public function Index() { $this->Permission('Garden.Settings.Manage'); $this->AddSideMenu('dashboard/statistics'); //$this->AddJsFile('statistics.js'); $this->Title(T('Vanilla Statistics')); $this->EnableSlicing($this); if ($this->Form->IsPostBack()) { $Flow = TRUE; if ($Flow && $this->Form->GetFormValue('ClearCredentials')) { Gdn::InstallationID(FALSE); Gdn::InstallationSecret(FALSE); Gdn::Statistics()->Tick(); $Flow = FALSE; } if ($Flow && $this->Form->GetFormValue('SaveIdentity')) { Gdn::InstallationID($this->Form->GetFormValue('InstallationID')); Gdn::InstallationSecret($this->Form->GetFormValue('InstallationSecret')); $this->InformMessage(T("Your settings have been saved.")); } if ($Flow && $this->Form->GetFormValue('AllowLocal')) { SaveToConfig('Garden.Analytics.AllowLocal', TRUE); } if ($Flow && $this->Form->GetFormValue('Allow')) { SaveToConfig('Garden.Analytics.Enabled', TRUE); } } $AnalyticsEnabled = Gdn_Statistics::CheckIsEnabled(); if ($AnalyticsEnabled) { $ConfFile = PATH_LOCAL_CONF.DS.'config.php'; $this->SetData('ConfWritable', $ConfWritable = is_writable($ConfFile)); if (!$ConfWritable) $AnalyticsEnabled = FALSE; } $this->SetData('AnalyticsEnabled', $AnalyticsEnabled); $NotifyMessage = Gdn::Get('Garden.Analytics.Notify', FALSE); $this->SetData('NotifyMessage', $NotifyMessage); if ($NotifyMessage !== FALSE) Gdn::Set('Garden.Analytics.Notify', NULL); $this->Form->SetFormValue('InstallationID', Gdn::InstallationID()); $this->Form->SetFormValue('InstallationSecret', Gdn::InstallationSecret()); $this->Render(); }
/** * Signature check * * This method checks the supplied signature of a request against a hash of * the request arguments augmented with the local secret from the config file. * ***** * THIS METHOD USES ALL SUPPLIED ARGUMENTS IN ITS SIGNATURE HASH ALGORITHM ***** * * @param type $Request Array of request parameters * @return boolean Status of verification check, or null if no VanillaID */ protected function VerifySignature($Request) { // If this response has no ID, return NULL (could not verify) $VanillaID = GetValue('VanillaID', $Request, NULL); if (is_null($VanillaID)) { return NULL; } // Response is bogus - wrong InstallationID if (!is_null(Gdn::InstallationID()) && $VanillaID != Gdn::InstallationID()) { return FALSE; } // If we don't have a secret, we cannot verify anyway $VanillaSecret = Gdn::InstallationSecret(); if (is_null($VanillaSecret)) { return NULL; } // Calculate clock desync $CurrentGmTime = Gdn_Statistics::Time(); $RequestTime = GetValue('RequestTime', $Request, 0); $TimeDiff = abs($CurrentGmTime - $RequestTime); $AllowedTimeDiff = C('Garden.Analytics.RequestTimeout', 1440); // Allow 24* minutes of clock desync, otherwise signature is invalid if ($TimeDiff > $AllowedTimeDiff) { return FALSE; } $SecurityHash = GetValue('SecurityHash', $Request); // Remove the existing SecuritHash before calculating the signature unset($Request['SecurityHash']); // Add the real secret $Request['Secret'] = $VanillaSecret; $SignData = array_intersect_key($Request, array_fill_keys(array('VanillaID', 'Secret', 'RequestTime', 'TimeSlot'), NULL)); // ksort the array to preserve a known order $SignData = array_change_key_case($SignData, CASE_LOWER); ksort($SignData); // Calculate the hash $RealHash = sha1(http_build_query($SignData)); if ($RealHash == $SecurityHash) { return TRUE; } return FALSE; }
/** * Override the default index method of the settings controller in the * dashboard application to render new statistics. */ public function StatsDashboard($Sender) { $StatsUrl = $this->AnalyticsServer; if (!StringBeginsWith($StatsUrl, 'http:')) { $StatsUrl = "http://{$StatsUrl}"; } // Tell the page where to find the Vanilla Analytics provider $Sender->AddDefinition('VanillaStatsUrl', $StatsUrl); $Sender->SetData('VanillaStatsUrl', $StatsUrl); // Load javascript & css, check permissions, and load side menu for this page. $Sender->AddJsFile('settings.js'); $Sender->Title(T('Dashboard')); $Sender->RequiredAdminPermissions[] = 'Garden.Settings.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Routes.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Applications.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Plugins.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Themes.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Registration.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Applicants.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Roles.Manage'; $Sender->RequiredAdminPermissions[] = 'Garden.Users.Add'; $Sender->RequiredAdminPermissions[] = 'Garden.Users.Edit'; $Sender->RequiredAdminPermissions[] = 'Garden.Users.Delete'; $Sender->RequiredAdminPermissions[] = 'Garden.Users.Approve'; $Sender->FireEvent('DefineAdminPermissions'); $Sender->Permission($Sender->RequiredAdminPermissions, '', FALSE); $Sender->AddSideMenu('dashboard/settings'); if (!Gdn_Statistics::CheckIsEnabled() && Gdn_Statistics::CheckIsLocalhost()) { $Sender->Render('dashboardlocalhost', '', 'plugins/VanillaStats'); } else { $Sender->AddJsFile('plugins/VanillaStats/js/vanillastats.js'); $Sender->AddJsFile('plugins/VanillaStats/js/picker.js'); $Sender->AddCSSFile('plugins/VanillaStats/design/style.css'); $Sender->AddCSSFile('plugins/VanillaStats/design/picker.css'); $this->ConfigureRange($Sender); $VanillaID = Gdn::InstallationID(); $Sender->SetData('VanillaID', $VanillaID); $Sender->SetData('VanillaVersion', APPLICATION_VERSION); $Sender->SetData('SecurityToken', $this->SecurityToken()); // Render the custom dashboard view $Sender->Render('dashboard', '', 'plugins/VanillaStats'); } }
/** * * * @param $Response * @param $Raw */ protected function doneRegister($Response, $Raw) { $VanillaID = val('VanillaID', $Response, false); $Secret = val('Secret', $Response, false); if (($Secret && $VanillaID) !== false) { Gdn::InstallationID($VanillaID); Gdn::InstallationSecret($Secret); Gdn::Set('Garden.Analytics.Registering', null); Gdn::Set('Garden.Analytics.LastSentDate', null); } }