[quote=matt]
using cip parameter to force the IP you also need to use token_auth to do the request authentication[/quote]
Hi Matt, thank you for the hint. It works now.
In the PiwikTracker.php i found, that setting using the setIP function is a security constraint.
public function setIp($ip)
{
$this->ip = $ip;
}
/**
* Forces the requests to be recorded for the specified Visitor ID
* rather than using the heuristics based on IP and other attributes.
*
* This is typically used with the Javascript getVisitorId() function.
*
* Allowed only for Super User, must be used along with setTokenAuth().
* Set tracking_requests_require_authentication = 0 in config.ini.php [Tracker] section
* to change this security constraint.
* @see setTokenAuth()
* @param string $visitorId 16 hexadecimal characters visitor ID, eg. "33c31e01394bdc63"
*/
Could you give me hint, why this is a security constraint?? Or a link?
Additionally i’am not happy, while configuring a token with admin rights inside my php script. Is there any other way? It is possible to set the AuthToken for a user without admin rights ?
[quote=matt]
we removed this notice, and recommend to use token_auth and keep it secret[/quote]
Hi Matt, thanks again.
But i would like to ask once more.
Is it really necessary to have admin rights to use token_auth? Maybe it is also possible to have a special right for this??
Maybe you could create a role for this usecase? For example a role “token_auth_right”, or a special entry inside the config.ini.php, which user is allowed to do the token_auth for setting the client ip ? I’am not really happy to see, there is a user with admin rights, for only setting the client ip.