/**
* Cache buster based on
* - Piwik version
* - Loaded plugins
* - Super user salt
* - Latest
*
* @param string[] $pluginNames
* @return string
*/
public function piwikVersionBasedCacheBuster($pluginNames = false)
{
$currentGitHash = @file_get_contents(PIWIK_INCLUDE_PATH . '/.git/refs/heads/master');
$pluginList = md5(implode(",", !$pluginNames ? Manager::getInstance()->getLoadedPluginsName() : $pluginNames));
$cacheBuster = md5(SettingsPiwik::getSalt() . $pluginList . PHP_VERSION . Version::VERSION . trim($currentGitHash));
return $cacheBuster;
}
/**
* Generate hash on user info and password
*
* @param string $userInfo User name, email, etc
* @param string $password
* @return string
*/
private function generateHash($userInfo, $password)
{
// mitigate rainbow table attack
$passwordLen = strlen($password) / 2;
$hash = Common::hash($userInfo . substr($password, 0, $passwordLen) . SettingsPiwik::getSalt() . substr($password, $passwordLen));
return $hash;
}
/**
* Returns a 64-bit hash of all the configuration settings
* @param $os
* @param $browserName
* @param $browserVersion
* @param $plugin_Flash
* @param $plugin_Java
* @param $plugin_Director
* @param $plugin_Quicktime
* @param $plugin_RealPlayer
* @param $plugin_PDF
* @param $plugin_WindowsMedia
* @param $plugin_Gears
* @param $plugin_Silverlight
* @param $plugin_Cookie
* @param $ip
* @param $browserLang
* @return string
*/
protected function getConfigHash($os, $browserName, $browserVersion, $plugin_Flash, $plugin_Java, $plugin_Director, $plugin_Quicktime, $plugin_RealPlayer, $plugin_PDF, $plugin_WindowsMedia, $plugin_Gears, $plugin_Silverlight, $plugin_Cookie, $ip, $browserLang)
{
// prevent the config hash from being the same, across different Piwik instances
// (limits ability of different Piwik instances to cross-match users)
$salt = SettingsPiwik::getSalt();
$configString = $os . $browserName . $browserVersion . $plugin_Flash . $plugin_Java . $plugin_Director . $plugin_Quicktime . $plugin_RealPlayer . $plugin_PDF . $plugin_WindowsMedia . $plugin_Gears . $plugin_Silverlight . $plugin_Cookie . $ip . $browserLang . $salt;
$hash = md5($configString, $raw_output = true);
return substr($hash, 0, Tracker::LENGTH_BINARY_ID);
}
/**
* Returns an existing nonce by ID. If none exists, a new nonce will be generated.
*
* @param string $id Unique id to avoid namespace conflicts, e.g., `'ModuleName.ActionName'`.
* @param int $ttl Optional time-to-live in seconds; default is 5 minutes. (ie, in 5 minutes,
* the nonce will no longer be valid).
* @return string
*/
public static function getNonce($id, $ttl = 600)
{
// save session-dependent nonce
$ns = new SessionNamespace($id);
$nonce = $ns->nonce;
// re-use an unexpired nonce (a small deviation from the "used only once" principle, so long as we do not reset the expiration)
// to handle browser pre-fetch or double fetch caused by some browser add-ons/extensions
if (empty($nonce)) {
// generate a new nonce
$nonce = md5(SettingsPiwik::getSalt() . time() . Common::generateUniqId());
$ns->nonce = $nonce;
}
// extend lifetime if nonce is requested again to prevent from early timeout if nonce is requested again
// a few seconds before timeout
$ns->setExpirationSeconds($ttl, 'nonce');
return $nonce;
}
/**
* @return string
*/
private function getIgnoreCookieSalt()
{
return md5(SettingsPiwik::getSalt());
}
protected static function makeLockName($idsite, Period $period, Segment $segment)
{
$config = Config::getInstance();
$lockName = 'piwik.' . $config->database['dbname'] . '.' . $config->database['tables_prefix'] . '/' . $idsite . '/' . (!$segment->isEmpty() ? $segment->getHash() . '/' : '') . $period->getId() . '/' . $period->getDateStart()->toString('Y-m-d') . ',' . $period->getDateEnd()->toString('Y-m-d');
return $lockName . '/' . md5($lockName . SettingsPiwik::getSalt());
}
/**
* Returns the string salt to use when generating a secure hash. Defaults to the value of
* the `[General] salt` INI config option.
*
* Derived classes can override this to provide a different salt.
*
* @return string
*/
protected function getSalt()
{
return SettingsPiwik::getSalt();
}
protected function lockNameForNextIdarchive($table)
{
$hash = md5("loadNextIdArchive.{$table}" . SettingsPiwik::getSalt());
$lockName = (double) $this->md5_to_64bit($hash);
$lockName = sprintf("%0.0f", $lockName);
return $lockName;
}
/**
* Generates a new random authentication token.
*
* @param string $userLogin Login
* @return string
*/
public function createTokenAuth($userLogin)
{
return md5($userLogin . microtime(true) . Common::generateUniqId() . SettingsPiwik::getSalt());
}