/**
* Returns an existing nonce by ID. If none exists, a new nonce will be generated.
*
* @param string $id Unique id to avoid namespace conflicts, e.g., `'ModuleName.ActionName'`.
* @param int $ttl Optional time-to-live in seconds; default is 5 minutes. (ie, in 5 minutes,
* the nonce will no longer be valid).
* @return string
*/
public static function getNonce($id, $ttl = 600)
{
// save session-dependent nonce
$ns = new SessionNamespace($id);
$nonce = $ns->nonce;
// re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration)
// to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions
if (empty($nonce)) {
// generate a new nonce
$nonce = md5(SettingsPiwik::getSalt() . time() . Common::generateUniqId());
$ns->nonce = $nonce;
}
// extend lifetime if nonce is requested again to prevent from early timeout if nonce is requested again
// a few seconds before timeout
$ns->setExpirationSeconds($ttl, 'nonce');
return $nonce;
}
/**
* Saves the layout for the current user
* anonymous = in the session
* authenticated user = in the DB
*/
public function saveLayout()
{
$this->checkTokenInUrl();
$layout = Common::unsanitizeInputValue(Common::getRequestVar('layout'));
$idDashboard = Common::getRequestVar('idDashboard', 1, 'int');
$name = Common::getRequestVar('name', '', 'string');
if (Piwik::isUserIsAnonymous()) {
$session = new SessionNamespace("Dashboard");
$session->dashboardLayout = $layout;
$session->setExpirationSeconds(1800);
} else {
$this->saveLayoutForUser(Piwik::getCurrentUserLogin(), $idDashboard, $layout);
if (!empty($name)) {
$this->updateDashboardName(Piwik::getCurrentUserLogin(), $idDashboard, $name);
}
}
}