public function confirmNewPassword($login, $resetToken)
{
// get password reset info & user info
$user = self::getUserInformation($login);
if ($user === null) {
throw new Exception(Piwik::translate('Login_InvalidUsernameEmail'));
}
// check that the reset token is valid
$resetPassword = $this->getPasswordToResetTo($login);
if ($resetPassword === false || !$this->isTokenValid($resetToken, $user)) {
throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken'));
}
// check that the stored password hash is valid (sanity check)
$this->checkPasswordHash($resetPassword);
// reset password of user
$usersManager = $this->usersManagerApi;
Access::doAsSuperUser(function () use($usersManager, $user, $resetPassword) {
$usersManager->updateUser($user['login'], $resetPassword, $email = false, $alias = false, $isPasswordHashed = true);
});
}