Fixes #526

 * Added possibility to change password, for super user and normal users
 * Refactored Login to add a new hook that is meant to init the session (set the cookies). this hook is called when the password is changed.
 * Added general feedback message at top of the admin screens, to let users know that changes have been successful.


git-svn-id: http://dev.piwik.org/svn/trunk@2069 59fd770c-687e-43c8-a1e3-f5a4ff64c105

17 files changed, 107 insertions, 52 deletions

diff --git a/plugins/API/templates/listAllAPI.tpl b/plugins/API/templates/listAllAPI.tpl
index 7a7e3da231..0af894df68 100644
--- a/plugins/API/templates/listAllAPI.tpl
+++ b/plugins/API/templates/listAllAPI.tpl
@@ -1,5 +1,6 @@
 {assign var=showSitesSelection value=true}
 {assign var=showPeriodSelection value=false}
+{assign var=showMenu value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
 
 <style>
diff --git a/plugins/CoreAdminHome/templates/generalSettings.tpl b/plugins/CoreAdminHome/templates/generalSettings.tpl
index ad586160f4..8d062232a4 100644
--- a/plugins/CoreAdminHome/templates/generalSettings.tpl
+++ b/plugins/CoreAdminHome/templates/generalSettings.tpl
@@ -2,7 +2,6 @@
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
 {loadJavascriptTranslations plugins='UsersManager'}
-{include file="CoreAdminHome/templates/menu.tpl"}
 <script type="text/javascript" src="plugins/CoreAdminHome/templates/generalSettings.js"></script>
 
 <h2>{'General_GeneralSettings'|translate}</h2>
diff --git a/plugins/CoreAdminHome/templates/header.tpl b/plugins/CoreAdminHome/templates/header.tpl
index 864abbcf0e..e51cfd3e48 100644
--- a/plugins/CoreAdminHome/templates/header.tpl
+++ b/plugins/CoreAdminHome/templates/header.tpl
@@ -40,4 +40,12 @@
 <div id="content">
 
 {ajaxRequestErrorDiv}
+{if !isset($showMenu) || $showMenu}
+	{include file="CoreAdminHome/templates/menu.tpl"}
+{/if}
 
+{if strpos($url, 'updated=1')}	
+<div class="ajaxSuccess" style="display:normal">
+	<p>{'General_YourChangesHaveBeenSaved'|translate}</p>
+</div>
+{/if}
\ No newline at end of file
diff --git a/plugins/CorePluginsAdmin/templates/manage.tpl b/plugins/CorePluginsAdmin/templates/manage.tpl
index e044f786bc..0c83104a57 100644
--- a/plugins/CorePluginsAdmin/templates/manage.tpl
+++ b/plugins/CorePluginsAdmin/templates/manage.tpl
@@ -1,7 +1,6 @@
 {assign var=showSitesSelection value=false}
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
-{include file="CoreAdminHome/templates/menu.tpl"}
 
 <div style="max-width:980px;">
 
diff --git a/plugins/DBStats/templates/DBStats.tpl b/plugins/DBStats/templates/DBStats.tpl
index ada8e39f57..e5f054d6f0 100644
--- a/plugins/DBStats/templates/DBStats.tpl
+++ b/plugins/DBStats/templates/DBStats.tpl
@@ -1,7 +1,6 @@
 {assign var=showSitesSelection value=false}
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
-{include file="CoreAdminHome/templates/menu.tpl"}
 <div style="max-width:980px;">
 
 <h2>{'DBStats_DatabaseUsage'|translate}</h2>
diff --git a/plugins/Goals/templates/GoalForm.js b/plugins/Goals/templates/GoalForm.js
index 3577ae1c70..1e17ec3f24 100644
--- a/plugins/Goals/templates/GoalForm.js
+++ b/plugins/Goals/templates/GoalForm.js
@@ -75,6 +75,7 @@ function bindGoalForm()
 		initAndShowAddGoalForm();
 	} );
 }
+
 function getAjaxDeleteGoal(idGoal)
 {
 	var ajaxRequest = piwikHelper.getStandardAjaxConf('goalAjaxLoading');
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index 484807a86a..eecf058eb1 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -78,7 +78,11 @@ class Piwik_Login_Controller extends Piwik_Controller
 				$login = $form->getSubmitValue('form_login');
 				$password = $form->getSubmitValue('form_password');
 				$md5Password = md5($password);
-				$messageNoAccess = $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect);
+				try {
+					$this->authenticateAndRedirect($login, $md5Password, $urlToRedirect);
+				} catch(Exception $e) {
+					$messageNoAccess = $e->getMessage();
+				}
 			}
 		}
 
