Rapid analysis of Onethink programs through Socketlog

Rapid analysis of Onethink programs through Socketlog

Http://www.thinkphp.cn/topic/10846.html

Views: 2332 Release Date: 2014/02/08 Category: Technology sharing the running API has a bug and cannot be var_dump for debugging because it affects the client's call. It is best to use socketlog at this time, socketlog print the debug log to the browser console via WebSocket. You can also use it to analyze open source programs, analyze SQL performance, and combine taint parser vulnerabilities.

I'll show you how to analyze the Onethink program with Socketlog, Socketlog project address: Https://github.com/luofei614/SocketLog

#说明
* Socketlog Convenient Api,ajax debugging, can output the log via WebSocket to Chrome browser console
* It can replace chromephp, firephp and other tools, chromephp, etc. is through the header communication, suitable for Ajax debugging, but not suitable for API debugging, and they are through the header communication, Chrome browser on the delivery header size is limited, If the log is too much, chrome cannot support it.
* Directory structure:
* Chrome Directory is the source code of Chrome Plugin
* CHROME.CRX file is the Chrome plugin installation package, the plugin has not been listed to the Chrome App Store, you need to manually install, the browser address bar input and open: chrome://extensions/, You can then drag the CHROME.CRX into the installation.
* PHP directory is a php related script. SocketLog.server.php is a websocket server, SocketLog.class.php is the class library that sends the log, we need to load the class library and call the function slog when we send the log.
* Effect Show: When we browse the website, we know what the program does in the browser console, which is very useful for developing products two times. The following prints out in the console which SQL statements were executed and the call stack that executed the SQL statement when browsing the Discuz program. Error messages such as Warning,notice of the program can also be hit into the console.



#使用方法
* First, please install the plugin on Chrome browser.
* Then, enable the WebSocket service, run ' PHP php/socketlog.server.php ' on the command line, will start a websocket service locally, the listening port is 1229. If you want to run the service background: ' Nohup php php/socketlog.server.php >/dev/null & '
* Send logs in your own program:

1. <? PHP
2. Include './php/socketlog.class.php ';
3. Slog(' Hello World ');
4. ?>

Copy code * Send logs with the Slog function to support multiple log types:

2. Slog(' msg ',' log '); //General log
4. Slog(' msg ',' error '); //error log
6. Slog(' msg ',' info '); //Information log
8. Slog(' msg ',' warn '); //warning log
10. Slog(' msg ',' trace '); The input log also makes the call stack
12. Slog(' msg ',' alert '); Pop the log in alert mode
14. Slog(' msg ',' log ', 'color:red;font-size:20px; ') ); //Customize the style of the log, the third parameter is a CSS style

Copy code * As can be seen from the above example, the Slog function supports three parameters:
* The first parameter is the log content, the log content does not support the string yo, if you pass an array, objects, etc. can be printed into the console.
* The second parameter is the log type, optional, if you do not specify the log type default type is log, the third parameter is a custom style, write your custom CSS style here.

# #配置
* After loading the SocketLog.class.php file, you can also configure the Socketlog.
* For example: if we want to output the error message page of the program to the console, we can configure

2. <? PHP
4. Include './php/socketlog.class.php ';
6. Slog(array(
8. ' error_handler '=true
10. ),' Set_config ');
12. echo Notice; Make a notice error
14. Slog(' Here is the general log of the output ');
16. ?>

Copy code * Configuration Socketlog is also used with the Slog function, the first parameter to pass the array of configuration items, and the second parameter set to Set_config
* Other configuration items are also supported

2. <? PHP
4. Include './php/socketlog.class.php ';
6. Slog(array(
8. ' host '= 'localhost ',//websocket server address, default localhost
10. ' port '=' 1229 ',//websocket server port, default port is 1229
12. ' optimize '=false,//whether the parameter is displayed for optimization, if run time, memory consumption, etc., default to False
14. ' show_included_files '=false,//whether to show which files are loaded by this program run, default to False
16. ' error_handler '=false,//whether to take over the program error, display the program error in console, default to False
18. ' force_client_id ' = ' + ',//log force logging to the configured client_id, default to null
20. The ' allow_client_ids ' +array()////limits the client_id that allow the log to be read, by default it is empty, indicating that everyone can get the log.
22. )
24. ,' Set_config ');
26. ?>

Copy code * Optimize parameter if set to True, can be seen in the log to facilitate optimization parameters, such as: ' [Run Time: 0.081346035003662s][throughput: 12.29req/s][memory consumption: 346,910.45kb] '
* Show_included_files is set to True to show which files are loaded when the program is run, such as when we are analyzing open source programs, if we do not know where the template files are, we often look at the list of loaded files to know where the template files are.
* Error_Handler set to True, can take over the error message to the browser console, in the development process notice error can let us quickly find the bug, but some notice error is unavoidable, If you let them appear in the page will affect the normal layout of the page, then set Error_Handler, let it appear in the browser console. In addition, this feature combined with PHP taint is also excellent. Taint can automatically detect Xss,sql injection, if only with PHP taint, it warning error only tells the variable output place, do not know where the variable is assigned, how to pass. With Socketlog, you can see the call stack and easily track the problematic variables. More information for taint: http://www.laruence.com/2012/02/14/2544.html
* Set client_id: In the Chrome browser, you can set the plugin's client_id, client_id is the string you arbitrarily specify.

