| raefor |
22nd September 2009 13:50 |
Quote:
Originally Posted by Security
(Post 15875)
How to fix that ?
Code:
Warning: Cannot modify header information - headers already sent by (output started at /home/visualt/public_html/newtorrent/viewrequests.php:1) in /home/visualt/public_html/newtorrent/backend/functions.php on line 33
|
try and replace announce with this one
PHP Code:
<?
//
// H-Tracker v0.2
// http://h-tracker.org
// Based on TorrentTrader (http://www.torrenttrader.org)
//
//
error_reporting(E_ALL ^ E_NOTICE);
require_once("backend/mysql.php");
require_once("backend/config.php");
@mysql_connect($mysql_host, $mysql_user, $mysql_pass) or err('dbconn: mysql_connect: ' . mysql_error());
@mysql_select_db($mysql_db) or die('dbconn: mysql_select_db: ' + mysql_error());
$MEMBERSONLY = $site_config["MEMBERSONLY"];
$MEMBERSONLY_WAIT = $site_config["MEMBERSONLY_WAIT"];
//START FUNCTIONS
function ip2compact ($ip, $port) {
return pack("N", ip2long($ip)).pack("n", $port);
}
function unesc($x) {
if (get_magic_quotes_gpc())
return stripslashes($x);
return $x;
}
function hex2bin($hexdata) {
$bindata = "";
for ($i=0;$i<strlen($hexdata);$i+=2) {
$bindata.=chr(hexdec(substr($hexdata,$i,2)));
}
return $bindata;
}
function is_valid_id($id)
{
return is_numeric($id) && ($id > 0) && (floor($id) == $id);
}
function validip($ip)
{
if (!empty($ip) && ip2long($ip)!=-1)
{
$reserved_ips = array (
array('0.0.0.0','2.255.255.255'),
array('10.0.0.0','10.255.255.255'),
array('127.0.0.0','127.255.255.255'),
array('169.254.0.0','169.254.255.255'),
array('172.16.0.0','172.31.255.255'),
array('192.0.2.0','192.0.2.255'),
array('192.168.0.0','192.168.255.255'),
array('255.255.255.0','255.255.255.255')
);
foreach ($reserved_ips as $r)
{
$min = ip2long($r[0]);
$max = ip2long($r[1]);
if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) return false;
}
return true;
}
else return false;
}
function getip() {
if (isset($_SERVER)) {
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && validip($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (isset($_SERVER['HTTP_CLIENT_IP']) && validip($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
} else {
if (getenv('HTTP_X_FORWARDED_FOR') && validip(getenv('HTTP_X_FORWARDED_FOR'))) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif (getenv('HTTP_CLIENT_IP') && validip(getenv('HTTP_CLIENT_IP'))) {
$ip = getenv('HTTP_CLIENT_IP');
} else {
$ip = getenv('REMOTE_ADDR');
}
}
return $ip;
}
function checkconnect($ip,$port)
{
$sockres = @fsockopen($ip, $port, $errno, $errstr, 5);
if (!$sockres)
$connectable = "no";
else
{
$connectable = "yes";
@fclose($sockres);
}
return $connectable;
}
function hash_pad($hash) {
return str_pad($hash, 20);
}
function hash_where($name, $hash) {
$shhash = preg_replace('/ *$/s', "", $hash);
return "($name = " . sqlesc($hash) . " OR $name = " . sqlesc($shhash) . ")";
}
function sqlesc($x) {
return "'".mysql_real_escape_string($x)."'";
}
function err($msg)
