public function addJsGlobalVariables(&$out) { if (ProxyHttp::isHttps()) { $isHttps = 'true'; } else { $isHttps = 'false'; } $out .= "piwik.hasServerDetectedHttps = {$isHttps};\n"; }
/** * Executed when the session was successfully authenticated. * * @param AuthResult $authResult The successful authentication result. * @param bool $rememberMe Whether the authenticated session should be remembered after * the browser is closed or not. */ protected function processSuccessfulSession(AuthResult $authResult, $rememberMe) { $storage = new Storage($authResult->getIdentity()); /** * @deprecated Create a custom SessionInitializer instead. */ Piwik::postEvent('Login.authenticate.successful', array($authResult->getIdentity(), $authResult->getTokenAuth())); $cookie = $this->getAuthCookie($rememberMe); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', $this->getHashTokenAuth($authResult->getIdentity(), $authResult->getTokenAuth())); if ($storage->isActive()) { $cookie->set('auth_code', $this->getHashTokenAuth($authResult->getIdentity(), $storage->getSecret())); } $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); }
private static function notifyIfURLIsNotSecure() { $isURLSecure = ProxyHttp::isHttps(); if ($isURLSecure) { return; } if (!Piwik::hasUserSuperUserAccess()) { return; } $message = Piwik::translate('General_CurrentlyUsingUnsecureHttp'); $message .= " "; $message .= Piwik::translate('General_ReadThisToLearnMore', array('<a rel="noreferrer" target="_blank" href="https://piwik.org/faq/how-to/faq_91/">', '</a>')); $notification = new Notification($message); $notification->context = Notification::CONTEXT_WARNING; $notification->raw = true; Notification\Manager::notify('ControllerAdmin_HttpIsUsed', $notification); }
/** * If the page is using HTTP, redirect to the same page over HTTPS */ public static function redirectToHttps() { if (ProxyHttp::isHttps()) { return; } $url = self::getCurrentUrl(); $url = str_replace("http://", "https://", $url); self::redirectToUrl($url); }
/** * Executed when the session was successfully authenticated. * * @param AuthResult $authResult The successful authentication result. * @param bool $rememberMe Whether the authenticated session should be remembered after * the browser is closed or not. */ protected function processSuccessfulSession(AuthResult $authResult, $rememberMe) { $cookie = $this->getAuthCookie($rememberMe); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', $this->getHashTokenAuth($authResult->getIdentity(), $authResult->getTokenAuth())); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); }
/** * Start an Overlay session: Redirect to the tracked website. The Piwik * tracker will recognize this referrer and start the session. */ public function startOverlaySession() { $idSite = Common::getRequestVar('idSite', 0, 'int'); Piwik::checkUserHasViewAccess($idSite); $view = new View('@Overlay/startOverlaySession'); $sitesManager = APISitesManager::getInstance(); $site = $sitesManager->getSiteFromId($idSite); $urls = $sitesManager->getSiteUrlsFromId($idSite); $view->isHttps = ProxyHttp::isHttps(); $view->knownUrls = json_encode($urls); $view->mainUrl = $site['main_url']; $this->outputCORSHeaders(); Common::sendHeader('Content-Type: text/html; charset=UTF-8'); return $view->render(); }
/** * Start the session * * @param array|bool $options An array of configuration options; the auto-start (bool) setting is ignored * @return void * @throws Exception if starting a session fails */ public static function start($options = false) { if (headers_sent() || self::$sessionStarted || defined('PIWIK_ENABLE_SESSION_START') && !PIWIK_ENABLE_SESSION_START) { return; } self::$sessionStarted = true; // use cookies to store session id on the client side @ini_set('session.use_cookies', '1'); // prevent attacks involving session ids passed in URLs @ini_set('session.use_only_cookies', '1'); // advise