Hi, I came across this blog entry today: http://davidwalsh.name/php-google-analytics You can basically link your PHP code with Google Analytics and then extract the number of views for that particular page. But why I hesitate is that anyone could steal the password by gaining access to the PHP source code. What ways are there to hide it or camouflage it?
And... HOW exactly would they gain access to the PHP source code? I'm thinking that if they do that, the main problem won't be them getting hold of your Google Analytics password (haven't been mucking around with it for a while, but as I remember, you could create secondary users with access to what you want them to see), but them getting hold of all of your webpage code - that is access to databases, your complete php-code, etc. Services running on the server accessing external services will (usually) need a password if you want to retrieve content from your own account. A possible solution would be to put these settings somewhere else than the webroot, and include that file via a path-include. That way, at least it won't be visible if someone gains access to your webserver.
I was just thinking... prolly it would be no gain for anyone to access Analytics, but it's better to block the possibility. How could they access the .php file's source? By simple right-click. And they will be able to see this: //session_start for caching, if desired session_start(); //get the class require 'ga/analytics.class.php'; //sign in and grab profile $analytics = new analytics('david@davidwalsh.name', 'myP@ssw0rd'); $analytics->setProfileByName('davidwalsh.name'); //set the date range for which I want stats for (could also be $analytics->setDateRange('YYYY-MM-DD', 'YYYY-MM-DD')) $analytics->setMonth(date('n'), date('Y')); //get array of visitors by day print_r($analytics->getVisitors()); //get array of pageviews by day print_r($analytics->getPageviews()); PHP: Let's say you put the hit counter as "include"... they will still be able to find the .php page's name and could simply deduct its path, open it and see the source, which contains the 'myP@ssw0rd' in it... At least, it looks so simple to me for anyone to grab that password.
Are you daft? .php-files are processed on the server, and does NOT output the contents to the webpage/source. If you have a thousand variables in a .php-file, and load that in the browser, you'll see nothing when you right-click - unless the variables are echo'ed. Example: http://www.bergenpchjelp.no/persdb/config.php load it, right click, and see if you can see the source, or the password for the database...
Depends on how you put the code in. A simply plain .php page with basically .htm content will show all the source code.
Yes, the HTML source code. But not the PHP code. As for the original question: The blog post is 4 years old, and Google now has an official API you can use: https://developers.google.com/analytics/devguides/reporting/core/v3/#user_reports