Implemented ID obfuscation in telemetry.php and results/index.php
This commit is contained in:
parent
5f978198bc
commit
7b1d8995e1
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -1,2 +1 @@
|
||||||
ugly.bat
|
telemetry/idObfuscation_salt.php
|
||||||
wishlist.txt
|
|
||||||
|
|
|
@ -190,8 +190,8 @@ function startStop(){
|
||||||
if(status==4){
|
if(status==4){
|
||||||
//if testId is present, show sharing panel, otherwise do nothing
|
//if testId is present, show sharing panel, otherwise do nothing
|
||||||
try{
|
try{
|
||||||
var testId=Number(data.testId);
|
var testId=data.testId;
|
||||||
if(!isNaN(testId)){
|
if(testId!=null){
|
||||||
var shareURL=window.location.href.substring(0,window.location.href.lastIndexOf("/"))+"/results/?id="+testId;
|
var shareURL=window.location.href.substring(0,window.location.href.lastIndexOf("/"))+"/results/?id="+testId;
|
||||||
I("resultsImg").src=shareURL;
|
I("resultsImg").src=shareURL;
|
||||||
I("resultsURL").value=shareURL;
|
I("resultsURL").value=shareURL;
|
||||||
|
|
|
@ -52,6 +52,8 @@ $WATERMARK_TEXT="HTML5 Speedtest";
|
||||||
|
|
||||||
$id=$_GET["id"];
|
$id=$_GET["id"];
|
||||||
include_once('../telemetry/telemetry_settings.php');
|
include_once('../telemetry/telemetry_settings.php');
|
||||||
|
require '../telemetry/idObfuscation.php';
|
||||||
|
if($enable_id_obfuscation) $id=deobfuscateId($id);
|
||||||
$conn=null; $q=null;
|
$conn=null; $q=null;
|
||||||
$ispinfo=null; $dl=null; $ul=null; $ping=null; $jit=null;
|
$ispinfo=null; $dl=null; $ul=null; $ping=null; $jit=null;
|
||||||
if($db_type=="mysql"){
|
if($db_type=="mysql"){
|
||||||
|
|
|
@ -173,7 +173,7 @@ this.addEventListener("message", function(e) {
|
||||||
if (settings.telemetry_level > 0)
|
if (settings.telemetry_level > 0)
|
||||||
sendTelemetry(function(id) {
|
sendTelemetry(function(id) {
|
||||||
testStatus = 4;
|
testStatus = 4;
|
||||||
if (id != -1) testId = id;
|
if (id != null) testId = id;
|
||||||
});
|
});
|
||||||
else testStatus = 4;
|
else testStatus = 4;
|
||||||
return;
|
return;
|
||||||
|
@ -662,15 +662,14 @@ function sendTelemetry(done) {
|
||||||
var parts = xhr.responseText.split(" ");
|
var parts = xhr.responseText.split(" ");
|
||||||
if (parts[0] == "id") {
|
if (parts[0] == "id") {
|
||||||
try {
|
try {
|
||||||
var id = Number(parts[1]);
|
var id = parts[1];
|
||||||
if (!isNaN(id)) done(id);
|
done(id);
|
||||||
else done(-1);
|
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
done(-1);
|
done(null);
|
||||||
}
|
}
|
||||||
} else done(-1);
|
} else done(null);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
done(-1);
|
done(null);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
xhr.onerror = function() {
|
xhr.onerror = function() {
|
||||||
|
|
2
speedtest_worker.min.js
vendored
2
speedtest_worker.min.js
vendored
File diff suppressed because one or more lines are too long
34
telemetry/idObfuscation.php
Normal file
34
telemetry/idObfuscation.php
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
<?php
|
||||||
|
function getObfuscationSalt(){
|
||||||
|
if(file_exists("idObfuscation_salt.php")){
|
||||||
|
require "idObfuscation_salt.php";
|
||||||
|
}else{
|
||||||
|
$bytes=openssl_random_pseudo_bytes(4);
|
||||||
|
$sf=fopen("idObfuscation_salt.php","w");
|
||||||
|
fwrite($sf,chr(60)."?php\n");
|
||||||
|
fwrite($sf,'$OBFUSCATION_SALT=0x'.bin2hex($bytes).";\n");
|
||||||
|
fwrite($sf,"?".chr(62));
|
||||||
|
fclose($sf);
|
||||||
|
require "idObfuscation_salt.php";
|
||||||
|
}
|
||||||
|
return isset($OBFUSCATION_SALT)?$OBFUSCATION_SALT:0;
|
||||||
|
}
|
||||||
|
function obfdeobf($id){
|
||||||
|
$salt=getObfuscationSalt()&0xFFFFFFFF;
|
||||||
|
$id=$id&0xFFFFFFFF;
|
||||||
|
for($i=0;$i<16;$i++){
|
||||||
|
$id=$id^$salt;
|
||||||
|
$id=(($id>>1)&0xFFFFFFFF)|(($id&0x00000001)<<31);
|
||||||
|
$salt=(($salt<<1)&0xFFFFFFFF)|(($salt&0xA0000000)>>31);
|
||||||
|
}
|
||||||
|
return $id;
|
||||||
|
}
|
||||||
|
function obfuscateId($id){
|
||||||
|
return base_convert(obfdeobf($id),10,36);
|
||||||
|
}
|
||||||
|
function deobfuscateId($id){
|
||||||
|
return obfdeobf(base_convert($id,36,10));
|
||||||
|
}
|
||||||
|
|
||||||
|
//IMPORTANT: DO NOT ADD ANYTHING BELOW THE PHP CLOSING TAG, NOT EVEN EMPTY LINES!
