diff --git a/api/v1/result/browser.quick.test.php b/api/v1/result/browser.quick.test.php index bfd3aa6..ffb0158 100644 --- a/api/v1/result/browser.quick.test.php +++ b/api/v1/result/browser.quick.test.php @@ -12,18 +12,18 @@ declare(strict_types=1); */ function browser_quick_test_handle_request(): array { - // Session sicherstellen + // Session sicherstellen (sollte über fileload.php schon aktiv sein, + // aber doppelt ist hier unkritisch) if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } // --------------------------------------------------------------------- - // 0. client_id sicherstellen (persistent browser identifier) + // 0. client_id aus zentraler fileload.php // --------------------------------------------------------------------- - if (empty($_SESSION['client_id'])) { - $_SESSION['client_id'] = bin2hex(random_bytes(32)); // 64 chars - } - $clientId = $_SESSION['client_id']; + // fileload.php setzt: + // $GLOBALS['usb_client_id'] UND das Cookie 'usbcheck_client' + $clientId = $GLOBALS['usb_client_id'] ?? ($_COOKIE['usbcheck_client'] ?? null); // --------------------------------------------------------------------- // 1. JSON einlesen @@ -39,21 +39,21 @@ function browser_quick_test_handle_request(): array } // --------------------------------------------------------------------- - // 2. User / Session ermitteln (robust) + // 2. User / Session ermitteln (robust, mehrere Varianten) // --------------------------------------------------------------------- $userId = null; $isLoggedIn = 0; - // A) user_id direkt in Session + // A) Klassisch: user_id direkt in der Session if (!empty($_SESSION['user_id'])) { $userId = (int)$_SESSION['user_id']; } - // B) dein Login: $_SESSION['user']['id'] - elseif (!empty($_SESSION['user']['id'])) { + // B) Dein aktuelles Login verwendet $_SESSION['user']['id'] + elseif (!empty($_SESSION['user']) && is_array($_SESSION['user']) && !empty($_SESSION['user']['id'])) { $userId = (int)$_SESSION['user']['id']; } - // C) optional auth-Block - elseif (!empty($_SESSION['auth']['user_id'])) { + // C) Optionaler auth-Block (z.B. $_SESSION['auth']['user_id']) + elseif (!empty($_SESSION['auth']) && is_array($_SESSION['auth']) && !empty($_SESSION['auth']['user_id'])) { $userId = (int)$_SESSION['auth']['user_id']; } @@ -67,44 +67,48 @@ function browser_quick_test_handle_request(): array $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? null; // --------------------------------------------------------------------- - // 3. Grobe Auswertung aus dem Report + // 3. Grobe Auswertung aus dem Report (optional) // --------------------------------------------------------------------- $modeRequested = $data['mode_requested'] ?? 'unknown'; $meta = $data['meta'] ?? []; + // Browser/OS – vorerst leer, später per Parser füllen $browserName = null; $browserVersion = null; $osName = null; $osVersion = null; - // Byte-Summe aus allen Tests + // Gesamtmenge geschriebener/verifizierter Bytes aggregieren $measuredBytes = 0; - if (!empty($data['quick']['size_bytes'])) { - $measuredBytes += (int)$data['quick']['size_bytes']; + if (!empty($data['quick']) && is_array($data['quick'])) { + $measuredBytes += (int)($data['quick']['size_bytes'] ?? 0); } - if (!empty($data['benchmark']['size_bytes'])) { - $measuredBytes += (int)$data['benchmark']['size_bytes']; + if (!empty($data['benchmark']) && is_array($data['benchmark'])) { + $measuredBytes += (int)($data['benchmark']['size_bytes'] ?? 0); } - if (!empty($data['writeverify']['total_bytes'])) { - $measuredBytes += (int)$data['writeverify']['total_bytes']; + if (!empty($data['writeverify']) && is_array($data['writeverify'])) { + $measuredBytes += (int)($data['writeverify']['total_bytes'] ?? 