* The following functions can be achieved after setting client_id:

* 1, configure the Allow_client_ids configuration item so that the specified browser can get the log, so that the debug code can be brought online. Normal user access does not trigger debugging and does not send logs. The debug logs that developers access can be seen, which facilitates the search for online bugs. CLIENT_ID recommends setting the name desperately with a random string, so that if an employee leaves the corresponding client_id it can be removed from the configuration item allow_client_ids. client_id In addition to the name pinyin, plus the purpose of random strings, in case someone else according to your company employee name guessing client_id, get the debug log on the line.
* Set Allow_client_ids Sample code:

1.         slog< Span class= "pun" > (array (
2. < Span class= "PLN" >         ' allow_client_ids ' =>array ( ' luofei_zfh5nbln ' , ' easy_djq0z80h ' )
3.          ' set_config ' )

Copy code * 2, set the FORCE_CLIENT_ID configuration item, and let the background script output the log to Chrome. The website may use the queue, some business logic through the background script processing, if the background script needs debugging, you can also print the log to the browser console, of course, the background script does not contact the browser, do not know which browser is currently triggering the program, So we need to force the log to print to the browser of the specified client_id. When we use Socketlog in a background script, we set the FORCE_CLIENT_ID configuration item to specify the CLIENT_ID to force the output of the browser.
* Sample code:

2. <? PHP
4. Include './php/socketlog.class.php ';
6. Slog(array(
8. ' force_client_id '= 'luofei_zfh5nbln '
10. ),' Set_config ');
12. Slog(' test '); `

Copy Code # #对数据库进行调试
* Socketlog can also debug SQL statements, automatically explain analysis of SQL statements, showing a performance problem of SQL statements. As shown in.

* Figure shows three SQL statements, the first SQL statement font is large, because it is a performance problem, in the background of the SQL statement has been labeled using Filesort. We can also click on an SQL statement to see the SQL execution of the call stack, clearly know how the SQL statement is executed, convenient for us to analyze the program, easy to do open source program two development. The third SQL statement in the diagram is a state that is opened.
* The SQL statement is printed with the Slog function, and the second argument is passed as a MySQL or Mysqli object. Example code:

2. $link=mysql_connect( ' localhost:3306 ' , ' root ' , ' 123456 ' , true ) ;
4. mysql_select_db(' Kuaijianli ',$link);
6. $sql="select * from ' user '";
8. Slog($sql,$link);

The copy code is followed by a demonstration of database debugging with Onethink as an instance.

* Note that sometimes in the case of less data, the MySQL query will not use the index, explain will also prompt using Filesort performance problems, in fact, this is not really a performance problem, you need to judge yourself, or add more data to test.

# #对API进行调试
The website calls the API, how to print the debugging information of the API program to the browser console? Earlier we talked about a configuration force_client_id, which forces logs to be logged to the specified browser. In this way, you can also print the API debug information to the console, but force_client_id can only specify a client_id, if our development environment is multi-person sharing, this way is inconvenient.
In fact, as long as the browser passed to the Web site User-agent to the API, the API program does not have to configure the force_client_id, but also to identify the current browser to access the program, the log print to the current browser of the program, we need to make the SDK code a little bit of modification. The SDK that invokes the API, usually written in curl, adds the following code to pass the browser's user-agent to the API.

2. $headers=array(
4. ' user-agent: '. $_server[' http_user_agent ']
6. );
8. curl_setopt($ch,curlopt_httpheader,$headers);

Copy Code # #分析开源程序

With Socketlog, we can easily analyze the open source program, the following Onethink as an example, you can download the latest Onethink program in http://www.onethink.cn/. After installing the Onethink, follow the steps below to add the Socketlog program.

* Copy the SocketLog.class.php to the Onethink program directory, if you do not want to put the file into which subfolder, put it in the root directory.
* Edit the Portal file index.php, then load the SocketLog.class.php at the front of the code, and set the Socketlog

2. <? PHP
4. Include './socketlog.class.php ';
6. Slog(array(
8. ' error_handler '=true,
10. ' optimize '=true,
12. ' show_included_files '=true
14. ),' Set_config ');

Copy code-Edit the thinkphp/library/think/db/driver/mysqli.class.php file, if you are using a database-driven type other than mysqli, but MySQL, then open Mysql.class.php, Find the place where the SQL statement was executed, the Execute method in this class is a method of executing the SQL statement, about 119 lines, add the code:

1. Slog($this, Querystr,$this-_linkid);

Copy code-the query method in the class is also a place to execute the SQL statement, also need to add the above code, about 92 lines to increase slog ($this->querystr, $this->_linkid);

-then browse the site to see the effect:


Through the console log, access to each page we all know what the program has done, is a very cool thing.

-Tip: Another simpler approach, because Onethink calls $this->debug every time the SQL statement executes, so we can put slog ($this->querystr, $this->_linkid); Write directly in the debug method of the Db.class.php file. This will work for both mysqli and MySQL drivers.

# #About Me
Author: @luofei614 Sina Weibo: http://weibo.com/luofei614
Quick Resume cto,thinkphp One of the core developers, after Sina cloud computing
If you think Socketlog is helpful to you, find a job later with a quick resume: http://rd.kuaijianli.com

Socketlog.zip (71.83 KB downloaded: 34 times)

Rapid analysis of Onethink programs through Socketlog