|
||||||
|
?>
|
|
@ -1,5 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
include_once('telemetry_settings.php');
|
include_once('telemetry_settings.php');
|
||||||
|
require 'idObfuscation.php';
|
||||||
|
|
||||||
$ip=($_SERVER['REMOTE_ADDR']);
|
$ip=($_SERVER['REMOTE_ADDR']);
|
||||||
$ispinfo=($_POST["ispinfo"]);
|
$ispinfo=($_POST["ispinfo"]);
|
||||||
|
@ -18,7 +19,8 @@ if($db_type=="mysql"){
|
||||||
$stmt->bind_param("ssssssssss",$ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log) or die("3");
|
$stmt->bind_param("ssssssssss",$ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log) or die("3");
|
||||||
$stmt->execute() or die("4");
|
$stmt->execute() or die("4");
|
||||||
$stmt->close() or die("5");
|
$stmt->close() or die("5");
|
||||||
echo "id ".$conn->insert_id;
|
$id=$conn->insert_id;
|
||||||
|
echo "id ".($enable_id_obfuscation?obfuscateId($id):$id);
|
||||||
$conn->close() or die("6");
|
$conn->close() or die("6");
|
||||||
|
|
||||||
}elseif($db_type=="sqlite"){
|
}elseif($db_type=="sqlite"){
|
||||||
|
@ -41,7 +43,8 @@ if($db_type=="mysql"){
|
||||||
");
|
");
|
||||||
$stmt = $conn->prepare("INSERT INTO speedtest_users (ip,ispinfo,extra,ua,lang,dl,ul,ping,jitter,log) VALUES (?,?,?,?,?,?,?,?,?,?)") or die("2");
|
$stmt = $conn->prepare("INSERT INTO speedtest_users (ip,ispinfo,extra,ua,lang,dl,ul,ping,jitter,log) VALUES (?,?,?,?,?,?,?,?,?,?)") or die("2");
|
||||||
$stmt->execute(array($ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log)) or die("3");
|
$stmt->execute(array($ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log)) or die("3");
|
||||||
echo "id ".$conn->lastInsertId();
|
$id=$conn->lastInsertId();
|
||||||
|
echo "id ".($enable_id_obfuscation?obfuscateId($id):$id);
|
||||||
$conn = null;
|
$conn = null;
|
||||||
}elseif($db_type=="postgresql"){
|
}elseif($db_type=="postgresql"){
|
||||||
// Prepare connection parameters for db connection
|
// Prepare connection parameters for db connection
|
||||||
|
@ -53,7 +56,8 @@ if($db_type=="mysql"){
|
||||||
$conn = new PDO("pgsql:$conn_host;$conn_db;$conn_user;$conn_password") or die("1");
|
$conn = new PDO("pgsql:$conn_host;$conn_db;$conn_user;$conn_password") or die("1");
|
||||||
$stmt = $conn->prepare("INSERT INTO speedtest_users (ip,ispinfo,extra,ua,lang,dl,ul,ping,jitter,log) VALUES (?,?,?,?,?,?,?,?,?,?)") or die("2");
|
$stmt = $conn->prepare("INSERT INTO speedtest_users (ip,ispinfo,extra,ua,lang,dl,ul,ping,jitter,log) VALUES (?,?,?,?,?,?,?,?,?,?)") or die("2");
|
||||||
$stmt->execute(array($ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log)) or die("3");
|
$stmt->execute(array($ip,$ispinfo,$extra,$ua,$lang,$dl,$ul,$ping,$jitter,$log)) or die("3");
|
||||||
echo "id ".$conn->lastInsertId();
|
$id=$conn->lastInsertId();
|
||||||
|
echo "id ".($enable_id_obfuscation?obfuscateId($id):$id);
|
||||||
$conn = null;
|
$conn = null;
|
||||||
}
|
}
|
||||||
else die("-1");
|
else die("-1");
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
$db_type="mysql"; //Type of db: "mysql", "sqlite" or "postgresql"
|
$db_type="mysql"; //Type of db: "mysql", "sqlite" or "postgresql"
|
||||||
$stats_password="PASSWORD"; //password to login to stats.php. Change this!!!
|
$stats_password="PASSWORD"; //password to login to stats.php. Change this!!!
|
||||||
|
$enable_id_obfuscation=true; //if set to true, test IDs will be obfuscated to prevent users from guessing URLs of other tests
|
||||||
|
|
||||||
// Sqlite3 settings
|
// Sqlite3 settings
|
||||||
$Sqlite_db_file = "../../telemetry.sql";
|
$Sqlite_db_file = "../../telemetry.sql";
|
||||||
|
|
Loading…
Reference in a new issue