public function Index() { $this->Permission('Garden.Settings.Manage'); $this->AddSideMenu('dashboard/statistics'); //$this->AddJsFile('statistics.js'); $this->Title(T('Vanilla Statistics')); $this->EnableSlicing($this); if ($this->Form->IsPostBack()) { $Flow = TRUE; if ($Flow && $this->Form->GetFormValue('ClearCredentials')) { Gdn::InstallationID(FALSE); Gdn::InstallationSecret(FALSE); Gdn::Statistics()->Tick(); $Flow = FALSE; } if ($Flow && $this->Form->GetFormValue('SaveIdentity')) { Gdn::InstallationID($this->Form->GetFormValue('InstallationID')); Gdn::InstallationSecret($this->Form->GetFormValue('InstallationSecret')); $this->InformMessage(T("Your settings have been saved.")); } if ($Flow && $this->Form->GetFormValue('AllowLocal')) { SaveToConfig('Garden.Analytics.AllowLocal', TRUE); } if ($Flow && $this->Form->GetFormValue('Allow')) { SaveToConfig('Garden.Analytics.Enabled', TRUE); } } $AnalyticsEnabled = Gdn_Statistics::CheckIsEnabled(); if ($AnalyticsEnabled) { $ConfFile = PATH_LOCAL_CONF.DS.'config.php'; $this->SetData('ConfWritable', $ConfWritable = is_writable($ConfFile)); if (!$ConfWritable) $AnalyticsEnabled = FALSE; } $this->SetData('AnalyticsEnabled', $AnalyticsEnabled); $NotifyMessage = Gdn::Get('Garden.Analytics.Notify', FALSE); $this->SetData('NotifyMessage', $NotifyMessage); if ($NotifyMessage !== FALSE) Gdn::Set('Garden.Analytics.Notify', NULL); $this->Form->SetFormValue('InstallationID', Gdn::InstallationID()); $this->Form->SetFormValue('InstallationSecret', Gdn::InstallationSecret()); $this->Render(); }
/** * Signature check * * This method checks the supplied signature of a request against a hash of * the request arguments augmented with the local secret from the config file. * ***** * THIS METHOD USES ALL SUPPLIED ARGUMENTS IN ITS SIGNATURE HASH ALGORITHM ***** * * @param type $Request Array of request parameters * @return boolean Status of verification check, or null if no VanillaID */ protected function VerifySignature($Request) { // If this response has no ID, return NULL (could not verify) $VanillaID = GetValue('VanillaID', $Request, NULL); if (is_null($VanillaID)) { return NULL; } // Response is bogus - wrong InstallationID if (!is_null(Gdn::InstallationID()) && $VanillaID != Gdn::InstallationID()) { return FALSE; } // If we don't have a secret, we cannot verify anyway $VanillaSecret = Gdn::InstallationSecret(); if (is_null($VanillaSecret)) { return NULL; } // Calculate clock desync $CurrentGmTime = Gdn_Statistics::Time(); $RequestTime = GetValue('RequestTime', $Request, 0); $TimeDiff = abs($CurrentGmTime - $RequestTime); $AllowedTimeDiff = C('Garden.Analytics.RequestTimeout', 1440); // Allow 24* minutes of clock desync, otherwise signature is invalid if ($TimeDiff > $AllowedTimeDiff) { return FALSE; } $SecurityHash = GetValue('SecurityHash', $Request); // Remove the existing SecuritHash before calculating the signature unset($Request['SecurityHash']); // Add the real secret $Request['Secret'] = $VanillaSecret; $SignData = array_intersect_key($Request, array_fill_keys(array('VanillaID', 'Secret', 'RequestTime', 'TimeSlot'), NULL)); // ksort the array to preserve a known order $SignData = array_change_key_case($SignData, CASE_LOWER); ksort($SignData); // Calculate the hash $RealHash = sha1(http_build_query($SignData)); if ($RealHash == $SecurityHash) { return TRUE; } return FALSE; }
/** * * * @param $Response * @param $Raw */ protected function doneRegister($Response, $Raw) { $VanillaID = val('VanillaID', $Response, false); $Secret = val('Secret', $Response, false); if (($Secret && $VanillaID) !== false) { Gdn::InstallationID($VanillaID); Gdn::InstallationSecret($Secret); Gdn::Set('Garden.Analytics.Registering', null); Gdn::Set('Garden.Analytics.LastSentDate', null); } }