/** * Password reset confirmation action. Finishes the password reset process. * Users visit this action from a link supplied in an email. */ public function confirmResetPassword($messageNoAccess = null) { $login = Common::getRequestVar('login', ''); $storage = new Storage($login); $authCodeValidOrNotRequired = !$storage->isActive(); if (!$authCodeValidOrNotRequired) { $googleAuth = new PHPGangsta\GoogleAuthenticator(); $form = $this->getAuthCodeForm(); if ($form->getSubmitValue('form_authcode') && $form->validate()) { $nonce = $form->getSubmitValue('form_nonce'); if (Nonce::verifyNonce('Login.login', $nonce)) { if ($googleAuth->verifyCode($storage->getSecret(), $form->getSubmitValue('form_authcode'))) { $authCodeValidOrNotRequired = true; } Nonce::discardNonce('Login.login'); $form->getElements()[0]->setError(Piwik::translate('GoogleAuthenticator_AuthCodeInvalid')); } else { $messageNoAccess = $this->getMessageExceptionNoAccess(); } } if (!$authCodeValidOrNotRequired) { return $this->renderAuthCode($login, Piwik::translate('General_ChangePassword'), 0, $messageNoAccess); } } return parent::confirmResetPassword(); }