@@ -108,7 +112,7 @@ class Piwik_Login_Controller extends Piwik_Controller
 		$login = Piwik_Common::getRequestVar('login', null, 'string');
 		if($login == Zend_Registry::get('config')->superuser->login)
 		{
-			throw new Exception("The Super User cannot be authenticated using this URL.");
+			throw new Exception("The Super User cannot be authenticated using the 'logme' mechanism.");
 		}
 
 		$currentUrl = 'index.php';
@@ -132,31 +136,10 @@ class Piwik_Login_Controller extends Piwik_Controller
 	 */
 	protected function authenticateAndRedirect($login, $md5Password, $urlToRedirect)
 	{
-		$tokenAuth = Piwik_UsersManager_API::getInstance()->getTokenAuth($login, $md5Password);
-
-		$auth = Zend_Registry::get('auth');
-		$auth->setLogin($login);
-		$auth->setTokenAuth($tokenAuth);
-
-		$authResult = $auth->authenticate();
-		if(!$authResult->isValid())
-		{
-			return Piwik_Translate('Login_LoginPasswordNotCorrect');
-		}
-
-		$ns = new Zend_Session_Namespace('Piwik_Login.referer');
-		unset($ns->referer);
-
-		$authCookieName = Zend_Registry::get('config')->General->login_cookie_name;
-		$authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire;
-		$authCookiePath = Zend_Registry::get('config')->General->login_cookie_path;
-		$cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
-		$cookie->set('login', $login);
-		$cookie->set('token_auth', $authResult->getTokenAuth());
-		$cookie->save();
-
-		Zend_Session::regenerateId();
-
+		$info = array(	'login' => $login, 
+						'md5Password' => $md5Password,
+		);
+		Piwik_PostEvent('Login.initSession', $info);
 		Piwik_Url::redirectToUrl($urlToRedirect);
 	}
 
diff --git a/plugins/Login/Login.php b/plugins/Login/Login.php
index 0e10113237..5a50aaf9b6 100644
--- a/plugins/Login/Login.php
+++ b/plugins/Login/Login.php
@@ -34,6 +34,7 @@ class Piwik_Login extends Piwik_Plugin
 			'FrontController.initAuthenticationObject'	=> 'initAuthenticationObject',
 			'FrontController.NoAccessException'		=> 'noAccess',
 			'API.Request.authenticate' => 'ApiRequestAuthenticate',
+			'Login.initSession' => 'initSession',
 		);
 		return $hooks;
 	}
@@ -80,4 +81,36 @@ class Piwik_Login extends Piwik_Plugin
 		$auth->setLogin($defaultLogin);
 		$auth->setTokenAuth($defaultTokenAuth);
 	}
+	
+	function initSession($notification)
+	{
+		$info = $notification->getNotificationObject();
+		$login = $info['login'];
+		$md5Password = $info['md5Password'];
+		
+		$tokenAuth = Piwik_UsersManager_API::getInstance()->getTokenAuth($login, $md5Password);
+
+		$auth = Zend_Registry::get('auth');
+		$auth->setLogin($login);
+		$auth->setTokenAuth($tokenAuth);
+
+		$authResult = $auth->authenticate();
+		if(!$authResult->isValid())
+		{
+			throw new Exception(Piwik_Translate('Login_LoginPasswordNotCorrect'));
+		}
+
+		$ns = new Zend_Session_Namespace('Piwik_Login.referer');
+		unset($ns->referer);
+
+		$authCookieName = Zend_Registry::get('config')->General->login_cookie_name;
+		$authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire;
+		$authCookiePath = Zend_Registry::get('config')->General->login_cookie_path;
+		$cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
+		$cookie->set('login', $login);
+		$cookie->set('token_auth', $authResult->getTokenAuth());
+		$cookie->save();
+
+		Zend_Session::regenerateId();
+	}
 }
diff --git a/plugins/MultiSites/Controller.php b/plugins/MultiSites/Controller.php
index 83690354c5..1d7b0a8280 100644
--- a/plugins/MultiSites/Controller.php
+++ b/plugins/MultiSites/Controller.php
@@ -35,6 +35,7 @@ class Piwik_MultiSites_Controller extends Piwik_Controller
 
 	public function getSitesInfo()
 	{
+		Piwik::checkUserHasSomeViewAccess();
 		// overwrites the default Date set in the parent controller 
 		// Instead of the default current website's local date, 
 		// we set "today" or "yesterday" based on the default Piwik timezone
diff --git a/plugins/SecurityInfo/templates/index.tpl b/plugins/SecurityInfo/templates/index.tpl
index fe09297b17..0f053c1014 100644
--- a/plugins/SecurityInfo/templates/index.tpl
+++ b/plugins/SecurityInfo/templates/index.tpl
@@ -2,7 +2,6 @@
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
 {loadJavascriptTranslations plugins='SecurityInfo'}
-{include file="CoreAdminHome/templates/menu.tpl"}
 