browser that session cookie should only be sent over secure connection if (ProxyHttp::isHttps()) { @ini_set('session.cookie_secure', '1'); } // advise browser that session cookie should only be accessible through the HTTP protocol (i.e., not JavaScript) @ini_set('session.cookie_httponly', '1'); // don't use the default: PHPSESSID @ini_set('session.name', self::SESSION_NAME); // proxies may cause the referer check to fail and // incorrectly invalidate the session @ini_set('session.referer_check', ''); $currentSaveHandler = ini_get('session.save_handler'); $config = Config::getInstance(); if (self::isFileBasedSessions()) { // Note: this handler doesn't work well in load-balanced environments and may have a concurrency issue with locked session files // for "files", use our own folder to prevent local session file hijacking $sessionPath = self::getSessionsDirectory(); // We always call mkdir since it also chmods the directory which might help when permissions were reverted for some reasons Filesystem::mkdir($sessionPath); @ini_set('session.save_handler', 'files'); @ini_set('session.save_path', $sessionPath); } elseif ($config->General['session_save_handler'] === 'dbtable' || in_array($currentSaveHandler, array('user', 'mm'))) { // We consider these to be misconfigurations, in that: // - user - we can't verify that user-defined session handler functions have already been set via session_set_save_handler() // - mm - this handler is not recommended, unsupported, not available for Windows, and has a potential concurrency issue $config = array('name' => Common::prefixTable('session'), 'primary' => 'id', 'modifiedColumn' => 'modified', 'dataColumn' => 'data', 'lifetimeColumn' => 'lifetime'); $saveHandler = new DbTable($config); if ($saveHandler) { self::setSaveHandler($saveHandler); } } // garbage collection may disabled by default (e.g., Debian) if (ini_get('session.gc_probability') == 0) { @ini_set('session.gc_probability', 1); } try { parent::start(); register_shutdown_function(array('Zend_Session', 'writeClose'), true); } catch (Exception $e) { Log::error('Unable to start session: ' . $e->getMessage()); $enableDbSessions = ''; if (DbHelper::isInstalled()) { $enableDbSessions = "<br/>If you still experience issues after trying these changes,\n\t\t\t \t\t\twe recommend that you <a href='http://piwik.org/faq/how-to-install/#faq_133' rel='noreferrer' target='_blank'>enable database session storage</a>."; } $pathToSessions = Filechecks::getErrorMessageMissingPermissions(self::getSessionsDirectory()); $message = sprintf("Error: %s %s %s\n<pre>Debug: the original error was \n%s</pre>", Piwik::translate('General_ExceptionUnableToStartSession'), $pathToSessions, $enableDbSessions, $e->getMessage()); $ex = new MissingFilePermissionException($message, $e->getCode(), $e); $ex->setIsHtmlMessage(); throw $ex; } }
/** * Write configuration file from session-store */ private function createConfigFile($dbInfos) { $config = Config::getInstance(); // make sure DB sessions are used if the filesystem is NFS if (Filesystem::checkIfFileSystemIsNFS()) { $config->General['session_save_handler'] = 'dbtable'; } if (count($headers = ProxyHeaders::getProxyClientHeaders()) > 0) { $config->General['proxy_client_headers'] = $headers; } if (count($headers = ProxyHeaders::getProxyHostHeaders()) > 0) { $config->General['proxy_host_headers'] = $headers; } if (Common::getRequestVar('clientProtocol', 'http', 'string') == 'https') { $protocol = 'https'; } else { $protocol = ProxyHeaders::getProtocolInformation(); } if (!empty($protocol) && !