v0.1.6

- security update
- rename clickheat.php to clickheat_config.php (Windows mixes up ClickHeat.php with clickheat.php

Controller.php

@@ -16,12 +16,14 @@ use Piwik\Translate;
 use Piwik\Piwik;
 use Piwik\Common;
 use Piwik\View;
-
+ёё
 class Controller extends \Piwik\Plugin\Controller
 {
 
 	public function init()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		$__languages = array('bg', 'cz', 'de', 'en', 'es', 'fr', 'hu', 'id', 'it', 'ja', 'nl', 'pl', 'pt', 'ro', 'ru', 'sr', 'tr', 'uk', 'zh');
 
 		if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] !== '')
@@ -47,7 +49,7 @@ class Controller extends \Piwik\Plugin\Controller
 		define('CLICKHEAT_PATH', $dirName.'/plugins/ClickHeat/libs/');
 		define('CLICKHEAT_INDEX_PATH', 'index.php?module=ClickHeat&');
 		define('CLICKHEAT_ROOT', PIWIK_INCLUDE_PATH.'/plugins/ClickHeat/libs/');
-		define('CLICKHEAT_CONFIG', PIWIK_INCLUDE_PATH.'/plugins/ClickHeat/clickheat.php');	
+		define('CLICKHEAT_CONFIG', PIWIK_INCLUDE_PATH.'/plugins/ClickHeat/clickheat_config.php');
 		define('IS_PIWIK_MODULE', true);
 
 		if (Piwik::hasUserSuperUserAccess())
@@ -87,6 +89,8 @@ class Controller extends \Piwik\Plugin\Controller
 	 */
 	public function view()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		/** List of available groups */
 		$groups = array();
 		$conf = self::conf();
@@ -208,6 +212,8 @@ class Controller extends \Piwik\Plugin\Controller
 
 	public function iframe()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		$group = isset($_GET['group']) ? str_replace('/', '', $_GET['group']) : '';
 		$conf = self::conf();
 		if (is_dir($conf['logPath'].$group))
@@ -228,6 +234,8 @@ class Controller extends \Piwik\Plugin\Controller
 
 	public function javascript()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		foreach(array('', '_GROUP', '_GROUP0', '_GROUP1', '_GROUP2', '_GROUP3', '_DEBUG', '_QUOTA', '_IMAGE', '_SHORT', '_PASTE') as $value) {
 			define("LANG_JAVASCRIPT$value", Piwik::Translate("ClickHeat_LANG_JAVASCRIPT$value"));
 		}
@@ -236,16 +244,22 @@ class Controller extends \Piwik\Plugin\Controller
 
 	public function layout()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		include (CLICKHEAT_ROOT.'layout.php');
 	}
 
 	public function generate()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		include (CLICKHEAT_ROOT.'generate.php');
 	}
 
 	public function png()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		$conf = self::conf();
 		$imagePath = $conf['cachePath'].(isset($_GET['file']) ? str_replace('/', '', $_GET['file']) : '**unknown**');
 
@@ -262,6 +276,8 @@ class Controller extends \Piwik\Plugin\Controller
 
 	public function layoutupdate()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		$group = isset($_GET['group']) ? str_replace('/', '', $_GET['group']) : '';
 		$url = isset($_GET['url']) ? $_GET['url'] : '';
 		if (strpos($url, 'http') !== 0)
@@ -301,6 +317,8 @@ class Controller extends \Piwik\Plugin\Controller
 
 	public function cleaner()
 	{
+		// if you are not valid user, force login.
+		Piwik::checkUserIsNotAnonymous();
 		include (CLICKHEAT_ROOT.'cleaner.php');
 	}
 

README.md

@@ -56,15 +56,29 @@ __Showed a heatmap, but not overlay a heatmap to the target web page. Why ?__
 
 Check that your website does not set the HTTP header __X-FRAME-OPTIONS__ to __SAMEORIGIN__ as this will prevent this plugin from iframing your website for the heatmap report. Please see [Page Overlay Troubleshooting](http://piwik.org/docs/page-overlay/#page-overlay-troubleshooting), that is same problem.
 
