/**
* Gets the NEW password from HTTP request parameter, decrypts it and writes
* the decrypted value back into _POST request.
* Note: Writing to _POST directly, as there doesn't seem to be another way,
* because the parent function will re-read from request (i.e. _POST).
*
* @see the parent class function for parameters and return value
*/
protected function processPasswordChange($userLogin)
{
$password = Common::getRequestvar('password', false);
CryptoForm::decryptAndWriteToPost('password', $password);
$passwordBis = Common::getRequestvar('passwordBis', false);
CryptoForm::decryptAndWriteToPost('passwordBis', $passwordBis);
// call the original function on the decrypted values
return parent::processPasswordChange($userLogin);
}
private function processPasswordChange($userLogin)
{
$alias = Common::getRequestVar('alias');
$email = Common::getRequestVar('email');
$newPassword = false;
$password = Common::getRequestvar('password', false);
$passwordBis = Common::getRequestvar('passwordBis', false);
if (!empty($password) || !empty($passwordBis)) {
if ($password != $passwordBis) {
throw new Exception($this->translator->translate('Login_PasswordsDoNotMatch'));
}
$newPassword = $password;
}
// UI disables password change on invalid host, but check here anyway
if (!Url::isValidHost() && $newPassword !== false) {
throw new Exception("Cannot change password with untrusted hostname!");
}
APIUsersManager::getInstance()->updateUser($userLogin, $newPassword, $email, $alias);
if ($newPassword !== false) {
$newPassword = Common::unsanitizeInputValue($newPassword);
}
// logs the user in with the new password
if ($newPassword !== false) {
$sessionInitializer = new SessionInitializer();
$auth = StaticContainer::get('Piwik\\Auth');
$auth->setLogin($userLogin);
$auth->setPassword($password);
$sessionInitializer->initSession($auth, $rememberMe = false);
}
}
private function processPasswordChange($userLogin)
{
$alias = Common::getRequestVar('alias');
$email = Common::getRequestVar('email');
$newPassword = false;
$password = Common::getRequestvar('password', false);
$passwordBis = Common::getRequestvar('passwordBis', false);
if (!empty($password) || !empty($passwordBis)) {
if ($password != $passwordBis) {
throw new Exception(Piwik::translate('Login_PasswordsDoNotMatch'));
}
$newPassword = $password;
}
// UI disables password change on invalid host, but check here anyway
if (!Url::isValidHost() && $newPassword !== false) {
throw new Exception("Cannot change password with untrusted hostname!");
}
if (Piwik::isUserIsSuperUser()) {
$superUser = Config::getInstance()->superuser;
$updatedSuperUser = false;
if ($newPassword !== false) {
$newPassword = Common::unsanitizeInputValue($newPassword);
$md5PasswordSuperUser = md5($newPassword);
$superUser['password'] = $md5PasswordSuperUser;
$updatedSuperUser = true;
}
if ($superUser['email'] != $email) {
$superUser['email'] = $email;
$updatedSuperUser = true;
}
if ($updatedSuperUser) {
Config::getInstance()->superuser = $superUser;
Config::getInstance()->forceSave();
}
} else {
APIUsersManager::getInstance()->updateUser($userLogin, $newPassword, $email, $alias);
if ($newPassword !== false) {
$newPassword = Common::unsanitizeInputValue($newPassword);
}
}
// logs the user in with the new password
if ($newPassword !== false) {
\Piwik\Registry::get('auth')->initSession($userLogin, md5($newPassword), $rememberMe = false);
}
}