0); } + // Kapazitätsstatus vorerst neutral $capacityStatus = 'unknown'; - // noch nicht im Browser ermittelt + // Volume-/Stick-Daten aktuell noch nicht separat ermittelt $volumeLabel = null; $manufacturer = null; $modelName = null; $usbType = null; $filesystem = null; + + // advertised_capacity_bytes kennen wir im Browser noch nicht: $advCapacityBytes = null; - // kompletter Report + // test_report_json = kompletter Report (roher JSON-String) $testReportJson = $raw ?: json_encode($data, JSON_UNESCAPED_UNICODE); // --------------------------------------------------------------------- - // 4. Insert + // 4. Insert in web_quicktests // --------------------------------------------------------------------- /** @var PDO $pdo */ global $pdo; @@ -176,27 +180,25 @@ function browser_quick_test_handle_request(): array 'test_report_json' => $testReportJson, 'ip_address' => $ipAddress, 'session_id' => $sessionId, - 'client_id' => $clientId + 'client_id' => $clientId, ]); $id = (int)$pdo->lastInsertId(); - // DEBUG-Ausgabe nur für STAGING + // DEBUG-Ausgabe – später für PROD aufräumen return [ - 'ok' => true, - 'id' => $id, - 'mode' => $modeRequested, - 'measured_bytes' => $measuredBytes ?: null, + 'ok' => true, + 'id' => $id, + 'mode' => $modeRequested, + 'measured_bytes' => $measuredBytes ?: null, - // Debug-Info - 'debug_user_id' => $userId, - 'debug_is_logged_in' => $isLoggedIn, - 'debug_session_id' => $sessionId, - 'debug_client_id' => $clientId, + 'debug_user_id' => $userId, + 'debug_is_logged_in' => $isLoggedIn, + 'debug_session_id' => $sessionId, + 'debug_client_id' => $clientId, 'debug_session_has_user' => isset($_SESSION['user']), - 'debug_user' => $_SESSION['user'] ?? null + 'debug_session_user' => $_SESSION['user'] ?? null, ]; - } catch (Throwable $e) { error_log('[usbcheck] web_quicktests insert failed: ' . $e->getMessage()); diff --git a/config/fileload.php b/config/fileload.php index 4fc480c..b4fb68d 100644 --- a/config/fileload.php +++ b/config/fileload.php @@ -36,13 +36,18 @@ if (php_sapi_name() !== 'cli') { if (php_sapi_name() !== 'cli') { $clientId = $_COOKIE['usbcheck_client'] ?? null; - if (!is_string($clientId) || $clientId === '' || !preg_match('/^[a-f0-9]{32}$/', $clientId)) { + // jetzt 64 Hex-Zeichen (32 Bytes → 64 Hex) + if ( + !is_string($clientId) + || $clientId === '' + || !preg_match('/^[a-f0-9]{64}$/', $clientId) + ) { // neue ID erzeugen try { - $clientId = bin2hex(random_bytes(16)); + $clientId = bin2hex(random_bytes(32)); // 32 Bytes → 64 Hex } catch (Throwable $e) { // Fallback – sollte praktisch nie passieren - $clientId = bin2hex(openssl_random_pseudo_bytes(16)); + $clientId = bin2hex(openssl_random_pseudo_bytes(32)); } $host = $_SERVER['HTTP_HOST'] ?? ''; @@ -55,7 +60,7 @@ if (php_sapi_name() !== 'cli') { } $cookieOpts = [ - 'expires' => time() + 365 * 24 * 60 * 60, + 'expires' => time() + 365 * 24 * 60 * 60, // ~1 Jahr 'path' => '/', 'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'), 'httponly' => false, // darf JS lesen, falls du es mal brauchst @@ -74,7 +79,7 @@ if (php_sapi_name() !== 'cli') { $GLOBALS['usb_client_id'] = $clientId; } -require_once __DIR__ . '/i18n.php'; // <— NEU: zentrale Sprachlogik +require_once __DIR__ . '/i18n.php'; // <— zentrale Sprachlogik // ab hier kannst du überall $GLOBALS['lang'] und $GLOBALS['availableLangs'] nutzen // und für JS: @@ -82,8 +87,9 @@ $usbConfig = [ // ... dein sonstiges Zeug ... 'i18n' => app_i18n_get_frontend_config(), ]; + // ----------------------------------------------------------- -// 7) Rest des Systems laden +// Rest des Systems laden // ----------------------------------------------------------- require_once __DIR__ . "/db.php"; -require_once __DIR__ . '/../src/functions.php'; +require_once __DIR__ . '/../src/functions.php";