+__How do I enable logging ?__
+
+Logging prepared for click.php. To debug it further please enable tracker debug mode in config.ini.php:
+
+```
+[Tracker]
+debug=1
+```
+You can see the log in yourpiwik/tmp/logs/piwik.log.
+
 ## Changelog
 
 * 0.1.0 First beta
 * 0.1.2 to append faq
 * 0.1.3 to append faq
 * 0.1.5 to add .htaccess
+* 0.1.6
+    * security update
+    * rename clickheat.php to clickheat_config.php (Windows mixes up ClickHeat.php with clickheat.php)
 
 ## License
 GPL v3 or later
 
 ## Support
 Please direct any feedback to [yamachan@piwikjapan.org](mailto:yamachan@piwikjapan.org).
+ё

VERSION

@@ -1 +1 @@
-1.14
+0.1.6

clickheat.php

@@ -1,23 +1,35 @@
-<?php $clickheatConf = array (
-  'logPath' => PIWIK_INCLUDE_PATH.'/tmp/cache/clickheat/logs/',
-  'cachePath' => PIWIK_INCLUDE_PATH.'/tmp/cache/clickheat/cache/',
-  'referers' => false,
-  'groups' => false,
-  'filesize' => 0,
-  'adminLogin' => '',
-  'adminPass' => '',
-  'viewerLogin' => '',
-  'viewerPass' => '',
-  'memory' => 50,
-  'step' => 5,
-  'dot' => 19,
-  'flush' => 40,
-  'start' => 'm',
-  'palette' => false,
-  'heatmap' => true,
-  'hideIframes' => true,
-  'hideFlashes' => true,
-  'yesterday' => false,
-  'alpha' => 80,
-  'version' => '0.1.0',
-); ?>
+<?php
+
+/**
+ * ClickHeat - Clicks' heatmap
+ *
+ * @link http://www.dugwood.com/clickheat/index.html
+ * @license http://www.gnu.org/licenses/gpl-3.0.html Gpl v3 or later
+ * @version $Id$
+ *
+ * @package Piwik\Plugins\ClickHeat
+ */
+
+namespace Piwik\Plugins\ClickHeat;
+use Piwik\Config;
+
+class ClickHeat extends \Piwik\Plugin
+{
+	function install()
+	{
+		/** Create main cache paths */
+		$dir = PIWIK_INCLUDE_PATH.'/tmp/cache/clickheat/';
+		if (!is_dir($dir.'logs'))
+		{
+			mkdir($dir.'logs', 0777, true);
+		}
+		if (!is_dir($dir.'cache'))
+		{
+			mkdir($dir.'cache', 0777, true);
+		}
+		$htaccess = PIWIK_INCLUDE_PATH.'/plugins/ClickHeat/dot_htaccess';
+		if (file_exists($htaccess)) {
+			copy($htaccess, PIWIK_INCLUDE_PATH.'/plugins/ClickHeat/.htaccess');
+		}
+	}
+}

clickheat_config.php

@@ -0,0 +1,23 @@
+<?php $clickheatConf = array (
+  'logPath' => PIWIK_INCLUDE_PATH.'/tmp/cache/clickheat/logs/',
+  'cachePath' => PIWIK_INCLUDE_PATH.'/tmp/cache/clickheat/cache/',
+  'referers' => false,
+  'groups' => false,
+  'filesize' => 0,
+  'adminLogin' => '',
+  'adminPass' => '',
+  'viewerLogin' => '',
+  'viewerPass' => '',
+  'memory' => 50,
+  'step' => 5,
+  'dot' => 19,
+  'flush' => 40,
+  'start' => 'm',
+  'palette' => false,
+  'heatmap' => true,
+  'hideIframes' => true,
+  'hideFlashes' => true,
+  'yesterday' => false,
+  'alpha' => 80,
+  'version' => '0.1.6',
+); ?>

libs/click.php

@@ -14,8 +14,19 @@
 use Piwik\Common;
 use Piwik\IP;
 use Piwik\Network\IPUtils;
+use Piwik\Tracker\TrackerConfig;
 