{
benc_resp(array("failure reason" => array(type => "string", value => $msg)));
exit();
}
function benc($obj) {
if (!is_array($obj) || !isset($obj["type"]) || !isset($obj["value"]))
return;
$c = $obj["value"];
switch ($obj["type"]) {
case "string":
return benc_str($c);
case "integer":
return benc_int($c);
case "list":
return benc_list($c);
case "dictionary":
return benc_dict($c);
default:
return;
}
}
function benc_str($s) {
return strlen($s) . ":$s";
}
function benc_int($i) {
return "i" . $i . "e";
}
function benc_list($a) {
$s = "l";
foreach ($a as $e) {
$s .= benc($e);
}
$s .= "e";
return $s;
}
function benc_dict($d) {
$s = "d";
$keys = array_keys($d);
sort($keys);
foreach ($keys as $k) {
$v = $d[$k];
$s .= benc_str($k);
$s .= benc($v);
}
$s .= "e";
return $s;
}
function benc_resp($d)
{
benc_resp_raw(benc(array(type => "dictionary", value => $d)));
}
function benc_resp_raw($x) {
header("Content-Type: text/plain");
header("Pragma: no-cache");
if ($_SERVER["HTTP_ACCEPT_ENCODING"] == "gzip") {
header("Content-Encoding: gzip");
echo gzencode($x, 9, FORCE_GZIP);
} else
print($x);
}
function gmtime()
{
return strtotime(get_date_time());
}
function get_date_time($timestamp = 0)
{
if ($timestamp)
return date("Y-m-d H:i:s", $timestamp);
else
return gmdate("Y-m-d H:i:s");
}
function portblacklisted($port)
{
// direct connect
if ($port >= 411 && $port <= 413) return true;
// kazaa
if ($port == 1214) return true;
// gnutella
if ($port >= 6346 && $port <= 6347) return true;
// emule
if ($port == 4662) return true;
// winmx
if ($port == 6699) return true;
return false;
}
//////////////////////// NOW WE DO THE ANNOUNCE CODE ////////////////////////
// BLOCK ACCESS WITH WEB BROWSERS
$agent = $_SERVER["HTTP_USER_AGENT"];
//if (ereg("^Mozilla\\/", $agent) || ereg("^Opera\\/", $agent) || ereg("^Links ", $agent) || ereg("^Lynx\\/", //$agent))
// err("torrent not registered with this tracker");
//GET DETAILS OF PEERS ANNOUNCE
foreach (array("passkey","info_hash","peer_id","ip","event") as $x) {
if (get_magic_quotes_gpc())
$GLOBALS[$x] = stripslashes($_GET[$x]);
else
$GLOBALS[$x] = $_GET[$x];
}
foreach (array("port","downloaded","uploaded","left") as $x)
$GLOBALS[$x] = 0 + $_GET[$x];
if (strpos($passkey, "?")) {
$tmp = substr($passkey, strpos($passkey, "?"));
$passkey = substr($passkey, 0, strpos($passkey, "?"));
$tmpname = substr($tmp, 1, strpos($tmp, "=")-1);
$tmpvalue = substr($tmp, strpos($tmp, "=")+1);
$GLOBALS[$tmpname] = $tmpvalue;
}
foreach (array("passkey","info_hash","peer_id","port","downloaded","uploaded","left") as $x)
if (!isset($x))
err("Missing key: $x");
$no_peer_id = (int) $_GET["no_peer_id"];
$compact = (int) $_GET["compact"];
if (strlen($GLOBALS['info_hash']) == 20)
$GLOBALS['info_hash'] = bin2hex($GLOBALS['info_hash']);
else if (strlen($GLOBALS['info_hash']) != 40)
err("Invalid info hash value.");
$GLOBALS['info_hash'] = strtolower($GLOBALS['info_hash']);
if ($MEMBERSONLY){
