonymous($userLogin);
$userInfo = $this->getUser($userLogin);
$passwordHasBeenUpdated = false;
if (empty($password)) {
$password = $userInfo['password'];
} else {
$password = Common::unsanitizeInputValue($password);
if (!$_isPasswordHashed) {
UsersManager::checkPassword($password);
$password = UsersManager::getPasswordHash($password);
}
$passwordHasBeenUpdated = true;
}
if (empty($alias)) {
$alias = $userInfo['alias'];
}
if (empty($email)) {
$email = $userInfo['email'];
}
if ($email != $userInfo['email']) {
$this->checkEmail($email);
}
$alias = $this->getCleanAlias($alias, $userLogin);
$token_auth = $this->getTokenAuth($userLogin, $password);
$this->model->updateUser($userLogin, $password, $email, $alias, $token_auth);
Cache::deleteTrackerCache();
/**
* Triggered after an existing user has been updated.
* Event notify about password change.
*
* @param string $userLogin The user's login handle.
* @param boolean $passwordHasBeenUpdated Flag containing information about password change.
*/
Piwik::postEvent('UsersManager.updateUser.end', array($userLogin, $passwordHasBeenUpdated, $email, $password, $alias));
}
/**
* Checks the reset password's complexity. Will use UsersManager's requirements for user passwords.
*
* Derived classes can override this method to provide fewer or additional checks.
*
* @param string $newPassword The password to check.
* @throws Exception if $newPassword is inferior in some way.
*/
protected function checkNewPassword($newPassword)
{
UsersManager::checkPassword($newPassword);
}