 /* First of all, check if we are inside PhpMyVisites */
+
+function printDebug($message)
+{
+	echo $message;
+	if (defined('PIWIK_INCLUDE_PATH')) {
+	    Common::printDebug($message);
+	}	
+	return;
+}
+
 if (strpos(str_replace('\\', '/', getcwd()), 'plugins/ClickHeat/libs') !== false)
 {
 	define('PIWIK_DOCUMENT_ROOT', str_replace('/plugins/ClickHeat/libs', '', str_replace('\\', '/', getcwd())));
@@ -25,8 +36,34 @@ if (strpos(str_replace('\\', '/', getcwd()), 'plugins/ClickHeat/libs') !== false
 	define('CLICKHEAT_CONFIG', CLICKHEAT_ROOT .'/clickheat.php');
 	require_once PIWIK_INCLUDE_PATH . '/core/bootstrap.php';
 	@ignore_user_abort(true);
+	require_once PIWIK_INCLUDE_PATH . '/core/Plugin/Controller.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Exception/NotYetInstalledException.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Plugin/ControllerAdmin.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Singleton.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Plugin/Manager.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Plugin.php';
 	require_once PIWIK_INCLUDE_PATH . '/core/Common.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Piwik.php';
 	require_once PIWIK_INCLUDE_PATH . '/core/IP.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/UrlHelper.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Url.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/SettingsPiwik.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/SettingsServer.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Tracker.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Config.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Translate.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Tracker/Cache.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Tracker/Request.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Tracker/TrackerConfig.php';
+	require_once PIWIK_INCLUDE_PATH . '/core/Cookie.php';
+	$environment = new \Piwik\Application\Environment('tracker');
+	try {
+	    $environment->init();
+	} catch(\Piwik\Exception\NotYetInstalledException $e) {
+	    die($e->getMessage());
+	}
+	$debug = (bool) TrackerConfig::getConfigValue('debug');
+	$PIWIK_TRACKER_DEBUG = $debug; // to enable debug log
 }
 else
 {
@@ -41,7 +78,7 @@ include CLICKHEAT_CONFIG;
 /* Check parameters */
 if (!isset($clickheatConf) || !isset($_GET['x']) || !isset($_GET['y']) || !isset($_GET['w']) || !isset($_GET['g']) || !isset($_GET['s']) || !isset($_GET['b']) || !isset($_GET['c']))
 {
-	exit('Parameters or config error');
+	printDebug('ClickHeat: Parameters or config error');
 }
 
 /* Check referers */
@@ -49,12 +86,12 @@ if (is_array($clickheatConf['referers']))
 {
 	if (!isset($_SERVER['HTTP_REFERER']))
 	{
-		exit('No domain in referer');
+		printDebug('ClickHeat: No domain in referer');
 	}
 	$referer = parse_url($_SERVER['HTTP_REFERER']);
 	if (!in_array($referer['host'], $clickheatConf['referers']))
 	{
-		exit('Forbidden domain ('.$referer['host'].'), change or remove security settings in the config panel to allow this one');
+		printDebug('ClickHeat: Forbidden domain ('.$referer['host'].'), change or remove security settings in the /config panel to allow this one');
 	}
 }
 