\Piwik\ProxyHttp::isHttps()) { $config->General['assume_secure_protocol'] = '1'; } $config->General['salt'] = Common::generateUniqId(); $config->General['installation_in_progress'] = 1; $config->database = $dbInfos; if (!DbHelper::isDatabaseConnectionUTF8()) { $config->database['charset'] = 'utf8'; } # Improved Security with IBM Bluemix # With SSL ALWAYS available for all Bluemix apps, let's require all requests # to be made over SSL (https) so that data is NOT sent in the clear. # Non-ssl requests will trigger a # Error: Form security failed. # Please reload the form and check that your cookies are enabled # Reference: http://piwik.org/faq/how-to/faq_91/ # Reference: https://developer.ibm.com/answers/questions/8312/how-do-i-enable-tlsssl-for-my-bluemix-application/ $config->General['assume_secure_protocol'] = 1; $config->General['force_ssl'] = 1; # Setup proxy_client_headers to accurately detect GeoIPs of visiting clients $config->General['proxy_client_headers'] = array("HTTP_X_CLIENT_IP", "HTTP_X_FORWARDED_FOR", "HTTP_X_CLUSTER_CLIENT_IP", "HTTP_CLIENT_IP"); $config->General['proxy_host_headers'] = "HTTP_X_FORWARDED_HOST"; # Implement some default settings that optimize performance $config->General['enabled_periods_UI'] = "day,week,month,year"; $config->General['enabled_periods_API'] = "day,week,month,year"; $config->General['action_category_level_limit'] = 3; $config->General['show_multisites_sparklines'] = 0; $config->General['anonymous_user_enable_use_segments_API'] = 0; $config->General['browser_archiving_disabled_enforce'] = 1; $config->General['enable_create_realtime_segments'] = 0; $config->General['enable_segment_suggested_values'] = 0; $config->General['adding_segment_requires_access'] = "superuser"; $config->General['allow_adding_segments_for_all_websites'] = 0; $config->General['datatable_row_limits'] = "5,10,25,50"; $config->General['enable_browser_archiving_triggering'] = 0; $config->General['multisites_refresh_after_seconds'] = 0; $config->General['enable_delete_old_data_settings_admin'] = 0; $config->General['enable_auto_update'] = 0; $config->Debug['enable_measure_piwik_usage_in_idsite'] = 0; $config->Debug['allow_upgrades_to_beta'] = 0; $config->Tracker['new_visit_api_requires_admin'] = 0; # Let us have this Piwik deploy track itself to get some early data and success :-) # $config->Debug['enable_measure_piwik_usage_in_idsite'] = 1; # Emailing the easy way with IBM Bluemix + the SendGrid Service if (isset($_ENV["REDISHOSTNAME"])) { $config->RedisCache['host'] = $_ENV["REDISHOSTNAME"]; $config->RedisCache['port'] = $_ENV["REDISPORT"]; $config->RedisCache['timeout'] = 0.0; $config->RedisCache['password'] = $_ENV["REDISPASSWORD"]; $config->RedisCache['database'] = 14; $config->ChainedCache['backends'] = array("array", "redis"); } # Let's setup the config files trusted hosts entries to handle # 1...N amount of user-defined IBM Bluemix app routes if (isset($_ENV["APPURIS"])) { foreach ($_ENV["APPURIS"] as $application_uri) { $this->addTrustedHosts("https://" . $application_uri); } } # Emailing the easy way with IBM Bluemix + the SendGrid Service if (isset($_ENV["MAILHOST"])) { $config->mail['transport'] = "smtp"; $config->mail['port'] = 587; $config->mail['type'] = "Plain"; $config->mail['host'] = $_ENV["MAILHOST"]; $config->mail['username'] = $_ENV["MAILUSER"]; $config->mail['password'] = $_ENV["MAILPASSWORD"]; } $config->forceSave(); // re-save the currently viewed language (since we saved the config file, there is now a salt which makes the // existing session cookie invalid) $this->resetLanguageCookie(); }
/** * Write configuration file from session-store */ private function createConfigFile($dbInfos) { $config = Config::getInstance(); // make sure DB sessions are used if the filesystem is NFS if (Filesystem::checkIfFileSystemIsNFS()) { $config->General['session_save_handler'] = 'dbtable'; } if (count($headers = ProxyHeaders::getProxyClientHeaders()) > 0) { $config->General['proxy_client_headers'] = $headers; } if (count($headers = ProxyHeaders::getProxyHostHeaders()) > 0) { $config->General['proxy_host_headers'] = $headers; } if (Common::getRequestVar('clientProtocol', 'http', 'string') == 'https') { $protocol = 'https'; } else { $protocol = ProxyHeaders::getProtocolInformation(); } if (!empty($protocol) && !\Piwik\ProxyHttp::isHttps()) { $config->General['assume_secure_protocol'] = '1'; } $config->General['salt'] = Common::generateUniqId(); $config->General['installation_in_progress'] = 1; $config->database = $dbInfos; if (!DbHelper::isDatabaseConnectionUTF8()) { $config->database['charset'] = 'utf8'; } $config->forceSave(); }