 <h2>{'SecurityInfo_SecurityInformation'|translate}</h2>
 <p>{'SecurityInfo_PluginDescription'|translate}</p>
diff --git a/plugins/SitesManager/templates/DisplayJavascriptCode.tpl b/plugins/SitesManager/templates/DisplayJavascriptCode.tpl
index 571caff533..29a1e53170 100644
--- a/plugins/SitesManager/templates/DisplayJavascriptCode.tpl
+++ b/plugins/SitesManager/templates/DisplayJavascriptCode.tpl
@@ -2,7 +2,6 @@
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
 {loadJavascriptTranslations plugins='SitesManager'}
-{include file="CoreAdminHome/templates/menu.tpl"}
 
 {literal}
 <style>
diff --git a/plugins/SitesManager/templates/SitesManager.tpl b/plugins/SitesManager/templates/SitesManager.tpl
index 533044f4b4..3790825e8d 100644
--- a/plugins/SitesManager/templates/SitesManager.tpl
+++ b/plugins/SitesManager/templates/SitesManager.tpl
@@ -2,7 +2,6 @@
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
 {loadJavascriptTranslations plugins='SitesManager'}
-{include file="CoreAdminHome/templates/menu.tpl"}
 
 <script type="text/javascript">
 {capture assign=excludedIpHelpPlain}{'SitesManager_HelpExcludedIps'|translate:"1.2.3.*":"1.2.*.*"}<br/><br/> {'SitesManager_YourCurrentIpAddressIs'|translate:"<i>$currentIpAddress</i>"}{/capture}
diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php
index 0607cbecc1..b9ab0aeb4b 100644
--- a/plugins/UsersManager/Controller.php
+++ b/plugins/UsersManager/Controller.php
@@ -211,20 +211,54 @@ class Piwik_UsersManager_Controller extends Piwik_Controller
     		$defaultReport = Piwik_Common::getRequestVar('defaultReport');
     		$defaultDate = Piwik_Common::getRequestVar('defaultDate');
 
+    		$newPassword = false;
+    		$password = Piwik_Common::getRequestvar('password', false);
+    		$passwordBis = Piwik_Common::getRequestvar('passwordBis', false);
+    		if(!empty($password)
+    			|| !empty($passwordBis))
+			{
+				if($password != $passwordBis)
+				{
+					throw new Exception(Piwik_Translate('Login_PasswordsDoNotMatch'));
+				}
+				$newPassword = $password;
+			}
+			
     		$userLogin = Piwik::getCurrentUserLogin();
     		if(Piwik::isUserIsSuperUser())
     		{
     			$superUser = Zend_Registry::get('config')->superuser;
-    			if($email != $superUser->email)
+    			$updatedSuperUser = false;
+    			if($newPassword !== false)
+    			{
+    				$md5PasswordSuperUser = md5($newPassword);
+    				$superUser->password = $md5PasswordSuperUser;
+    				$updatedSuperUser = true;
+    			}
+    			if($superUser->email != $email)
     			{
     				$superUser->email = $email;
+    				$updatedSuperUser = true;
+    			}
+				if($updatedSuperUser)
+				{
     				Zend_Registry::get('config')->superuser = $superUser->toArray();
     			}
     		}
     		else
     		{
-    			Piwik_UsersManager_API::getInstance()->updateUser($userLogin, false, $email, $alias);
+    			Piwik_UsersManager_API::getInstance()->updateUser($userLogin, $newPassword, $email, $alias);
+    		}
+    		
+			// logs the user in with the new password
+    		if($newPassword !== false)
+    		{
+        		$info = array(	'login' => $userLogin, 
+        						'md5Password' => md5($newPassword),
+        		);
+        		Piwik_PostEvent('Login.initSession', $info);
     		}
+    		
     		Piwik_UsersManager_API::getInstance()->setUserPreference($userLogin, 
     															Piwik_UsersManager_API::PREFERENCE_DEFAULT_REPORT, 
     															$defaultReport);
diff --git a/plugins/UsersManager/templates/UsersManager.js b/plugins/UsersManager/templates/UsersManager.js
index 0138bb8fb0..b95c7af1a6 100644
--- a/plugins/UsersManager/templates/UsersManager.js
+++ b/plugins/UsersManager/templates/UsersManager.js
@@ -242,4 +242,5 @@ $(document).ready( function() {
 