@@ -84,20 +121,20 @@ $site = cleanStrings($_GET['s']);
 $group = cleanStrings($_GET['g']);
 if ($group === '')
 {
-	exit('No group specified (clickHeatGroup empty)');
+	printDebug('ClickHeat: No group specified (clickHeatGroup empty)');
 }
 /* Check group */
 if (is_array($clickheatConf['groups']))
 {
 	if (!in_array($group, $clickheatConf['groups']))
 	{
-		exit('Forbidden group ('.$group.'), change or remove security settings in the config panel to allow this one');
+		printDebug('ClickHeat: Forbidden group ('.$group.'), change or remove security settings in the config panel to allow this one');
 	}
 }
 $browser = preg_replace('/[^a-z]+/', '', strtolower($_GET['b']));
 if ($browser === '')
 {
-	exit('Browser empty');
+	printDebug('ClickHeat: Browser empty');
 }
 $final = ltrim($site.','.$group, ',');
 /* Limit file size */
@@ -105,25 +142,26 @@ if ($clickheatConf['filesize'] !== 0)
 {
 	if (file_exists($clickheatConf['logPath'].$final.'/'.date('Y-m-d').'.log') && filesize($clickheatConf['logPath'].$final.'/'.date('Y-m-d').'.log') > $clickheatConf['filesize'])
 	{
-		exit('Filesize reached limit');
+		printDebug('ClickHeat: Filesize reached limit');
 	}
 }
 /* Logging the click */
-if (!($f = @fopen($clickheatConf['logPath'].$final.'/'.date('Y-m-d').'.log', 'a')))
+$f = fopen($clickheatConf['logPath'].$final.'/'.date('Y-m-d').'.log', 'a');
+if (!is_resource($f))
 {
 	/* Can't open the log, let's try to create the directory */
 	if (!is_dir(dirname($clickheatConf['logPath'])))
 	{
 		if (!mkdir(dirname($clickheatConf['logPath'])))
 		{
-			exit('Cannot create log directory: '.$clickheatConf['logPath']);
+			printDebug('ClickHeat: Cannot create log directory: '.$clickheatConf['logPath']);
 		}
 	}
 	if (!is_dir($clickheatConf['logPath'].$final))
 	{
 		if (!mkdir($clickheatConf['logPath'].$final))
 		{
-			exit('Cannot create log directory: '.$clickheatConf['logPath'].$final);
+			printDebug('ClickHeat: Cannot create log directory: '.$clickheatConf['logPath'].$final);
 		}
 		if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] !== '')
 		{
@@ -139,7 +177,7 @@ if (is_resource($f))
 	$logMe = true;
 	if (isset($_COOKIE['clickheat-admin']))
 	{
-		echo 'OK, but click not logged as you selected it in the admin panel ("Log my clicks/Enregistrer mes clics")';
+		printDebug("ClickHeat: OK, but click not logged as you selected it in the admin panel (\"Log my clicks/Enregistrer mes clics\")");
 		$logMe = false;
 	}
 	elseif (IS_PIWIK_MODULE === true)
@@ -153,7 +191,7 @@ if (is_resource($f))
 				$ip = IPUtils::stringToBinaryIP(\Piwik\Network\IP::fromStringIP(IP::getIpFromHeader()));
 				if (isIpInRange($ip, $content['excluded_ips']) === true)
 				{
-					echo 'OK, but click not logged as you prevent this IP to be tracked in Piwik\'s configuration';
+					printDebug('OK, but click not logged as you prevent this IP to be tracked in Piwik\'s configuration');
 					$logMe = false;
 				}
 			}
@@ -161,12 +199,12 @@ if (is_resource($f))
 	}
 	if ($logMe === true)
 	{
-		echo 'OK';
+		printDebug('ClickHeat: OK');
 		fputs($f, ((int) $_GET['x']).'|'.((int) $_GET['y']).'|'.((int) $_GET['w']).'|'.$browser.'|'.((int) $_GET['c'])."\n");
 	}
 	fclose($f);
 }
 else
 {
-	echo 'KO, file not writable';
+	printDebug('ClickHeat: KO, file not writable');
 }

plugin.json

@@ -1,10 +1,10 @@
 {
     "name": "ClickHeat",
     "homepage": "http://piwikjapan.org",
-    "version": "0.1.5",
+    "version": "0.1.6",
     "description": "ClickHeat is a visual heatmap of clicks on a HTML page. This plugin based on Dugwood's ClickHeat version 1.14. Plugin not consider IIS. Sorry.",
     "theme": false,
-    "keywords": ["clickheat", "heatmap", "dugwood", "piwikjapan", "yamachan"],
+    "keywords": ["clickheat", "heatmap", "dugwood", "piwikjapan", "YAMAMOTO Takashi"],
     "require": {
         "piwik": ">=2.11.0"
     },
@@ -16,7 +16,7 @@
             "homepage": "http://www.dugwood.com/clickheat/index.html"
         },
         {
-            "name": "yamachan (PiwikJapan)",
+            "name": "YAMAMOTO Takashi (PiwikJapan)",
             "email": "yamachan@piwikjapan.org",
             "homepage": "http://www.piwikjapan.org/"
         }