/** * Executed when the session was successfully authenticated * @param $login * @param $tokenAuth * @param $rememberMe */ protected function processSuccessfullSession($login, $tokenAuth, $rememberMe) { $cookie = $this->getAuthCookie($rememberMe); $cookie->set('login', $login); $cookie->set('token_auth', $this->getHashTokenAuth($login, $tokenAuth)); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); // remove password reset entry if it exists Login::removePasswordResetInfo($login); }
/** * Authenticates the user and initializes the session. */ public function initSession($login, $md5Password, $rememberMe) { $tokenAuth = API::getInstance()->getTokenAuth($login, $md5Password); $this->setLogin($login); $this->setTokenAuth($tokenAuth); $authResult = $this->authenticate(); $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = $rememberMe ? time() + Config::getInstance()->General['login_cookie_expire'] : 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); if (!$authResult->wasAuthenticationSuccessful()) { $cookie->delete(); throw new Exception(Piwik::translate('Login_LoginPasswordNotCorrect')); } $cookie->set('login', $login); $cookie->set('token_auth', $this->getHashTokenAuth($login, $authResult->getTokenAuth())); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); @Session::regenerateId(); // remove password reset entry if it exists Login::removePasswordResetInfo($login); }
public function initAuthenticationObject($activateCookieAuth = false) { $clientCertificateAPI = ClientCertificatesAPI::getInstance(); $loginAPI = LoginAPI::getInstance(); $dn = $clientCertificateAPI->getUserDN(); $issuer_dn = $clientCertificateAPI->getIssuerDN(); if ($dn != null) { $auth = new CertAuth(); $previousAuth = \Piwik\Registry::get('auth'); \Piwik\Registry::set('auth', $auth); if (!$this->initAuthenticationFromCookie($auth, $activateCookieAuth)) { $result = $clientCertificateAPI->queryGovport($dn, $issuer_dn); if ($result) { $username = $this->getProperty($result, 'uid'); $fullname = $this->getProperty($result, 'fullName'); $email = $this->getProperty($result, 'email'); $firstname = $this->getProperty($result, 'firstName'); $lastname = $this->getProperty($result, 'lastName'); $agency = null; if (property_exists($result, 'grantBy')) { $agency = $result->{'grantBy'}[0]; } if ($agency == null) { if (property_exists($result, 'organizations')) { $agency = $result->{'organizations'}[0]; } if ($agency == null) { $agency = 'N/A'; } } \Piwik\Log::debug("Login PKI Response: {$username}, {$fullname}, {$email}, {$firstname}, {$lastname}, {$agency}"); $auth->setLogin($username); $auth->setUserDN($dn); $auth->setPassword($username . $dn); $auth->setTokenAuth(md5($username . $auth->getTokenAuthSecret())); $auth->setEmail($email); $auth->setAlias($this->getAlias($firstname, $lastname, $fullname)); $authResult = $auth->authenticate(); if ($authResult->wasAuthenticationSuccessful()) { Session::regenerateId(); //Create Cookie $authCookieExpiry = 0; $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', md5($username . $auth->getTokenAuthSecret())); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); } else { // Error message set by auth result \Piwik\Registry::set('auth', $previousAuth); } } else { \Piwik\Registry::set('auth', $previousAuth); $loginAPI->setErrorMessage("Could not verify user against authorization service"); \Piwik\Log::debug("Could not verify user against authorization service. Falling back on standard auth."); } } } else { $loginAPI->setErrorMessage("No certificate provided"); \Piwik\Log::debug("No certificate provided. Falling back on standard login mechanism."); } }
