Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > TBDev > Mods & Themes
Reply
  #1  
Old 13-07-08, 13:36
kovsza's Avatar
kovsza kovsza is offline
Member
 
Join Date: Apr 2008
Posts: 1
Default Passkey System
Hello!

Working TBDEV Passkey system would be being asked!
With detailed description.

Thank You!

Sorry very small speak in English.

Have a nice day :smile:
Reply With Quote
  #2  
Old 13-07-08, 15:45
joeroberts's Avatar
joeroberts joeroberts is offline
BT.Manager Owner
 
Join Date: Jan 2008
United States
Posts: 2,027
Default Passkey by Skorpios, Original passkey split from main topic
The files that must be modified are:
announce.php
download.php
modtask.php
my.php
takeprofedit.php
userdetails.php

First of all, create the field 'passkey' in the 'users' and 'peers' tables.
Code:
ALTER TABLE users ADD passkey VARCHAR(32) NOT NULL;
ALTER TABLE peers ADD passkey VARCHAR(32) NOT NULL;

Now we need to set each users passkey and add it to the downloaded torrent. Both of these are done in download.php by replacing the lines:
Code:
header("Content-Type: application/x-bittorrent");

readfile($fn);
with:
Code:
require_once "include/benc.php";



if (strlen($CURUSER['passkey']) != 32) {

$CURUSER['passkey'] = md5($CURUSER['username'].get_date_time().$CURUSER['passhash']);

mysql_query("UPDATE users SET passkey='$CURUSER[passkey]' WHERE id=$CURUSER[id]");

}



$dict = bdec_file($fn, (1024*1024));

$dict['value']['announce']['value'] = "$BASEURL/announce.php?passkey=$CURUSER[passkey]";

$dict['value']['announce']['string'] = strlen($dict['value']['announce']['value']).":".$dict['value']['announce']['value'];

$dict['value']['announce']['strlen'] = strlen($dict['value']['announce']['string']);



header('Content-Disposition: attachment; filename="'.$torrent['filename'].'"');

header("Content-Type: application/x-bittorrent");



print(benc($dict));
This creates a passkey if the user doesn't already have one assigned. (It's also worth noting that the announce url is replaced, opening up the possibilty to allow any announce url in uploaded torrents.)

To allow users to reset their passkey if they suspect it has been leaked, we modify my.php and takeprofedit.php. In my.php, wherever you want the passkey reset box to appear, add the line:
Code:
tr("Reset passkey","<input type=checkbox name=resetpasskey value=1 />
<font class=small>Any active torrents must be downloaded again to continue leeching/seeding.</font>", 1);
In takeprofedit, we add the corresponding line somewhere before the SQL query:
Code:
if ($_POST['resetpasskey']) $updateset[] = "passkey=''";
To allow moderators to be able to reset a user's passkey, add to userdetails.php, in the moderator's editing section (around line 305):
Code:
print("<tr><td class=rowhead>Passkey</td><td colspan=2 align=left><input name=resetkey value=1 type=checkbox> Reset passkey</td></tr>n");
The corresponding line for this one goes in modtask.php, again somewhere before the SQL query. It's exactly the same as the one for takeprofedit:
Code:
if ($_POST['resetpasskey']) $updateset[] = "passkey=''";
We now have a unique passkey for each user, added dynamically to the torrent's announce url in each download. The passkey can be reset by either the user or a moderator. All that's left to do is to modify announce.php to handle it. This is the part that needs much more work, so feel free to experiment and post any enhancements. This code will allow the client to connect, but you will need to decide what restrictions to impose and how to enforce them.

Replace the section that starts and ends:
Code:
$req = "info_hash:peer_id:!ip:port:uploaded:downloaded:left:!event";

foreach (explode(":", $req) as $x)

.

.

.

$downloaded = 0 + $downloaded;

$uploaded = 0 + $uploaded;

$left = 0 + $left;
with the following:
Code:
foreach (array("passkey","info_hash","peer_id","ip","event") as $x)

$GLOBALS[$x] = "" . $_GET[$x];





foreach (array("port","downloaded","uploaded","left") as $x)

$GLOBALS[$x] = 0 + $_GET[$x];



if (strpos($passkey, "?")) {

  $tmp = substr($passkey, strpos($passkey, "?"));

$passkey = substr($passkey, 0, strpos($passkey, "?"));

$tmpname = substr($tmp, 1, strpos($tmp, "=")-1);

$tmpvalue = substr($tmp, strpos($tmp, "=")+1);

$GLOBALS[$tmpname] = $tmpvalue;

}



foreach (array("passkey","info_hash","peer_id","port","downloaded","uploaded","left") as $x)

if (!isset($x)) err("Missing key: $x");



foreach (array("info_hash","peer_id") as $x)

if (strlen($GLOBALS[$x]) != 20) err("Invalid $x (" . strlen($GLOBALS[$x]) . " - " . urlencode($GLOBALS[$x]) . ")");



if (strlen($passkey) != 32) err("Invalid passkey (" . strlen($passkey) . " - $passkey)");



//if (empty($ip) || !preg_match('/^(d{1,3}.){3}d{1,3}$/s', $ip))

$ip = getip();
Such major changes were necessary here, because many clients do not comply with the defined standards and will send a malformed GET request url. This detects a malformed request and retrieves the correct data from it.

