/** * Returns an existing nonce by ID. If none exists, a new nonce will be generated. * * @param string $id Unique id to avoid namespace conflicts, e.g., `'ModuleName.ActionName'`. * @param int $ttl Optional time-to-live in seconds; default is 5 minutes. (ie, in 5 minutes, * the nonce will no longer be valid). * @return string */ public static function getNonce($id, $ttl = 600) { // save session-dependent nonce $ns = new SessionNamespace($id); $nonce = $ns->nonce; // re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration) // to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions if (empty($nonce)) { // generate a new nonce $nonce = md5(SettingsPiwik::getSalt() . time() . Common::generateUniqId()); $ns->nonce = $nonce; } // extend lifetime if nonce is requested again to prevent from early timeout if nonce is requested again // a few seconds before timeout $ns->setExpirationSeconds($ttl, 'nonce'); return $nonce; }
/** * Saves the layout for the current user * anonymous = in the session * authenticated user = in the DB */ public function saveLayout() { $this->checkTokenInUrl(); $layout = Common::unsanitizeInputValue(Common::getRequestVar('layout')); $idDashboard = Common::getRequestVar('idDashboard', 1, 'int'); $name = Common::getRequestVar('name', '', 'string'); if (Piwik::isUserIsAnonymous()) { $session = new SessionNamespace("Dashboard"); $session->dashboardLayout = $layout; $session->setExpirationSeconds(1800); } else { $this->saveLayoutForUser(Piwik::getCurrentUserLogin(), $idDashboard, $layout); if (!empty($name)) { $this->updateDashboardName(Piwik::getCurrentUserLogin(), $idDashboard, $name); } } }