/** * @return bool */ public static function isSecureConnectionAssumedByPiwikButNotForcedYet() { $isSecureConnectionLikelyNotUsed = Url::isSecureConnectionLikelyNotUsed(); $hasSessionCookieSecureFlag = ProxyHttp::isHttps(); $isSecureConnectionAssumedByPiwikButNotForcedYet = Url::isPiwikConfiguredToAssumeSecureConnection() && !SettingsPiwik::isHttpsForced(); return $isSecureConnectionLikelyNotUsed && $hasSessionCookieSecureFlag && $isSecureConnectionAssumedByPiwikButNotForcedYet; }
/** * Get system information */ public static function getSystemInformation() { global $piwik_minimumPHPVersion; $minimumMemoryLimit = Config::getInstance()->General['minimum_memory_limit']; $infos = array(); $infos['general_infos'] = array(); $directoriesToCheck = array(); if (!DbHelper::isInstalled()) { // at install, need /config to be writable (so we can create config.ini.php) $directoriesToCheck[] = '/config/'; } $directoriesToCheck = array_merge($directoriesToCheck, array('/tmp/', '/tmp/assets/', '/tmp/cache/', '/tmp/latest/', '/tmp/logs/', '/tmp/sessions/', '/tmp/tcpdf/', '/tmp/templates_c/')); $infos['directories'] = Filechecks::checkDirectoriesWritable($directoriesToCheck); $infos['can_auto_update'] = Filechecks::canAutoUpdate(); self::initServerFilesForSecurity(); $infos['phpVersion_minimum'] = $piwik_minimumPHPVersion; $infos['phpVersion'] = PHP_VERSION; $infos['phpVersion_ok'] = version_compare($piwik_minimumPHPVersion, $infos['phpVersion']) === -1; // critical errors $extensions = @get_loaded_extensions(); $needed_extensions = array('zlib', 'SPL', 'iconv', 'Reflection'); $infos['needed_extensions'] = $needed_extensions; $infos['missing_extensions'] = array(); foreach ($needed_extensions as $needed_extension) { if (!in_array($needed_extension, $extensions)) { $infos['missing_extensions'][] = $needed_extension; } } $infos['pdo_ok'] = false; if (in_array('PDO', $extensions)) { $infos['pdo_ok'] = true; } $infos['adapters'] = Adapter::getAdapters(); $needed_functions = array('debug_backtrace', 'create_function', 'eval', 'gzcompress', 'gzuncompress', 'pack'); $infos['needed_functions'] = $needed_functions; $infos['missing_functions'] = array(); foreach ($needed_functions as $needed_function) { if (!self::functionExists($needed_function)) { $infos['missing_functions'][] = $needed_function; } } // warnings $desired_extensions = array('json', 'libxml', 'dom', 'SimpleXML'); $infos['desired_extensions'] = $desired_extensions; $infos['missing_desired_extensions'] = array(); foreach ($desired_extensions as $desired_extension) { if (!in_array($desired_extension, $extensions)) { $infos['missing_desired_extensions'][] = $desired_extension; } } $desired_functions = array('set_time_limit', 'mail', 'parse_ini_file', 'glob'); $infos['desired_functions'] = $desired_functions; $infos['missing_desired_functions'] = array(); foreach ($desired_functions as $desired_function) { if (!self::functionExists($desired_function)) { $infos['missing_desired_functions'][] = $desired_function; } } $infos['openurl'] = Http::getTransportMethod(); $infos['gd_ok'] = SettingsServer::isGdExtensionEnabled(); $infos['hasMbstring'] = false; $infos['multibyte_ok'] = true; if (function_exists('mb_internal_encoding')) { $infos['hasMbstring'] = true; if ((int) ini_get('mbstring.func_overload') != 0) { $infos['multibyte_ok'] = false; } } $serverSoftware = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : ''; $infos['serverVersion'] = addslashes($serverSoftware); $infos['serverOs'] = @php_uname(); $infos['serverTime'] = date('H:i:s'); $infos['registerGlobals_ok'] = ini_get('register_globals') == 0; $infos['memoryMinimum'] = $minimumMemoryLimit; $infos['memory_ok'] = true; $infos['memoryCurrent'] = ''; $raised = SettingsServer::raiseMemoryLimitIfNecessary(); if (($memoryValue = SettingsServer::getMemoryLimitValue()) > 0) { $infos['memoryCurrent'] = $memoryValue . 