if (strlen($passkey) != 32)
err("Invalid passkey (" . strlen($passkey) . " - $passkey)");
}
$ip = getip();
foreach(array("num want", "numwant", "num_want") as $k)
{
if (isset($_GET[$k]))
{
$rsize = 0 + $_GET[$k];
break;
}
}
//PORT CHECK
if (!$port || $port > 0xffff)
err("invalid port");
//TRACKER EVENT CHECK
if (!isset($event))
$event = "";
$seeder = ($left == 0) ? "yes" : "no";
//Agent Ban
$agentarray = array_map("trim", explode(",", $site_config["BANNED_AGENTS"]));
$useragent = substr($peer_id, 0, 8);
foreach($agentarray as $bannedclient)
if(strpos($useragent, $bannedclient) !== false)
err("Client is banned");
//End Agent Bans
if (portblacklisted($port))
err("Port $port is blacklisted.");
$userfields = "id, class, uploaded, downloaded, ip, passkey, parked"; //user details to get
$peerfields = "seeder, UNIX_TIMESTAMP(last_action) AS ez, peer_id, ip, port, uploaded, downloaded, userid, passkey"; //peers details to get
$torrentfields = "id, name, info_hash, category, banned, freeleech, vip, seeders + leechers AS numpeers, UNIX_TIMESTAMP(added) AS ts, seeders, leechers, times_completed"; //torrent details to get
$userid = 0;
if ($MEMBERSONLY){
//check passkey is valid, and get users details
$res = mysql_query("SELECT $userfields FROM users WHERE passkey=".sqlesc($passkey)." AND enabled = 'yes' ORDER BY last_access DESC LIMIT 1") or err("Cannot Get User Details");
if ($user["parked"] == "yes")
err("Error, your account is parked! Please read the FAQ!");
$user = mysql_fetch_array($res);
if (!$user)
err("Cannot locate a user with that passkey!");
$userid = $user["id"]; //etc
}
//check torrent is valid and get torrent fields
$res = mysql_query("SELECT $torrentfields FROM torrents WHERE ".hash_where("info_hash", $info_hash)) or err("Cannot Get Torrent Details");
$torrent = mysql_fetch_array($res);
if (!$torrent)
err("Torrent not found on this tracker - hash = " . $info_hash);
if ($torrent["banned"]=='yes')
err("Torrent has been banned - hash = " . $info_hash);
$torrentid = $torrent["id"];
if ($torrent["vip"] == "y" && $user["class"] < 3)
err("This torrent is for VIPs only. Please visit $site_config[SITEURL] to upgrade.");
//Now get data from peers table
$peerlimit = 50;
$numpeers = $torrent["numpeers"];
if ($numpeers > $peerlimit){
$limit = "ORDER BY RAND() LIMIT $peerlimit";
}else{
$limit = "";
}
$res = mysql_query("SELECT $peerfields FROM peers WHERE torrent = $torrentid $limit") or err("Error Selecting Peers");
//DO SOME BENC STUFF TO THE PEERS CONNECTION
$resp = "d8:completei$torrent[seeders]e10:downloadedi$torrent[times_completed]e10:incompletei$torrent[leechers]e";
$resp .= benc_str("interval") . "i" . $site_config['announce_interval'] . "e" . benc_str("min interval") . "i300e" . benc_str("peers");
unset($self);
while ($row = mysql_fetch_assoc($res))
{
$row["peer_id"] = hash_pad($row["peer_id"]);
if ($row["peer_id"] === $peer_id)
{
$self = $row;
continue;
}
if (!$compact || $no_peer_id) {
$peers .= "d" .
