Refactor results/ PHP code (librespeed#369)

* put code to insert and query data from database into separate file * simplify obfuscation salt file handling * use new DB interaction functions in telemetry.php * use new DB interaction functions in stats.php and fix indentation levels * format telemetry settings file * use new function for interacting with DB in index.php * move drawing of the image into function and try to comment each section with what it does * reorder lines for parts of the image to align with the order they appear on the image * bugfix: display obfuscated and deobfuscated id in stats if id obfuscation is enabled * improve error handling * add missing PHPDocs to functions * imageftbbox returns an array on success and false on failure so to check if the font is usable, check if we got an array * fix dsn for postgres * fix limit sql statement for postgresql * remove obsolete require statement * use require instead of require_once since the settings file might need to be loaded multiple times because it just contains plain variables which will just get loaded into the current scope * move require statements to the top of the file * make sure files are readable before requiring them * add constant to refer to the telemetry settings file and check if it is readable before loading it * return null if no speedtest result was found for the given id and show according message to the user instead of just exiting * use existing constant instead of string for telemetry settings file name * uniformly use single quotes instead of double quotes as most code places already used single quotes * somehow some tabs sneaked in, replace them to uniformly use spaces * mysql now uses pdo, too, reflect that in the requirements documentation * pass username and password as constructor parameters instead of via DSN
PeterDaveHelloKitchen · Oct 20, 2020 · fb7575b · fb7575b
1 parent c6a36e6
commit fb7575b
Show file tree

Hide file tree

Showing 8 changed files with 712 additions and 448 deletions.
diff --git a/backend/getIP.php b/backend/getIP.php
@@ -80,7 +80,10 @@ function getLocalOrPrivateIpInfo($ip)
  */
 function getIpInfoTokenString()
 {
-    if (!file_exists(API_KEY_FILE)) {
+    if (
+        !file_exists(API_KEY_FILE)
+        || !is_readable(API_KEY_FILE)
+    ) {
         return '';
     }
 
@@ -139,7 +142,10 @@ function getIsp($rawIspInfo)
 function getServerLocation()
 {
     $serverLoc = null;
-    if (file_exists(SERVER_LOCATION_CACHE_FILE)) {
+    if (
+        file_exists(SERVER_LOCATION_CACHE_FILE)
+        && is_readable(SERVER_LOCATION_CACHE_FILE)
+    ) {
         require SERVER_LOCATION_CACHE_FILE;
     }
     if (is_string($serverLoc) && !empty($serverLoc)) {

diff --git a/doc.md b/doc.md
@@ -44,7 +44,7 @@ Server side, you'll need:
 * PHP 5.4 or newer, a 64-bit version is strongly recommended
 * OpenSSL and its PHP module (this is usually installed automatically by most distros)
 * If you want to store test results (telemetry), one of the following:
-    - MySQL/MariaDB and the mysqli PHP module
+    - MySQL/MariaDB and its PHP PDO module
     - PostgreSQL and its PHP PDO module
     - SQLite 3 and its PHP PDO module
 * If you want to enable results sharing:
@@ -137,7 +137,7 @@ Requirements:
 * Apache 2 (nginx and IIS also supported). A fast connection is not mandatory, but is still recommended
 * PHP 5.4 or newer
 * If you want to store test results (telemetry), one of the following:
-    - MySQL/MariaDB and the mysqli PHP module
+    - MySQL/MariaDB and its PHP PDO module
     - PostgreSQL and its PHP PDO module
     - SQLite 3 and its PHP PDO module
 * If you want to enable results sharing:

diff --git a/results/idObfuscation.php b/results/idObfuscation.php
@@ -1,43 +1,72 @@
 <?php
-function getObfuscationSalt(){
-	$saltFile=dirname(__FILE__)."/idObfuscation_salt.php";
-	if(file_exists($saltFile)){
-		require $saltFile;
-	}else{
-		$bytes=openssl_random_pseudo_bytes(4);
-		$sf=fopen($saltFile,"w");
-		fwrite($sf,chr(60)."?php\n");
-		fwrite($sf,'$OBFUSCATION_SALT=0x'.bin2hex($bytes).";\n");
-		fwrite($sf,"?".chr(62));
-		fclose($sf);
-		require $saltFile;
-	}
-	return isset($OBFUSCATION_SALT)?$OBFUSCATION_SALT:0;
-}
-/*
-This is a simple reversible hash function I made for encoding and decoding test IDs.
-It is not cryptographically secure, don't use it to hash passwords or something!
-*/
-function obfdeobf($id,$dec){
-	$salt=getObfuscationSalt()&0xFFFFFFFF;
-	$id=$id&0xFFFFFFFF;
-	if($dec){
-		$id=$id^$salt;
-		$id=(($id&0xAAAAAAAA)>>1)|($id&0x55555555)<<1;
-		$id=(($id&0x0000FFFF)<<16)|(($id&0xFFFF0000)>>16);
-		return $id;
-	}else{
-		$id=(($id&0x0000FFFF)<<16)|(($id&0xFFFF0000)>>16);
-		$id=(($id&0xAAAAAAAA)>>1)|($id&0x55555555)<<1;
-		return $id^$salt;
-	}
+
+define('ID_OBFUSCATION_SALT_FILE', __DIR__.'/idObfuscation_salt.php');
+
+/**
+ * @return string|int
+ */
+function getObfuscationSalt()
+{
+    if (!file_exists(ID_OBFUSCATION_SALT_FILE)) {
+        $bytes = openssl_random_pseudo_bytes(4);
+
+        $saltData = "<?php\n\n\$OBFUSCATION_SALT = 0x".bin2hex($bytes).";\n";
+        file_put_contents(ID_OBFUSCATION_SALT_FILE, $saltData);
+    }
+
+    if (
+        file_exists(ID_OBFUSCATION_SALT_FILE)
+        && is_readable(ID_OBFUSCATION_SALT_FILE)
+    ) {
+        require ID_OBFUSCATION_SALT_FILE;
+    }
+
+    return isset($OBFUSCATION_SALT) ? $OBFUSCATION_SALT : 0;
 }
-function obfuscateId($id){
-	return str_pad(base_convert(obfdeobf($id+1,false),10,36),7,0,STR_PAD_LEFT);
+
+/**
+ * This is a simple reversible hash function I made for encoding and decoding test IDs.
+ * It is not cryptographically secure, don't use it to hash passwords or something!
+ *
+ * @param int|string $id
+ * @param bool $dec
+ *
+ * @return int|string
+ */
+function obfdeobf($id, $dec)
+{
+    $salt = getObfuscationSalt() & 0xFFFFFFFF;
+    $id &= 0xFFFFFFFF;
+    if ($dec) {
+        $id ^= $salt;
+        $id = (($id & 0xAAAAAAAA) >> 1) | ($id & 0x55555555) << 1;
+        $id = (($id & 0x0000FFFF) << 16) | (($id & 0xFFFF0000) >> 16);
+
+        return $id;
+    }
+
+    $id = (($id & 0x0000FFFF) << 16) | (($id & 0xFFFF0000) >> 16);
+    $id = (($id & 0xAAAAAAAA) >> 1) | ($id & 0x55555555) << 1;
+
+    return $id ^ $salt;
 }
-function deobfuscateId($id){
-	return obfdeobf(base_convert($id,36,10),true)-1;
+
+/**
+ * @param int $id
+ *
+ * @return string
+ */
+function obfuscateId($id)
+{
+    return str_pad(base_convert(obfdeobf($id + 1, false), 10, 36), 7, 0, STR_PAD_LEFT);
 }
 
-//IMPORTANT: DO NOT ADD ANYTHING BELOW THE PHP CLOSING TAG, NOT EVEN EMPTY LINES!
-?>
+/**
+ * @param string $id
+ *
+ * @return int
+ */
+function deobfuscateId($id)
+{
+    return obfdeobf(base_convert($id, 36, 10), true) - 1;
+}