'M'; $infos['memory_ok'] = $memoryValue >= $minimumMemoryLimit; } $infos['isWindows'] = SettingsServer::isWindows(); $integrityInfo = Filechecks::getFileIntegrityInformation(); $infos['integrity'] = $integrityInfo[0]; $infos['integrityErrorMessages'] = array(); if (isset($integrityInfo[1])) { if ($infos['integrity'] == false) { $infos['integrityErrorMessages'][] = Piwik::translate('General_FileIntegrityWarningExplanation'); } $infos['integrityErrorMessages'] = array_merge($infos['integrityErrorMessages'], array_slice($integrityInfo, 1)); } $infos['timezone'] = SettingsServer::isTimezoneSupportEnabled(); $infos['tracker_status'] = Common::getRequestVar('trackerStatus', 0, 'int'); $infos['protocol'] = ProxyHeaders::getProtocolInformation(); if (!\Piwik\ProxyHttp::isHttps() && $infos['protocol'] !== null) { $infos['general_infos']['assume_secure_protocol'] = '1'; } if (count($headers = ProxyHeaders::getProxyClientHeaders()) > 0) { $infos['general_infos']['proxy_client_headers'] = $headers; } if (count($headers = ProxyHeaders::getProxyHostHeaders()) > 0) { $infos['general_infos']['proxy_host_headers'] = $headers; } // check if filesystem is NFS, if it is file based sessions won't work properly $infos['is_nfs'] = Filesystem::checkIfFileSystemIsNFS(); $infos = self::enrichSystemChecks($infos); return $infos; }
/** * Start an Overlay session: Redirect to the tracked website. The Piwik * tracker will recognize this referrer and start the session. */ public function startOverlaySession() { $idSite = Common::getRequestVar('idSite', 0, 'int'); Piwik::checkUserHasViewAccess($idSite); $sitesManager = APISitesManager::getInstance(); $site = $sitesManager->getSiteFromId($idSite); $urls = $sitesManager->getSiteUrlsFromId($idSite); @header('Content-Type: text/html; charset=UTF-8'); return ' <html><head><title></title></head><body> <script type="text/javascript"> function handleProtocol(url) { if (' . (ProxyHttp::isHttps() ? 'true' : 'false') . ') { return url.replace(/http:\\/\\//i, "https://"); } else { return url.replace(/https:\\/\\//i, "http://"); } } function removeUrlPrefix(url) { return url.replace(/http(s)?:\\/\\/(www\\.)?/i, ""); } if (window.location.hash) { var match = false; var urlToRedirect = window.location.hash.substr(1); var urlToRedirectWithoutPrefix = removeUrlPrefix(urlToRedirect); var knownUrls = ' . Common::json_encode($urls) . '; for (var i = 0; i < knownUrls.length; i++) { var testUrl = removeUrlPrefix(knownUrls[i]); if (urlToRedirectWithoutPrefix.substr(0, testUrl.length) == testUrl) { match = true; if (navigator.appName == "Microsoft Internet Explorer") { // internet explorer loses the referrer if we use window.location.href=X var referLink = document.createElement("a"); referLink.href = handleProtocol(urlToRedirect); document.body.appendChild(referLink); referLink.click(); } else { window.location.href = handleProtocol(urlToRedirect); } break; } } if (!match) { var idSite = window.location.href.match(/idSite=([0-9]+)/i)[1]; window.location.href = "index.php?module=Overlay&action=showErrorWrongDomain" + "&idSite=" + idSite + "&url=" + encodeURIComponent(urlToRedirect); } } else { window.location.href = handleProtocol("' . $site['main_url'] . '"); }; </script> </body></html> '; }
protected function handleSSLRedirection() { if (!Common::isPhpCliMode() && Config::getInstance()->General['force_ssl'] == 1 && !ProxyHttp::isHttps() && !(Common::getRequestVar('module', '') == 'CoreAdminHome' && Common::getRequestVar('action', '') == 'optOut')) { $url = Url::getCurrentUrl(); $url = str_replace("http://", "https://", $url); Url::redirectToUrl($url); } }