benc_str("ip") . benc_str($row["ip"]);
if (!$no_peer_id)
$peers .= benc_str("peer id") . benc_str($row["peer_id"]);
$peers .= benc_str("port") . "i" . $row["port"] . "ee";
}else
$peers .= benc_str(ip2compact($row["ip"], $row["port"]));
}
if (!$compact || $no_peer_id)
$resp .= "l{$peers}e";
else
$resp .= benc_str($peers);
$resp .= "ee";
$selfwhere = "torrent = $torrentid AND " . hash_where("peer_id", $peer_id);
// FILL $SELF WITH DETAILS FROM PEERS TABLE (CONNECTING PEERS DETAILS)
if (!isset($self)){
//check passkey isnt leaked
if ($MEMBERSONLY) {
$valid = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM peers WHERE torrent=$torrentid AND passkey=" . sqlesc($passkey)));
if ($valid[0] >= 1 && $seeder == 'no')
err("Connection limit exceeded! You may only leech from one location at a time.");
if ($valid[0] >= 3 && $seeder == 'yes')
err("Connection limit exceeded!");
}
$res = mysql_query("SELECT $peerfields FROM peers WHERE $selfwhere");
$row = mysql_fetch_assoc($res);
if ($row){
$self = $row;
if(($connectable=checkconnect($row['ip'],$row['port']))=='yes')
mysql_query("UPDATE peers SET connectable='yes' WHERE $selfwhere");
}
}
// END $SELF FILL
if (!isset($self)){ //IF PEER IS NOT IN PEERS TABLE DO THE WAIT TIME CHECK
if ($MEMBERSONLY_WAIT && $MEMBERSONLY){
//wait time check
if($left > 0 && in_array($user["class"], explode(",",$site_config["WAIT_CLASS"]))){ //check only leechers and lowest user class
$gigs = $user["uploaded"] / (1024*1024*1024);
$elapsed = floor((gmtime() - $torrent["ts"]) / 3600);
$ratio = (($user["downloaded"] > 0) ? ($user["uploaded"] / $user["downloaded"]) : 1);
if ($ratio == 0 && $gigs == 0) $wait = $site_config["WAITA"];
elseif ($ratio < $site_config["RATIOA"] || $gigs < $site_config["GIGSA"]) $wait = $site_config["WAITA"];
elseif ($ratio < $site_config["RATIOB"] || $gigs < $site_config["GIGSB"]) $wait = $site_config["WAITB"];
elseif ($ratio < $site_config["RATIOC"] || $gigs < $site_config["GIGSC"]) $wait = $site_config["WAITC"];
elseif ($ratio < $site_config["RATIOD"] || $gigs < $site_config["GIGSD"]) $wait = $site_config["WAITD"];
else $wait = 0;
if ($elapsed < $wait)
err("Wait Time (" . ($wait - $elapsed) . " hours) - Visit ".$site_config["SITEURL"]." for more info");
}
}
$connectable=checkconnect($ip,$port);
}else{
// Deny access made with a browser...
if (ereg("^Mozilla\\/", $agent) || ereg("^Opera\\/", $agent) || ereg("^Links ", $agent) || ereg("^Lynx\\/", $agent))
die("Not for browser, use upload.php or browse.php");
// Cheat hunter
if (isset($_SERVER['HTTP_COOKIE']) || isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) || isset($_SERVER['HTTP_ACCEPT_CHARSET'])) {
$body = <<<EOD
Hello
Found cheater on {$_SERVER["REMOTE_ADDR"]}
Header of request
REMOTE_ADDR: {$_SERVER["REMOTE_ADDR"]}
HTTP_USER_AGENT: {$_SERVER[""]}
HTTP_ACCEPT: {$_SERVER["HTTP_ACCEPT"]}
HTTP_ACCEPT_ENCODING: {$_SERVER["HTTP_ACCEPT_ENCODING"]}
HTTP_ACCEPT_LANGUAGE: {$_SERVER["HTTP_ACCEPT_LANGUAGE"]}
HTTP_ACCEPT_CHARSET: {$_SERVER["HTTP_ACCEPT_CHARSET"]}
HTTP_COOKIE: {$_SERVER["HTTP_COOKIE"]}
REQUEST_METHOD: {$_SERVER["REQUEST_METHOD"]}
QUERY_STRING: {$_SERVER["QUERY_STRING"]}
HTTP_CONNECTION: {$_SERVER["HTTP_CONNECTION"]}
HTTP_REFERER: {$_SERVER["HTTP_REFERER"]}
REMOTE_PORT: {$_SERVER["REMOTE_PORT"]}
REQUEST_URI: {$_SERVER["REQUEST_URI"]}
---
Do not reply - autogenerated
WBR, $SITENAME
EOD;
mail($site_config['SITEEMAIL'], "CheatHunter: Cheater on ".$site_config['SITENAME']." from ".$_SERVER['REMOTE_ADDR']."", $body, "From: ".$site_config['SITENAME']." <".$site_config['SITEEMAIL'].">");
die("Rescue the Earth - kill itself");
}
$upthis = max(0, $uploaded - $self["uploaded"]);
$downthis = max(0, $downloaded - $self["downloaded"]);
if (($upthis > 0 || $downthis > 0) && is_valid_id($userid)){ // (LIVE STATS!)
