Fixes #2236 New config setting:

; Piwik will check that usernames and password have a minimum length, and will check that characters are "allowed"
; This can be disabled, if for example you wish to import an existing User database in Piwik and your rules are less restrictive
disable_checks_usernames_attributes = 0

git-svn-id: http://dev.piwik.org/svn/trunk@4225 59fd770c-687e-43c8-a1e3-f5a4ff64c105

config/global.ini.php

@@ -137,6 +137,10 @@ minimum_pgsql_version = 8.3
 ; Minimum adviced memory limit in php.ini file (see memory_limit value)
 minimum_memory_limit = 128
 
+; Piwik will check that usernames and password have a minimum length, and will check that characters are "allowed"
+; This can be disabled, if for example you wish to import an existing User database in Piwik and your rules are less restrictive
+disable_checks_usernames_attributes = 0
+
 ; by default, Piwik uses relative URLs, so you can login using http:// or https://
 ; (the latter assumes you have a valid SSL certificate).
 ; If set to 1, Piwik redirects the login form to use a secure connection (i.e., https).

core/Piwik.php

@@ -1849,6 +1849,11 @@ class Piwik
 	 */
 	static public function checkValidLoginString( $userLogin )
 	{
+		if(!self::isChecksEnabled()
+			&& !empty($userLogin))
+		{
+			return;
+		}
 		$loginMinimumLength = 3;
 		$loginMaximumLength = 100;
 		$l = strlen($userLogin);
@@ -1860,7 +1865,16 @@ class Piwik
 			throw new Exception(Piwik_TranslateException('UsersManager_ExceptionInvalidLoginFormat', array($loginMinimumLength, $loginMaximumLength)));
 		}
 	}
-
+	
+	/**
+	 * Should Piwik check that the login & password have minimum length and valid characters?
+	 * 
+	 * @return bool
+	 */
+	static public function isChecksEnabled()
+	{
+		return Zend_Registry::get('config')->General->disable_checks_usernames_attributes == 0;
+	}
 /*
  * Date / Timezone
  */

lang/en.php

@@ -1166,7 +1166,7 @@ Note: this token will expire in 24 hrs.",
 	'UsersManager_ExceptionLoginExists' => 'Login \'%s\' already exists.',
 	'UsersManager_ExceptionEmailExists' => 'User with email \'%s\' already exists.',
 	'UsersManager_ExceptionInvalidLoginFormat' => "The login must be between %1\$s and %2\$s characters long and contain only letters, numbers, or the characters '_' or '-' or '.' or '@' or '+'",
-	'UsersManager_ExceptionInvalidPassword' => 'The password length must be between 6 and 26 characters.',
+	'UsersManager_ExceptionInvalidPassword' => 'The password length must be between %1$s and %2$s characters.',
 	'UsersManager_ExceptionInvalidEmail' => 'The email doesn\'t have a valid format.',
 	'UsersManager_ExceptionDeleteDoesNotExist' => 'User \'%s\' doesn\'t exist therefore it can\'t be deleted.',
 	'UsersManager_ExceptionAdminAnonymous' => 'You cannot grant \'admin\' access to the \'anonymous\' user.',

plugins/UsersManager/API.php

@@ -292,14 +292,16 @@ class Piwik_UsersManager_API
 		
 		Piwik::checkValidLoginString($userLogin);
 	}
-		
+	
 	private function checkPassword($password)
 	{
 		if(!$this->isValidPasswordString($password))
 		{
-			throw new Exception(Piwik_TranslateException('UsersManager_ExceptionInvalidPassword'));
+			throw new Exception(Piwik_TranslateException('UsersManager_ExceptionInvalidPassword'), self::PASSWORD_MIN_LENGTH, self::PASSWORD_MAX_LENGTH);
 		}
 	}
+	const PASSWORD_MIN_LENGTH = 6;
+	const PASSWORD_MAX_LENGTH = 26;
 	
 	private function checkEmail($email)
 	{
@@ -587,6 +589,7 @@ class Piwik_UsersManager_API
 			throw new Exception(Piwik_TranslateException("UsersManager_ExceptionEditAnonymous"));
 		}
 	}
+	
 	private function checkUserIsNotSuperUser( $userLogin )
 	{
 		if($userLogin == Zend_Registry::get('config')->superuser->login)
@@ -677,8 +680,13 @@ class Piwik_UsersManager_API
 	 * @return bool
 	 */
 	private function isValidPasswordString( $input )
-	{		
+	{
+		if(!Piwik::isChecksEnabled()
+			&& !empty($input))
+		{
+			return true;
+		}
 		$l = strlen($input);
-		return $l >= 6 && $l <= 26;
+		return $l >= self::PASSWORD_MIN_LENGTH && $l <= self::PASSWORD_MAX_LENGTH;
 	}
 }