/** * Returns image link tracking code for a given site with specified options. * * @param int $idSite The ID to generate tracking code for. * @param string $piwikUrl The domain and URL path to the Piwik installation. * @param int $idGoal An ID for a goal to trigger a conversion for. * @param int $revenue The revenue of the goal conversion. Only used if $idGoal is supplied. * @return string The HTML tracking code. */ public function getImageTrackingCode($idSite, $piwikUrl = '', $actionName = false, $idGoal = false, $revenue = false) { $urlParams = array('idsite' => $idSite, 'rec' => 1); if ($actionName !== false) { $urlParams['action_name'] = urlencode(Common::unsanitizeInputValue($actionName)); } if ($idGoal !== false) { $urlParams['idGoal'] = $idGoal; if ($revenue !== false) { $urlParams['revenue'] = $revenue; } } /** * Triggered when generating image link tracking code server side. Plugins can use * this event to customise the image tracking code that is displayed to the * user. * * @param string &$piwikHost The domain and URL path to the Piwik installation, eg, * `'examplepiwik.com/path/to/piwik'`. * @param array &$urlParams The query parameters used in the <img> element's src * URL. See Piwik's image tracking docs for more info. */ Piwik::postEvent('SitesManager.getImageTrackingCode', array(&$piwikUrl, &$urlParams)); $piwikUrl = (ProxyHttp::isHttps() ? "https://" : "http://") . $piwikUrl . '/piwik.php'; return "<!-- Piwik Image Tracker-->\n<img src=\"{$piwikUrl}?" . Url::getQueryStringFromParameters($urlParams) . "\" style=\"border:0\" alt=\"\" />\n<!-- End Piwik -->"; }
/** * Check force_ssl_login and redirect if connection isn't secure and not using a reverse proxy * * @param none * @return void */ protected function checkForceSslLogin() { $forceSslLogin = Config::getInstance()->General['force_ssl_login']; if ($forceSslLogin && !ProxyHttp::isHttps()) { $url = 'https://' . Url::getCurrentHost() . Url::getCurrentScriptName() . Url::getCurrentQueryString(); Url::redirectToUrl($url); } }
/** * Returns the URL to this Piwik instance, eg. **http://demo.piwik.org/** or **http://example.org/piwik/**. * * @return string * @api */ public static function getPiwikUrl() { $url = Option::get(self::OPTION_PIWIK_URL); $isPiwikCoreDispatching = defined('PIWIK_ENABLE_DISPATCH') && PIWIK_ENABLE_DISPATCH; if (Common::isPhpCliMode() || SettingsServer::isArchivePhpTriggered() || !$isPiwikCoreDispatching) { return $url; } $currentUrl = Common::sanitizeInputValue(Url::getCurrentUrlWithoutFileName()); // when script is called from /misc/cron/archive.php, Piwik URL is /index.php $currentUrl = str_replace("/misc/cron", "", $currentUrl); if (empty($url) || $currentUrl != $url) { if (strlen($currentUrl) >= strlen('http://a/')) { self::overwritePiwikUrl($currentUrl); } $url = $currentUrl; } if (ProxyHttp::isHttps()) { $url = str_replace("http://", "https://", $url); } return $url; }
/** * Executed when the session was successfully authenticated * @param $login * @param $tokenAuth * @param $rememberMe */ protected function processSuccessfulSession($login, $tokenAuth, $rememberMe) { /** * Triggered after successful authenticate, but before cookie creation. * This event propagate login and token_auth which was used in authenticate process. * * This event exists to enable the ability to custom action before the cookie will be created, * but after a successful authentication. * For example when user have to fill survey or change password. * * **Example** * * Piwik::addAction('Login.authenticate.successful', function ($login, $tokenAuth) { * // redirect to change password action * }); * * @param string $login User login. * @param string $tokenAuth User token auth. */ Piwik::postEvent('Login.authenticate.successful', array($login, $tokenAuth)); $cookie = $this->getAuthCookie($rememberMe); $cookie->set('login', $login); $cookie->set('token_auth', $this->getHashTokenAuth($login, $tokenAuth)); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); // remove password reset entry if it exists Login::removePasswordResetInfo($login); }