Gets/Sets the Garden Installation Secret
| public static installationSecret ( string $SetInstallationSecret = null ) : string | ||
| $SetInstallationSecret | string | |
| return | string | Installation Secret or NULL |
/**
* Statistics setup & configuration.
*
* @since 2.0.17
* @access public
*/
public function index()
{
$this->permission('Garden.Settings.Manage');
$this->addSideMenu('dashboard/statistics');
//$this->addJsFile('statistics.js');
$this->title(t('Vanilla Statistics'));
$this->enableSlicing($this);
if ($this->Form->authenticatedPostBack()) {
$Flow = true;
if ($Flow && $this->Form->getFormValue('Reregister')) {
Gdn::Statistics()->register();
}
if ($Flow && $this->Form->getFormValue('Save')) {
Gdn::installationID($this->Form->getFormValue('InstallationID'));
Gdn::installationSecret($this->Form->getFormValue('InstallationSecret'));
$this->informMessage(t("Your settings have been saved."));
}
if ($Flow && $this->Form->getFormValue('AllowLocal')) {
saveToConfig('Garden.Analytics.AllowLocal', true);
}
if ($Flow && $this->Form->getFormValue('Allow')) {
saveToConfig('Garden.Analytics.Enabled', true);
}
if ($Flow && $this->Form->getFormValue('ClearCredentials')) {
Gdn::installationID(false);
Gdn::installationSecret(false);
Gdn::statistics()->Tick();
$Flow = false;
}
} else {
$this->Form->setValue('InstallationID', Gdn::installationID());
$this->Form->setValue('InstallationSecret', Gdn::installationSecret());
}
$AnalyticsEnabled = Gdn_Statistics::checkIsEnabled();
if ($AnalyticsEnabled) {
$ConfFile = Gdn::config()->defaultPath();
$this->setData('ConfWritable', $ConfWritable = is_writable($ConfFile));
if (!$ConfWritable) {
$AnalyticsEnabled = false;
}
}
$this->setData('AnalyticsEnabled', $AnalyticsEnabled);
$NotifyMessage = Gdn::get('Garden.Analytics.Notify', false);
$this->setData('NotifyMessage', $NotifyMessage);
if ($NotifyMessage !== false) {
Gdn::set('Garden.Analytics.Notify', null);
}
$this->render();
}
/**
* Signature check.
*
* This method checks the supplied signature of a request against a hash of
* the request arguments augmented with the local secret from the config file.
*
* ****
* THIS METHOD USES ALL SUPPLIED ARGUMENTS IN ITS SIGNATURE HASH ALGORITHM
* ****
*
* @param type $Request Array of request parameters
* @return boolean Status of verification check, or null if no VanillaID
*/
protected function verifySignature($Request)
{
// If this response has no ID, return NULL (could not verify)
$VanillaID = GetValue('VanillaID', $Request, null);
if (is_null($VanillaID)) {
return null;
}
// Response is bogus - wrong InstallationID
if (!is_null(Gdn::installationID()) && $VanillaID != Gdn::installationID()) {
return false;
}
// If we don't have a secret, we cannot verify anyway
$VanillaSecret = Gdn::installationSecret();
if (is_null($VanillaSecret)) {
return null;
}
// Calculate clock desync
$CurrentGmTime = Gdn_Statistics::time();
$RequestTime = val('RequestTime', $Request, 0);
$TimeDiff = abs($CurrentGmTime - $RequestTime);
$AllowedTimeDiff = C('Garden.Analytics.RequestTimeout', 1440);
// Allow 24* minutes of clock desync, otherwise signature is invalid
if ($TimeDiff > $AllowedTimeDiff) {
return false;
}
$SecurityHash = val('SecurityHash', $Request);
// Remove the existing SecuritHash before calculating the signature
unset($Request['SecurityHash']);
// Add the real secret
$Request['Secret'] = $VanillaSecret;
$SignData = array_intersect_key($Request, array_fill_keys(array('VanillaID', 'Secret', 'RequestTime', 'TimeSlot'), null));
// ksort the array to preserve a known order
$SignData = array_change_key_case($SignData, CASE_LOWER);
ksort($SignData);
// Calculate the hash
$RealHash = sha1(http_build_query($SignData));
if ($RealHash == $SecurityHash) {
return true;
}
return false;
}
/**
* Generate an access token for stats graphs.
*
* @return bool|string Returns a token or **false** if required information is missing.
*/
public static function generateToken()
{
$id = Gdn::installationID();
$secret = Gdn::installationSecret();
if (empty($id) || empty($secret)) {
return false;
}
$str = 'v1.' . dechex(time());
$token = $str . '.' . hash_hmac('sha1', $str, $secret);
return $token;
}