if ($torrent["freeleech"] == 1){
mysql_query("UPDATE users SET uploaded = uploaded + $upthis WHERE id=$userid") or err("Tracker error: Unable to update stats");
}else{
mysql_query("UPDATE users SET uploaded = uploaded + $upthis, downloaded = downloaded + $downthis WHERE id=$userid") or err("Tracker error: Unable to update stats");
}
}
}//END WAIT AND STATS UPDATE
$updateset = array();
////////////////// NOW WE DO THE TRACKER EVENT UPDATES ///////////////////
if ($event == "stopped") { // UPDATE "STOPPED" EVENT
mysql_query("DELETE FROM peers WHERE $selfwhere");
if (mysql_affected_rows()){
if ($self["seeder"] == "yes")
$updateset[] = "seeders = seeders - 1";
else
$updateset[] = "leechers = leechers - 1";
}
}
if ($event == "completed") { // UPDATE "COMPLETED" EVENT
$updateset[] = "times_completed = times_completed + 1";
if ($MEMBERSONLY)
mysql_query("INSERT INTO completed (userid, torrentid, date) VALUES ($userid, $torrentid, '".get_date_time()."')");
}//END COMPLETED
if (isset($self)){// NO EVENT? THEN WE MUST BE A NEW PEER OR ARE NOW SEEDING A COMPLETED TORRENT
mysql_query("UPDATE peers SET ip = " . sqlesc($ip) . ", passkey = " . sqlesc($passkey) . ", port = $port, uploaded = $uploaded, downloaded = $downloaded, to_go = $left, last_action = '".get_date_time()."', client = " . sqlesc($agent) . ", seeder = '$seeder' WHERE $selfwhere");
if (mysql_affected_rows() && $self["seeder"] != $seeder){
if ($seeder == "yes"){
$updateset[] = "seeders = seeders + 1";
$updateset[] = "leechers = leechers - 1";
} else {
$updateset[] = "seeders = seeders - 1";
$updateset[] = "leechers = leechers + 1";
}
}
} else {
$ret = mysql_query("INSERT INTO peers (connectable, torrent, peer_id, ip, passkey, port, uploaded, downloaded, to_go, started, last_action, seeder, userid, client) VALUES ('$connectable', $torrentid, " . sqlesc($peer_id) . ", " . sqlesc($ip) . ", " . sqlesc($passkey) . ", $port, $uploaded, $downloaded, $left, '".get_date_time()."', '".get_date_time()."', '$seeder', '$userid', " . sqlesc($agent) . ")");
if ($ret){
if ($seeder == "yes")
$updateset[] = "seeders = seeders + 1";
else
$updateset[] = "leechers = leechers + 1";
}
}
////////////////// END TRACKER EVENT UPDATES ///////////////////
// SEEDED, LETS MAKE IT VISIBLE THEN
if ($seeder == "yes") {
if ($torrent["banned"] != "yes") // DONT MAKE BANNED ONES VISIBLE
$updateset[] = "visible = 'yes'";
$updateset[] = "last_action = '".get_date_time()."'";
}
// NOW WE UPDATE THE TORRENT AS PER ABOVE
if (count($updateset))
mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id=$torrentid") or err("Tracker error: Unable to update torrent");
// NOW BENC THE DATA AND SEND TO CLIENT???
benc_resp_raw($resp);
mysql_close();
?>
|
