Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#268 closed Defect (fixed)

Prevent Scraping of userw.php

Reported by: bryanRS Owned by: Rytis
Priority: Minor Milestone: Undetermined
Component: Web - Project Version:
Keywords: patch Cc:

Description

Update userw.php and includes to cache the userw.php file (WAP stats), to prevent "scraping" (remote data pull) to stats/team sites. Recommend this patch to prevent excessive database queries running these signature graphics, as sometimes there are 5-10 requests per second for the same userid.

New userw.php:

<?php
    require_once("../inc/cache.inc"); 
    require_once("../inc/util.inc");
    require_once("../inc/userw.inc");
    require_once("../inc/db.inc");
    require_once("../inc/wap.inc");

$userid = get_int('id');
 

$cacheddata=get_cached_data(WAP_STAT_TTL,$userid);
    if ($cacheddata){ //If we have got the data in cache
        $wapstr = $cacheddata; // use the cached data
    }
else { //if not do queries etc to generate new data
    db_init();
    $user = lookup_user_id($userid);
    if (!$user) {
        sleep(5);
        error_page("No such user");
    }
        $wapstr = show_user_wap($user);
        set_cache_data($wapstr,$userid); //save data in cache
}

wap_begin();
echo $wapstr;
wap_end(); 

?>

New userw.inc

<?php

function show_credit($user) {
    $retstr = "<br/>User TotCred: " . format_credit($user->total_credit) . "<br/>";
    $retstr .= "User AvgCred: " . format_credit($user->expavg_credit) . "<br/>";
    /*
    if ($user->seti_nresults) {
        row2("SETI@home classic workunits", number_format($user->seti_nresults));
    }
    if ($user->seti_total_cpu) {
        $x = number_format($user->seti_total_cpu/3600)." hours";
        row2("SETI@home classic CPU time", $x);
    }
    */
    return $retstr;
}

function show_user_wap($user)
{

//   wap_begin();
 
   if (!$user) {
      echo "<br/>User not found!<br/>";
  //    wap_end();
      return;
   }

    // keep a 'running tab' in wapstr in case exceeds 1K WAP limit

    $wapstr = PROJECT . "<br/>Account Data<br/>for $user->name<br/>Time: " . wap_timestamp();
 
    $wapstr .= show_credit($user);

    if ($user->teamid) {
        $result = mysql_query("select name, total_credit, expavg_credit from team where id = $user->teamid");
        $team = mysql_fetch_object($result);

        $wapstr .= "<br/>Team: $team->name<br/>";
        $wapstr .= "Team TotCred: " . format_credit($team->total_credit) . "<br/>";
        $wapstr .= "Team AvgCred: " . format_credit($team->expavg_credit) . "<br/>";

        mysql_free_result($result);

    } else {
        $wapstr .= "<br/>Team: None<br/>";
    }

   // finally get last 5 trickles for user
   //$wapstr .= show_trickles("u", $user->id, 5, 1);

   // don't want to send more than 1KB probably?
   if (strlen($wapstr)>1024)
       return substr($wapstr,0,1024);
   else
       return $wapstr;

//   wap_end();
}

?>

Add the following line to project/cache_parameters.inc

define('WAP_STAT_TTL',1800);

Something we had to do after a number of teams started creating stats sigs & other pages w/the data. Cuts down the database queries to 2x/hour rather than 3/request. Thought I'd share.

Change History (2)

comment:1 Changed 17 years ago by Rytis

Resolution: fixed
Status: newclosed

(In [13111]) Fix #268: use fullpage cache for WAP stats, cache interval USER_PAGE_TTL (default 60 minutes)

comment:2 Changed 17 years ago by Nicolas

Keywords: patch added
Note: See TracTickets for help on using tickets.