Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Mods & Themes (http://www.bvlist.com/forumdisplay.php?f=109)
-   -   Passkey System (http://www.bvlist.com/showthread.php?t=614)

kovsza 13th July 2008 13:36

Passkey System
 
Hello!

Working TBDEV Passkey system would be being asked!
With detailed description.

Thank You!

Sorry very small speak in English.

Have a nice day :smile:

n");
The corresponding line for this one goes in modtask.php, again somewhere before the SQL query. It's exactly the same as the one for takeprofedit:
Code:

if ($_POST['resetpasskey']) $updateset[] = "passkey=''";
We now have a unique passkey for each user, added dynamically to the torrent's announce url in each download. The passkey can be reset by either the user or a moderator. All that's left to do is to modify announce.php to handle it. This is the part that needs much more work, so feel free to experiment and post any enhancements. This code will allow the client to connect, but you will need to decide what restrictions to impose and how to enforce them.

Replace the section that starts and ends:
Code:

$req = "info_hash:peer_id:!ip:port:uploaded:downloaded:left:!event";

foreach (explode(":", $req) as $x)

.

.

.

$downloaded = 0 + $downloaded;

$uploaded = 0 + $uploaded;

$left = 0 + $left;

with the following:
Code:

foreach (array("passkey","info_hash","peer_id","ip","event") as $x)

$GLOBALS[$x] = "" . $_GET[$x];





foreach (array("port","downloaded","uploaded","left") as $x)

$GLOBALS[$x] = 0 + $_GET[$x];



if (strpos($passkey, "?")) {

  $tmp = substr($passkey, strpos($passkey, "?"));

$passkey = substr($passkey, 0, strpos($passkey, "?"));

$tmpname = substr($tmp, 1, strpos($tmp, "=")-1);

$tmpvalue = substr($tmp, strpos($tmp, "=")+1);

$GLOBALS[$tmpname] = $tmpvalue;

}



foreach (array("passkey","info_hash","peer_id","port","downloaded","uploaded","left") as $x)

if (!isset($x)) err("Missing key: $x");



foreach (array("info_hash","peer_id") as $x)

if (strlen($GLOBALS[$x]) != 20) err("Invalid $x (" . strlen($GLOBALS[$x]) . " - " . urlencode($GLOBALS[$x]) . ")");



if (strlen($passkey) != 32) err("Invalid passkey (" . strlen($passkey) . " - $passkey)");



//if (empty($ip) || !preg_match('/^(d{1,3}.){3}d{1,3}$/s', $ip))

$ip = getip();

Such major changes were necessary here, because many clients do not comply with the defined standards and will send a malformed GET request url. This detects a malformed request and retrieves the correct data from it.

Next we need to verify the passkey is actually valid. After the lines:
Code:

dbconn(false);



hit_count();

insert the lines:
Code:

$valid = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM users WHERE passkey=" . sqlesc($passkey)));

if ($valid[0] != 1) err("Invalid passkey! Re-download the .torrent from $BASEURL");

To use the passkey to determine which username to record stats for, replace:
Code:

//// Up/down stats ////////////////////////////////////////////////////////////



if (!isset($self))

{

$rz = mysql_query("SELECT id, uploaded, downloaded, class FROM users WHERE ip='$ip' AND enabled = 'yes' ORDER BY last_access DESC LIMIT 1") or err("Tracker error 2");

if ($MEMBERSONLY && mysql_num_rows($rz) == 0)

err("Unrecognized host ($ip). Please go to $BASEURL to sign-up or login.");

with:
Code:

//// Up/down stats ////////////////////////////////////////////////////////////



if (!isset($self))

{

$valid = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM peers WHERE torrent=$torrentid AND passkey=" . sqlesc($passkey)));

if ($valid[0] >= 1 && $seeder == 'no') err("Connection limit exceeded! You may only leech from one location at a time.");

if ($valid[0] >= 3 && $seeder == 'yes') err("Connection limit exceeded!");



$rz = mysql_query("SELECT id, uploaded, downloaded, class FROM users WHERE passkey=".sqlesc($passkey)." AND enabled = 'yes' ORDER BY last_access DESC LIMIT 1") or err("Tracker error 2");

if ($MEMBERSONLY && mysql_num_rows($rz) == 0)

err("Unknown passkey. Please redownload the torrent from $BASEURL.");

Now, with any luck, I've documented all the necessary changes and this should work without any problems.

