diff options
| author | mattab <matthieu.aubry@gmail.com> | 2013-05-23 07:48:05 +0400 |
|---|---|---|
| committer | mattab <matthieu.aubry@gmail.com> | 2013-05-23 07:48:05 +0400 |
| commit | 80721ac6fd81c425e2af6b940d507cd5c886f97a (patch) | |
| tree | 0193b1f6299583cdc3a3eb580b225e2cfe04980a | |
| parent | debae0756cba9e5bd2bafc9e8e037757b740e783 (diff) | |
Fixes #39511.12-b16
| -rw-r--r-- | config/global.ini.php | 9 | ||||
| -rw-r--r-- | core/Tracker/Visit.php | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index 32e0cb1fbd..e305959044 100644 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -340,6 +340,13 @@ overlay_disable_framed_mode = 0 ; this is useful when you want to do cross websites analysis use_third_party_id_cookie = 0 +; There is a feature in the Tracking API that lets you create new visit at any given time, for example if you know that a different user/customer is using +; the app then you would want to tell Piwik to create a new visit (even though both users are using the same browser/computer). +; To prevent abuse and easy creation of fake visits, this feature requires admin token_auth by default +; If you wish to use this feature using the Javascript tracker, you can set the setting new_visit_api_requires_admin=0, and in Javascript write: +; _paq.push(['appendToTrackingUrl', 'new_visit=1']); +new_visit_api_requires_admin = 1 + ; This setting should only be set to 1 in an intranet setting, where most users have the same configuration (browsers, OS) ; and the same IP. If left to 0 in this setting, all visitors will be counted as one single visitor. trust_visitors_cookies = 0 @@ -417,7 +424,7 @@ ip_address_mask_length = 1 tracker_cache_file_ttl = 300 ; DO NOT USE THIS SETTING ON PUBLICLY AVAILABLE PIWIK SERVER -; !!! Security risk: if set to 0, it would allow anyone to push data to Piwik with custom dates in the past/future and with fake IPs !!! +; !!! Security risk: if set to 0, it would allow anyone to push data to Piwik with custom dates in the past/future and even with fake IPs! ; When using the Tracking API, to override either the datetime and/or the visitor IP, ; token_auth with an "admin" access is required. If you set this setting to 0, the token_auth will not be required anymore. ; DO NOT USE THIS SETTING ON PUBLIC PIWIK SERVERS diff --git a/core/Tracker/Visit.php b/core/Tracker/Visit.php index 24b1c2e8d1..f7ea1ea10e 100644 --- a/core/Tracker/Visit.php +++ b/core/Tracker/Visit.php @@ -1199,7 +1199,11 @@ class Piwik_Tracker_Visit implements Piwik_Tracker_Visit_Interface $visitRow = Piwik_Tracker::getDatabase()->fetch($sql, $bindSql); - if (!Piwik_Config::getInstance()->Debug['tracker_always_new_visitor'] + $newVisitEnforcedAPI = !empty($this->request['new_visit']) + && ($this->authenticated || !Piwik_Config::getInstance()->Tracker['new_visit_api_requires_admin']); + $enforceNewVisit = $newVisitEnforcedAPI || Piwik_Config::getInstance()->Debug['tracker_always_new_visitor']; + + if (!$enforceNewVisit && $visitRow && count($visitRow) > 0 ) { |