Next we need to verify the passkey is actually valid. After the lines:
Code:
dbconn(false);



hit_count();
insert the lines:
Code:
$valid = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM users WHERE passkey=" . sqlesc($passkey)));

if ($valid[0] != 1) err("Invalid passkey! Re-download the .torrent from $BASEURL");
To use the passkey to determine which username to record stats for, replace:
Code:
//// Up/down stats ////////////////////////////////////////////////////////////



if (!isset($self))

{

$rz = mysql_query("SELECT id, uploaded, downloaded, class FROM users WHERE ip='$ip' AND enabled = 'yes' ORDER BY last_access DESC LIMIT 1") or err("Tracker error 2");

if ($MEMBERSONLY && mysql_num_rows($rz) == 0)

err("Unrecognized host ($ip). Please go to $BASEURL to sign-up or login.");
with:
Code:
//// Up/down stats ////////////////////////////////////////////////////////////



if (!isset($self))

{

$valid = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM peers WHERE torrent=$torrentid AND passkey=" . sqlesc($passkey)));

if ($valid[0] >= 1 && $seeder == 'no') err("Connection limit exceeded! You may only leech from one location at a time.");

if ($valid[0] >= 3 && $seeder == 'yes') err("Connection limit exceeded!");



$rz = mysql_query("SELECT id, uploaded, downloaded, class FROM users WHERE passkey=".sqlesc($passkey)." AND enabled = 'yes' ORDER BY last_access DESC LIMIT 1") or err("Tracker error 2");

if ($MEMBERSONLY && mysql_num_rows($rz) == 0)

err("Unknown passkey. Please redownload the torrent from $BASEURL.");
Now, with any luck, I've documented all the necessary changes and this should work without any problems.

The last change in the code already has some restrictions coded in. It will allow the torrent to be leeched from only one location at a time, as long as it is not currently being seeded elsewhere. This should prevent a torrent from being leeched by multiple users from the same account, for instance, if a passkey was leaked. On the other hand, some users like to seed from home and from work at the same time, in an attempt to improve their ratio. This code restricts users to seeding from a maximum of three locations simultaneously. For these checks to work, one final change is required, which is to insert the passkey into the peers table when the user connects. To do this, replace the line:
Code:
 $ret = mysql_query("INSERT INTO peers (connectable, torrent, peer_id, ip, port, uploaded, downloaded, to_go, started, last_action, seeder, userid, agent, uploadoffset, downloadoffset) VALUES ('$connectable', $torrentid, " . sqlesc($peer_id) . ", " . sqlesc($ip) . ", $port, $uploaded, $downloaded, $left, NOW(), NOW(), '$seeder', $userid, " . sqlesc($agent) . ", $uploaded, $downloaded)");
with:
Code:
$ret = mysql_query("INSERT INTO peers (connectable, torrent, peer_id, ip, port, uploaded, downloaded, to_go, started, last_action, seeder, userid, agent, uploadoffset, downloadoffset, passkey) VALUES ('$connectable', $torrentid, " . sqlesc($peer_id) . ", " . sqlesc($ip) . ", $port, $uploaded, $downloaded, $left, NOW(), NOW(), '$seeder', $userid, " . sqlesc($agent) . ", $uploaded, $downloaded, " . sqlesc($passkey) . ")");
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent
Do not ask me to make a mod for any other source
Do not Ask me to setup your site.
I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in BT.Managerô forum
My Current Demo is here http://demo.btmanager.org/
Reply With Quote
The Following 3 Users Say Thank You to joeroberts For This Useful Post:
adrian21 (23-04-09), sammygo (24-07-09), Tibys08 (29-05-11)
  #3  
Old 24-07-09, 21:41
sammygo's Avatar
sammygo sammygo is offline
Senior Member
 
Join Date: May 2008
P2P
Posts: 141
Default
Installed this mod...but how can i make
When i go to upload.php to show my passkey :
ex :
Your announce url is : http://site/announce.php?passkey=blabla :| ?
Reply With Quote
  #4  
Old 22-05-13, 00:44
las7h0p3's Avatar
las7h0p3 las7h0p3 is offline
Senior Member
 
Join Date: Jul 2008
Posts: 18
Default
Kinda late but hope this will be helpful to someone.

Put this code:

Code:
<p>Your announce url is: <b><?php echo "$announce_urls[0]?passkey={$CURUSER['passkey']}"?></b></p>
under

Code:
<b><?= $announce_urls[0] ?></b></p>
Bump: Don't know why but I can't edit my previous post.

in upload.php find:

Code:
if (get_user_class() < UC_UPLOADER)
{
  stdmsg("Sorry...", "You are not authorized to upload torrents.  (See <a href=\"faq.php#up\">Uploading</a> in the FAQ.)");
  stdfoot();
  exit;
}
underneath add:

Code:
if (strlen($CURUSER['passkey']) != 32) {

$CURUSER['passkey'] = md5($CURUSER['username'].get_date_time().$CURUSER['passhash']);

mysql_query("UPDATE users SET passkey='$CURUSER[passkey]' WHERE id=$CURUSER[id]");

}
then after:

Code:
<p>Your announce is: <b><?= $announce_urls[0] ?></b></p>
add:

Code:
<p>Your announce passkey is: <b><?= $announce_urls[0] ?>?passkey=<?= $CURUSER['passkey'] ?></b></p>
Reply With Quote
Reply

Tags
passkey , system

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Advanced HelpDesk With Ticket System Bigjoos Mods & Themes 14 13-02-16 18:59
tbdev final 2009 passkey help plz !;) djblackout Community Cafe 15 23-03-10 03:53
passkey? shaker YSE 2 20-02-10 14:48
Passkey sammygo Mods & Themes 1 23-07-09 19:04
passkey huly YSE 2 10-07-08 13:58



All times are GMT +2. The time now is 00:16. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2018, vBulletin Solutions Inc.