 	$('.updateAccess')
 		.click( bindUpdateAccess );
+	$('#accessUpdated').hide();
 });	
diff --git a/plugins/UsersManager/templates/UsersManager.tpl b/plugins/UsersManager/templates/UsersManager.tpl
index b07d07e9a8..11a50c1f73 100644
--- a/plugins/UsersManager/templates/UsersManager.tpl
+++ b/plugins/UsersManager/templates/UsersManager.tpl
@@ -2,7 +2,6 @@
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
 {loadJavascriptTranslations plugins='UsersManager'}
-{include file="CoreAdminHome/templates/menu.tpl"}
 
 {literal}
 <style>
@@ -16,17 +15,6 @@
 	text-align:center;
 }
 
-#accessUpdated {
-	color: red;
-	text-align: center;
-	font-weight: bold;
-	width: 350px;
-	margin: 10px;
-	padding: 10px;
-	display: none;
-	border: 3px solid green;
-	color: green;
-}
 #access td, #users td {
 	spacing: 0px;
 	padding: 2px 5px 5px 4px;
@@ -96,7 +84,7 @@
 </tbody>
 </table>
 
-<div id="accessUpdated">{'General_Done'|translate}!</div>
+<div id="accessUpdated" class="ajaxSuccess"><p>{'General_Done'|translate}!</p></div>
 
 <div class="dialog" id="confirm"> 
 	<p>{'UsersManager_ChangeAllConfirm'|translate:"<span id='login'></span>"}</p>
diff --git a/plugins/UsersManager/templates/userSettings.js b/plugins/UsersManager/templates/userSettings.js
index 93922aa099..87ac2877ea 100644
--- a/plugins/UsersManager/templates/userSettings.js
+++ b/plugins/UsersManager/templates/userSettings.js
@@ -3,6 +3,8 @@ function getUserSettingsAJAX()
 	var ajaxRequest = piwikHelper.getStandardAjaxConf('ajaxLoadingUserSettings', 'ajaxErrorUserSettings');
 	var alias = $('#alias').val();
 	var email = $('#email').val();
+	var password = $('#password').val();
+	var passwordBis = $('#passwordBis').val();
 	var defaultReport = $('input[name=defaultReport]:checked').val();
 	if(defaultReport == 1) {
 		defaultReport = $('#defaultReportWebsite option:selected').val();
@@ -14,6 +16,8 @@ function getUserSettingsAJAX()
 	request += '&format=json';
 	request += '&alias='+alias;
 	request += '&email='+email;
+	request += '&password='+password;
+	request += '&passwordBis='+passwordBis;
 	request += '&defaultReport='+defaultReport;
 	request += '&defaultDate='+defaultDate;
  	request += '&token_auth=' + piwik.token_auth;
diff --git a/plugins/UsersManager/templates/userSettings.tpl b/plugins/UsersManager/templates/userSettings.tpl
index ee5207b8f7..8b0ed2305d 100644
--- a/plugins/UsersManager/templates/userSettings.tpl
+++ b/plugins/UsersManager/templates/userSettings.tpl
@@ -2,14 +2,11 @@
 {assign var=showPeriodSelection value=false}
 {include file="CoreAdminHome/templates/header.tpl"}
 {loadJavascriptTranslations plugins='UsersManager'}
-{include file="CoreAdminHome/templates/menu.tpl"}
 <script type="text/javascript" src="plugins/UsersManager/templates/userSettings.js"></script>
 <h2>{'UsersManager_MenuUserSettings'|translate}</h2>
 
-{ajaxErrorDiv id=ajaxErrorUserSettings}
-{ajaxLoadingDiv id=ajaxLoadingUserSettings}
 <br/>
-<table id='userSettingsTable' class="adminTable adminTableNoBorder" style='width:700px'>
+<table id='userSettingsTable' class="adminTable adminTableNoBorder" style='width:1000px'>
 <tr>
 	<td><label for="username">{'General_Username'|translate} </label></td>
 	<td>
@@ -58,8 +55,18 @@
 	</td>
 </tr>
 
+<tr>
+	<td><label for="email">{'UsersManager_ChangePassword'|translate} </label></td>
+	<td><input size="25" value="" autocomplete="off" id="password" type="password"> 
+	 <span class='form-description'>{'UsersManager_IfYouWouldLikeToChangeThePasswordTypeANewOne'|translate}</span>
+	<br/><input size="25" value="" autocomplete="off" id="passwordBis" type="password">
+	 <span class='form-description'> {'UsersManager_TypeYourPasswordAgain'|translate}</span>
+	 </td>
+</tr>
 </table>
 
+{ajaxErrorDiv id=ajaxErrorUserSettings}
+{ajaxLoadingDiv id=ajaxLoadingUserSettings}
 <input type="submit" value="{'General_Save'|translate}" id="userSettingsSubmit" class="submit">