/**
* Checks if the provided CURRENT password is correct and calls the parent
* class function if so. Otherwise provides error message.
*
* @see the parent class function for parameters and return value
*/
public function recordUserSettings()
{
try {
$passwordCurrent = Common::getRequestvar('passwordCurrent', false);
$passwordCurrent = Crypto::decrypt($passwordCurrent);
// Note: Compare loosely, so both, "" (password input empty; forms send strings)
// and "password input not sent" are covered - see
// https://secure.php.net/manual/en/types.comparisons.php
if ($passwordCurrent != "") {
$userName = Piwik::getCurrentUserLogin();
// gets username as string or "anonymous"
// see Piwik\Plugins\Login\Auth for used password hash function
// (in setPassword()) and access to hashed password (in getTokenAuthSecret())
if ($userName != 'anonymous') {
$model = new Model();
$user = $model->getUser($userName);
if (UsersManagerEncrypted::getPasswordHash($passwordCurrent) === $user['password']) {
$toReturn = parent::recordUserSettings();
} else {
throw new Exception(Piwik::translate('UsersManagerEncrypted_CurrentPasswordIncorrect'));
}
} else {
throw new Exception(Piwik::translate('UsersManagerEncrypted_UserNotAuthenticated'));
}
} else {
throw new Exception(Piwik::translate('UsersManagerEncrypted_CurrentPasswordNotProvided'));
}
} catch (Exception $e) {
$response = new ResponseBuilder(Common::getRequestVar('format'));
$toReturn = $response->getResponseException($e);
}
return $toReturn;
}
/**
* Decrypts the password (if encrypted) and calls the original function on
* the decrypted value.
*
* @see the parent class function for parameters and return value
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false, $directCall = false)
{
// check if this function is called directly
// Reason: updateUser() is called in following situations:
// 1. With an already decrypted password by:
// * Piwik\Plugins\Login\PasswordResetter::confirmNewPassword()
// on password change via the form before login
// * Controller::processPasswordChange() when any user changes
// their own password in their account settings
// 2. With an encrypted password when called directly by (so,
// decryption is needed in this case):
// * /plugins/UsersManagerEncrypted/javascripts/usersManager.js::sendUpdateUserAJAX()
// when a super user changes someone's password in Piwik user administration.
if ($directCall == 'true') {
$password = Crypto::decrypt($password);
}
return parent::updateUser($userLogin, $password, $email, $alias, $_isPasswordHashed);
}
/**
* Gets the password from the HTML form, decrypts it and writes the decrypted
* value back into the _POST request.
* Note: Writing to _POST directly, as there doesn't seem to be another way. E.g., if
* value is replaced as in https://pear.php.net/manual/en/package.html.html-quickform2.qf-migration.php
* (using array_unshift()), it would not persist, as a "new" object instance
* will re-read its sources (i.e. _POST).
*
* @param QuickForm2 $form The HTML form which the password is part of
* @param string $passwordInputId The input ID of the password field on the HTML form
* @throws Exception if decryption fails
*/
protected function decryptPassword($form, $passwordInputId)
{
$password = $form->getSubmitValue($passwordInputId);
// check if a password was submitted
// Note: Compare loosely, so both, "" (password input empty; forms send strings)
// and NULL (password input not sent - see QuickForm2->getSubmitValue())
// are covered - see https://secure.php.net/manual/en/types.comparisons.php
if ($password != "") {
// decrypt and replace password
$password = Crypto::decrypt($password);
if ($password === Crypto::DECRYPTION_FAILED) {
throw new Exception(Piwik::translate('LoginEncrypted_DecryptionError'));
}
$_POST[$passwordInputId] = $password;
}
}