Piwik\Plugins\Login\PasswordResetter::confirmNewPassword PHP Method

confirmNewPassword() public method

This method will get the new password associated with a reset token and set it as the specified user's password.
public confirmNewPassword ( string $login, string $resetToken )
$login string The login of the user whose password is being reset.
$resetToken string The generated string token contained in the reset password email.
    public function confirmNewPassword($login, $resetToken)
    {
        // get password reset info & user info
        $user = self::getUserInformation($login);
        if ($user === null) {
            throw new Exception(Piwik::translate('Login_InvalidUsernameEmail'));
        }
        // check that the reset token is valid
        $resetPassword = $this->getPasswordToResetTo($login);
        if ($resetPassword === false || !$this->isTokenValid($resetToken, $user)) {
            throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken'));
        }
        // check that the stored password hash is valid (sanity check)
        $this->checkPasswordHash($resetPassword);
        // reset password of user
        $usersManager = $this->usersManagerApi;
        Access::doAsSuperUser(function () use($usersManager, $user, $resetPassword) {
            $usersManager->updateUser($user['login'], $resetPassword, $email = false, $alias = false, $isPasswordHashed = true);
        });
    }

Usage Example

Beispiel #1
0
 /**
  * Password reset confirmation action. Finishes the password reset process.
  * Users visit this action from a link supplied in an email.
  */
 public function confirmResetPassword()
 {
     $errorMessage = null;
     $login = Common::getRequestVar('login', '');
     $resetToken = Common::getRequestVar('resetToken', '');
     try {
         $this->passwordResetter->confirmNewPassword($login, $resetToken);
     } catch (Exception $ex) {
         Log::debug($ex);
         $errorMessage = $ex->getMessage();
     }
     if (is_null($errorMessage)) {
         // if success, show login w/ success message
         // have to do this as super user since redirectToIndex checks if there's a default website ID for
         // the current user and if not, doesn't redirect to the requested action. TODO: this behavior is wrong. somehow.
         $self = $this;
         Access::doAsSuperUser(function () use($self) {
             $self->redirectToIndex(Piwik::getLoginPluginName(), 'resetPasswordSuccess');
         });
         return null;
     } else {
         // show login page w/ error. this will keep the token in the URL
         return $this->login($errorMessage);
     }
 }
All Usage Examples Of Piwik\Plugins\Login\PasswordResetter::confirmNewPassword