/**
* Generate hash on user info and password
*
* @param string $userinfo User name, email, etc
* @param string $password
* @return string
*/
private function generateHash($userInfo, $password)
{
// mitigate rainbow table attack
$passwordLen = strlen($password) / 2;
$hash = Piwik_Common::hash($userInfo . substr($password, 0, $passwordLen) . Piwik_Common::getSalt() . substr($password, $passwordLen));
return $hash;
}
public function __construct($templateFile, $smConf = array(), $filter = true)
{
$this->template = $templateFile;
$this->smarty = new Piwik_Smarty($smConf, $filter);
// global value accessible to all templates: the piwik base URL for the current request
$this->piwik_version = Piwik_Version::VERSION;
$this->cacheBuster = md5(Piwik_Common::getSalt() . PHP_VERSION . Piwik_Version::VERSION);
$this->piwikUrl = Piwik_Common::sanitizeInputValue(Piwik_Url::getCurrentUrlWithoutFileName());
}
/**
* Smarty cachebuster outputfilter plugin
*
* File: outputfilter.cachebuster.php<br>
* Type: outputfilter<br>
* Name: cachebuster<br>
* Date: May 27, 2009<br>
* Purpose: add cache busting string to URLs
* of external CSS stylesheets and
* JavaScript scripts<br>
* Install: Drop into the plugin directory, call
* <code>$smarty->assign('tag', 'some_unique_tag');</code>
* <code>$smarty->load_filter('output','cachebuster');</code>
* from application.
*
* @param string
* @param Smarty
*/
function smarty_outputfilter_cachebuster($source, &$smarty)
{
static $cachebuster = null;
if (is_null($cachebuster)) {
$cachebuster = md5(Piwik_Common::getSalt() . PHP_VERSION . Piwik_Version::VERSION);
}
$tag = 'cb=' . $cachebuster;
$pattern = array('~<script type=[\'"]text/javascript[\'"] src=[\'"]([^\'"]+)[\'"]>~', '~<script src=[\'"]([^\'"]+)[\'"] type=[\'"]text/javascript[\'"]>~', '~<link rel=[\'"]stylesheet[\'"] type=[\'"]text/css[\'"] href=[\'"]([^\'"]+)[\'"] ?/?>~', '~(src|href)=\\"index.php\\?module=([A-Za-z0-9_]+)&action=([A-Za-z0-9_]+)\\?cb=~');
$replace = array('<script type="text/javascript" src="$1?' . $tag . '">', '<script type="text/javascript" src="$1?' . $tag . '">', '<link rel="stylesheet" type="text/css" href="$1?' . $tag . '" />', '$1="index.php?module=$2&action=$3&cb=');
return preg_replace($pattern, $replace, $source);
}
/**
* Generate nonce
*
* @param string $id Unique id to avoid namespace conflicts, e.g., ModuleName.ActionName
* @param int $ttl Optional time-to-live in seconds; default is 5 minutes
* @return string Nonce
*/
public static function getNonce($id, $ttl = 300)
{
// save session-dependent nonce
$ns = new Piwik_Session_Namespace($id);
$nonce = $ns->nonce;
// re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration)
// to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions
if (empty($nonce)) {
// generate a new nonce
$nonce = md5(Piwik_Common::getSalt() . time() . Piwik_Common::generateUniqId());
$ns->nonce = $nonce;
$ns->setExpirationSeconds($ttl, 'nonce');
}
return $nonce;
}
/**
* Returns the string to save in the cookie from the $this->value array of values.
* It goes through the array and generates the cookie content string.
*
* @return string Cookie content
*/
protected function generateContentString()
{
$cookieStr = '';
foreach($this->value as $name=>$value)
{
if(!is_numeric($value))
{
$value = base64_encode(safe_serialize($value));
}
$cookieStr .= "$name=$value" . self::VALUE_SEPARATOR;
}
if(!empty($cookieStr))
{
$cookieStr .= '_=';
// sign cookie
$signature = sha1($cookieStr . Piwik_Common::getSalt());
return $cookieStr . $signature;
}
return '';
}
/**
* Generate nonce -- a cryptographic "number used only once", often recommended as part of a robust defense against cross-site request forgery (CSRF/XSRF).
* Characteristics: limited lifetime, uniqueness, unpredictability (pseudo-randomness).
*
* @param string $id Unique id to avoid namespace conflicts, e.g., ModuleName.ActionName
* @param int $ttl Optional time-to-live in seconds; default is 5 minutes
* @return string Nonce
*/
public static function getNonce($id, $ttl = 300)
{
// the ingredients to our secret sauce? a dash of private salt and a flavorful mix of PRNGs, making it less predictable in nature, yet retaining a subtle hint of more entropy
$nonce = md5(Piwik_Common::getSalt() . time() . Piwik_Common::generateUniqId());
// save session-dependent nonce
$ns = new Zend_Session_Namespace($id);
$ns->nonce = $nonce;
$ns->setExpirationSeconds($ttl, 'nonce');
return $nonce;
}
/**
* Generate advisory lock name
*
* @param int $idsite
* @param Piwik_Period $period
* @param Piwik_Segment $segment
* @return string
*/
public static function getArchiveProcessingLockName($idsite, $period, Piwik_Segment $segment)
{
$config = Piwik_Config::getInstance();
$lockName = 'piwik.' . $config->database['dbname'] . '.' . $config->database['tables_prefix'] . '/' . $idsite . '/' . (!$segment->isEmpty() ? $segment->getHash() . '/' : '') . $period->getId() . '/' . $period->getDateStart()->toString('Y-m-d') . ',' . $period->getDateEnd()->toString('Y-m-d');
return $lockName . '/' . md5($lockName . Piwik_Common::getSalt());
}