The last change in the code already has some restrictions coded in. It will allow the torrent to be leeched from only one location at a time, as long as it is not currently being seeded elsewhere. This should prevent a torrent from being leeched by multiple users from the same account, for instance, if a passkey was leaked. On the other hand, some users like to seed from home and from work at the same time, in an attempt to improve their ratio. This code restricts users to seeding from a maximum of three locations simultaneously. For these checks to work, one final change is required, which is to insert the passkey into the peers table when the user connects. To do this, replace the line:
Code:

$ret = mysql_query("INSERT INTO peers (connectable, torrent, peer_id, ip, port, uploaded, downloaded, to_go, started, last_action, seeder, userid, agent, uploadoffset, downloadoffset) VALUES ('$connectable', $torrentid, " . sqlesc($peer_id) . ", " . sqlesc($ip) . ", $port, $uploaded, $downloaded, $left, NOW(), NOW(), '$seeder', $userid, " . sqlesc($agent) . ", $uploaded, $downloaded)");
with:
Code:

$ret = mysql_query("INSERT INTO peers (connectable, torrent, peer_id, ip, port, uploaded, downloaded, to_go, started, last_action, seeder, userid, agent, uploadoffset, downloadoffset, passkey) VALUES ('$connectable', $torrentid, " . sqlesc($peer_id) . ", " . sqlesc($ip) . ", $port, $uploaded, $downloaded, $left, NOW(), NOW(), '$seeder', $userid, " . sqlesc($agent) . ", $uploaded, $downloaded, " . sqlesc($passkey) . ")");
joeroberts 13th July 2008 15:45

Passkey by Skorpios, Original passkey split from main topic
 
The files that must be modified are:
announce.php
download.php
modtask.php
my.php
takeprofedit.php
userdetails.php

First of all, create the field 'passkey' in the 'users' and 'peers' tables.
Code:

ALTER TABLE users ADD passkey VARCHAR(32) NOT NULL;
ALTER TABLE peers ADD passkey VARCHAR(32) NOT NULL;


Now we need to set each users passkey and add it to the downloaded torrent. Both of these are done in download.php by replacing the lines:
Code:

header("Content-Type: application/x-bittorrent");

readfile($fn);

with:
Code:

require_once "include/benc.php";



if (strlen($CURUSER['passkey']) != 32) {

$CURUSER['passkey'] = md5($CURUSER['username'].get_date_time().$CURUSER['passhash']);

mysql_query("UPDATE users SET passkey='$CURUSER[passkey]' WHERE id=$CURUSER[id]");

}



$dict = bdec_file($fn, (1024*1024));

$dict['value']['announce']['value'] = "$BASEURL/announce.php?passkey=$CURUSER[passkey]";

$dict['value']['announce']['string'] = strlen($dict['value']['announce']['value']).":".$dict['value']['announce']['value'];

$dict['value']['announce']['strlen'] = strlen($dict['value']['announce']['string']);



header('Content-Disposition: attachment; filename="'.$torrent['filename'].'"');

header("Content-Type: application/x-bittorrent");



print(benc($dict));

This creates a passkey if the user doesn't already have one assigned. (It's also worth noting that the announce url is replaced, opening up the possibilty to allow any announce url in uploaded torrents.)

To allow users to reset their passkey if they suspect it has been leaked, we modify my.php and takeprofedit.php. In my.php, wherever you want the passkey reset box to appear, add the line:
Code:

tr("Reset passkey","
Any active torrents must be downloaded again to continue leeching/seeding.", 1);

In takeprofedit, we add the corresponding line somewhere before the SQL query:
Code:

if ($_POST['resetpasskey']) $updateset[] = "passkey=''";
To allow moderators to be able to reset a user's passkey, add to userdetails.php, in the moderator's editing section (around line 305):
Code:

print("
Passkey Reset passkey

sammygo 24th July 2009 21:41

Installed this mod...but how can i make
When i go to upload.php to show my passkey :
ex :
Your announce url is : http://site/announce.php?passkey=blabla :| ?:sos:

las7h0p3 22nd May 2013 00:44

Kinda late but hope this will be helpful to someone.

Put this code:

Code:

Your announce url is:


under

Code:


Bump: Don't know why but I can't edit my previous post.

in upload.php find:

Code:

if (get_user_class() < UC_UPLOADER)
{
  stdmsg("Sorry...", "You are not authorized to upload torrents.  (See Uploading in the FAQ.)");
  stdfoot();
  exit;
}

underneath add:

Code:

if (strlen($CURUSER['passkey']) != 32) {

$CURUSER['passkey'] = md5($CURUSER['username'].get_date_time().$CURUSER['passhash']);

mysql_query("UPDATE users SET passkey='$CURUSER[passkey]' WHERE id=$CURUSER[id]");

}

then after:

Code:

Your announce is:


add:

Code:

Your announce passkey is: ?passkey=




All times are GMT +2. The time now is 14:32.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.