Implemented ID obfuscation in telemetry.php and results/index.php
This commit is contained in:
adolfintel
parent
5f978198bc
commit
7b1d8995e1
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -1,2 +1 @@
|
|||
ugly.bat
|
||||
wishlist.txt
|
||||
telemetry/idObfuscation_salt.php
|
||||
|
|
|
|||
|
|
@ -190,8 +190,8 @@ function startStop(){
|
|||
if(status==4){
|
||||
//if testId is present, show sharing panel, otherwise do nothing
|
||||
try{
|
||||
var testId=Number(data.testId);
|
||||
if(!isNaN(testId)){
|
||||
var testId=data.testId;
|
||||
if(testId!=null){
|
||||
var shareURL=window.location.href.substring(0,window.location.href.lastIndexOf("/"))+"/results/?id="+testId;
|
||||
I("resultsImg").src=shareURL;
|
||||
I("resultsURL").value=shareURL;
|
||||
|
|
|
|||
|
|
@ -52,6 +52,8 @@ $WATERMARK_TEXT="HTML5 Speedtest";
|
|||
|
||||
$id=$_GET["id"];
|
||||
include_once('../telemetry/telemetry_settings.php');
|
||||
require '../telemetry/idObfuscation.php';
|
||||
if($enable_id_obfuscation) $id=deobfuscateId($id);
|
||||
$conn=null; $q=null;
|
||||
$ispinfo=null; $dl=null; $ul=null; $ping=null; $jit=null;
|
||||
if($db_type=="mysql"){
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ this.addEventListener("message", function(e) {
|
|||
if (settings.telemetry_level > 0)
|
||||
sendTelemetry(function(id) {
|
||||
testStatus = 4;
|
||||
if (id != -1) testId = id;
|
||||
if (id != null) testId = id;
|
||||
});
|
||||
else testStatus = 4;
|
||||
return;
|
||||
|
|
@ -662,15 +662,14 @@ function sendTelemetry(done) {
|
|||
var parts = xhr.responseText.split(" ");
|
||||
if (parts[0] == "id") {
|
||||
try {
|
||||
var id = Number(parts[1]);
|
||||
if (!isNaN(id)) done(id);
|
||||
else done(-1);
|
||||
var id = parts[1];
|
||||
done(id);
|
||||
} catch (e) {
|
||||
done(-1);
|
||||
done(null);
|
||||
}
|
||||
} else done(-1);
|
||||
} else done(null);
|
||||
} catch (e) {
|
||||
done(-1);
|
||||
done(null);
|
||||
}
|
||||
};
|
||||
xhr.onerror = function() {
|
||||
|
|
|
|||
2
speedtest_worker.min.js
vendored
2
speedtest_worker.min.js
vendored
File diff suppressed because one or more lines are too long
34
telemetry/idObfuscation.php
Normal file
34
telemetry/idObfuscation.php
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
<?php
|
||||
function getObfuscationSalt(){
|
||||
if(file_exists("idObfuscation_salt.php")){
|
||||
require "idObfuscation_salt.php";
|
||||
}else{
|
||||
$bytes=openssl_random_pseudo_bytes(4);
|
||||
$sf=fopen("idObfuscation_salt.php","w");
|
||||
fwrite($sf,chr(60)."?php\n");
|
||||
fwrite($sf,'$OBFUSCATION_SALT=0x'.bin2hex($bytes).";\n");
|
||||
fwrite($sf,"?".chr(62));
|
||||
fclose($sf);
|
||||
require "idObfuscation_salt.php";
|
||||
}
|
||||
return isset($OBFUSCATION_SALT)?$OBFUSCATION_SALT:0;
|
||||
}
|
||||
function obfdeobf($id){
|
||||
$salt=getObfuscationSalt()&0xFFFFFFFF;
|
||||
$id=$id&0xFFFFFFFF;
|
||||
for($i=0;$i<16;$i++){
|
||||
$id=$id^$salt;
|
||||
$id=(($id>>1)&0xFFFFFFFF)|(($id&0x00000001)<<31);
|
||||
$salt=(($salt<<1)&0xFFFFFFFF)|(($salt&0xA0000000)>>31);
|
||||
}
|
||||
return $id;
|
||||
}
|
||||
function obfuscateId($id){
|
||||
return base_convert(obfdeobf($id),10,36);
|
||||
}
|
||||
function deobfuscateId($id){
|
||||
return obfdeobf(base_convert($id,36,10));
|
||||
}
|
||||
|
||||
//IMPORTANT: DO NOT ADD ANYTHING BELOW THE PHP CLOSING TAG, NOT EVEN EMPTY LINES!
|
||||
?>
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
<?php
|
||||
include_once('telemetry_settings.php');
|
||||
require 'idObfuscation.php';
|
||||
|
||||
$ip=($_SERVER['REMOTE_ADDR']);
|
||||
$ispinfo=($_POST["ispinfo"]);
|
||||
|
|
@ -18,7 +19,8 @@ if($db_type=="mysql"){
|
|||
$stmt->bind_param("ssssssssss",$ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log) or die("3");
|
||||
$stmt->execute() or die("4");
|
||||
$stmt->close() or die("5");
|
||||
echo "id ".$conn->insert_id;
|
||||
$id=$conn->insert_id;
|
||||
echo "id ".($enable_id_obfuscation?obfuscateId($id):$id);
|
||||
$conn->close() or die("6");
|
||||
|
||||
}elseif($db_type=="sqlite"){
|
||||
|
|
@ -41,7 +43,8 @@ if($db_type=="mysql"){
|
|||
");
|
||||
$stmt = $conn->prepare("INSERT INTO speedtest_users (ip,ispinfo,extra,ua,lang,dl,ul,ping,jitter,log) VALUES (?,?,?,?,?,?,?,?,?,?)") or die("2");
|
||||
$stmt->execute(array($ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log)) or die("3");
|
||||
echo "id ".$conn->lastInsertId();
|
||||
$id=$conn->lastInsertId();
|
||||
echo "id ".($enable_id_obfuscation?obfuscateId($id):$id);
|
||||
$conn = null;
|
||||
}elseif($db_type=="postgresql"){
|
||||
// Prepare connection parameters for db connection
|
||||
|
|
@ -53,7 +56,8 @@ if($db_type=="mysql"){
|
|||
$conn = new PDO("pgsql:$conn_host;$conn_db;$conn_user;$conn_password") or die("1");
|
||||
$stmt = $conn->prepare("INSERT INTO speedtest_users (ip,ispinfo,extra,ua,lang,dl,ul,ping,jitter,log) VALUES (?,?,?,?,?,?,?,?,?,?)") or die("2");
|
||||
$stmt->execute(array($ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log)) or die("3");
|
||||
echo "id ".$conn->lastInsertId();
|
||||
$id=$conn->lastInsertId();
|
||||
echo "id ".($enable_id_obfuscation?obfuscateId($id):$id);
|
||||
$conn = null;
|
||||
}
|
||||
else die("-1");
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
$db_type="mysql"; //Type of db: "mysql", "sqlite" or "postgresql"
|
||||
$stats_password="PASSWORD"; //password to login to stats.php. Change this!!!
|
||||
$enable_id_obfuscation=true; //if set to true, test IDs will be obfuscated to prevent users from guessing URLs of other tests
|
||||
|
||||
// Sqlite3 settings
|
||||
$Sqlite_db_file = "../../telemetry.sql";
|
||||
|
|
|
|||
Loading…
Reference in a new issue