-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAPI.php
54 lines (49 loc) · 2.21 KB
/
API.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<?php
/**
* UsersManagerEncrypted plugin for Piwik, the free/libre analytics platform
*
* @author Joey3000 https://github.com/Joey3000
* @link https://github.com/Joey3000/piwik-UsersManagerEncrypted
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\Plugins\UsersManagerEncrypted;
use Piwik\Plugins\LoginEncrypted\Crypto;
class API extends \Piwik\Plugins\UsersManager\API
{
/**
* Decrypts the password and calls the original function on the decrypted value.
*
* @see the parent class function for parameters and return value
*/
public function addUser($userLogin, $password, $email, $alias = false, $_isPasswordHashed = false)
{
$password = Crypto::decrypt($password);
return parent::addUser($userLogin, $password, $email, $alias, $_isPasswordHashed);
}
/**
* Decrypts the password (if encrypted) and calls the original function on
* the decrypted value.
*
* @see the parent class function for parameters and return value
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false,
$_isPasswordHashed = false, $directCall = false)
{
// check if this function is called directly
// Reason: updateUser() is called in following situations:
// 1. With an already decrypted password by:
// * Piwik\Plugins\Login\PasswordResetter::confirmNewPassword()
// on password change via the form before login
// * Controller::processPasswordChange() when any user changes
// their own password in their account settings
// 2. With an encrypted password when called directly by (so,
// decryption is needed in this case):
// * /plugins/UsersManagerEncrypted/javascripts/usersManager.js::sendUpdateUserAJAX()
// when a super user changes someone's password in Piwik user administration.
if ($directCall == 'true') {
$password = Crypto::decrypt($password);
}
return parent::updateUser($userLogin, $password, $email, $alias, $_isPasswordHashed);
}
}