| ||||||
 |
|
#1
10th April 2012, 22:58
|
|||
|
|||
Passkey/Peers Problem! :(
Hey,
I recently set up a new private tracker and added the passkey system. Everything has been going fine up until a few days ago when some members started to report that they were missing small amounts of upload compared to what was shown in their client. There have also been other reports that a member is showing up in the peer list (on the tracker) as seeding or leeching when they haven't even downloaded the torrent (Also showing different clients). All i can assume is somehow some members are being given another members passkey and therefore getting some of their upload added to their account and then also showing up in the peers list on the site.  If i lock announce.php down to only allow leeching from one location at a time, members report that newer uploaded torrents give them an invalid passkey, even if they reset it. If i increase the leech limit to 2 or more locations, then members show up as leeching or seeding torrents they haven't even downloaded or leeched :S For example, someone is leeching a torrent i have uploaded (and i am seeding). But it is shwing up on the tracker as me leeching, even though it shows a different client too..  download.php Code:
<?
require_once("include/bittorrent.php");
dbconn();
$id = (int)$_GET["id"];
$name = $_GET["name"];
if (!$id)
httperr();
$res = mysql_query("SELECT 1 FROM torrents WHERE id = $id");
$row = mysql_fetch_array($res);
$fn = "$torrent_dir/$id.torrent";
if (!$row || !is_file($fn) || !is_readable($fn))
httperr();
mysql_query("UPDATE torrents SET hits = hits + 1 WHERE id = $id");
require_once "include/benc.php";
if (strlen($CURUSER['passkey']) != 32) {
$CURUSER['passkey'] = md5($CURUSER['username'].get_date_time().$CURUSER['passhash']);
mysql_query("UPDATE users SET passkey='$CURUSER[passkey]' WHERE id=$CURUSER[id]");
}
$dict = bdec_file($fn, (1024*1024));
$dict['value']['announce']['value'] = "$BASEURL/announce.php?passkey=$CURUSER[passkey]";
$dict['value']['announce']['string'] = strlen($dict['value']['announce']['value']).":".$dict['value']['announce']['value'];
$dict['value']['announce']['strlen'] = strlen($dict['value']['announce']['string']);
header ("Content-Disposition: attachment; filename=\"".$name."\"");
header ("Content-Type: application/x-bittorrent");
print(benc($dict));
?>
announce.php Code:
<?
$free = true;
$double = false;
ob_start("ob_gzhandler");
require_once("include/bittorrent.php");
require_once("include/benc.php");
function err($msg)
{
benc_resp(array("failure reason" => array(type => "string", value => $msg)));
exit();
}
function benc_resp($d)
{
benc_resp_raw(benc(array(type => "dictionary", value => $d)));
}
function benc_resp_raw($x)
{
header("Content-Type: text/plain");
header("Pragma: no-cache");
print($x);
}
foreach (array("passkey","info_hash","peer_id","ip","event") as $x)
$GLOBALS[$x] = "" . $_GET[$x];
foreach (array("port","downloaded","uploaded","left") as $x)
$GLOBALS[$x] = 0 + $_GET[$x];
if (strpos($passkey, "?")) {
$tmp = substr($passkey, strpos($passkey, "?"));
$passkey = substr($passkey, 0, strpos($passkey, "?"));
$tmpname = substr($tmp, 1, strpos($tmp, "=")-1);
$tmpvalue = substr($tmp, strpos($tmp, "=")+1);
$GLOBALS[$tmpname] = $tmpvalue;
}
foreach (array("passkey","info_hash","peer_id","port","downloaded","uploaded","left") as $x)
if (!isset($x)) err("Missing key: $x");
foreach (array("info_hash","peer_id") as $x)
if (strlen($GLOBALS[$x]) != 20) err("Invalid $x (" . strlen($GLOBALS[$x]) . " - " . urlencode($GLOBALS[$x]) . ")");
if (strlen($passkey) != 32) err("Invalid passkey (" . strlen($passkey) . " - $passkey)");
//if (empty($ip) || !preg_match('/^(d{1,3}.){3}d{1,3}$/s', $ip))
$ip = getip();
$rsize = 50;
foreach(array("num want", "numwant", "num_want") as $k)
{
if (isset($_GET[$k]))
{
$rsize = 0 + $_GET[$k];
break;
}
}
$agent = $_SERVER["HTTP_USER_AGENT"];
// Deny access made with a browser...
if (ereg("^Mozilla\\/", $agent) || ereg("^Opera\\/", $agent) || ereg("^Links ", $agent) || ereg("^Lynx\\/", $agent))
err("torrent not registered with this tracker");
if (!$port || $port > 0xffff)
err("invalid port");
if (!isset($event))
$event = "";
$seeder = ($left == 0) ? "yes" : "no";
dbconn(false);
$valid = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM users WHERE passkey=" . sqlesc($passkey)));
if ($valid[0] != 1) err("Invalid passkey! Re-download the .torrent from $BASEURL");
$res = mysql_query("SELECT id, banned, free, seeders + leechers AS numpeers, UNIX_TIMESTAMP(added) AS ts FROM torrents WHERE " . hash_where("info_hash", $info_hash));
$torrent = mysql_fetch_assoc($res);
if (!$torrent)
err("torrent not registered with this tracker");
$torrentid = $torrent["id"];
//$fields = "seeder, peer_id, ip, port, uploaded, downloaded, userid";
$fields = "seeder, peer_id, ip, port, uploaded, downloaded, userid, UNIX_TIMESTAMP(last_action) AS ts";
$numpeers = $torrent["numpeers"];
$limit = "";
if ($numpeers > $rsize)
$limit = "ORDER BY RAND() LIMIT $rsize";
$res = mysql_query("SELECT $fields FROM peers WHERE torrent = $torrentid AND connectable = 'yes' $limit");
$resp = "d" . benc_str("interval") . "i" . $announce_interval . "e" . benc_str("peers") . "l";
unset($self);
while ($row = mysql_fetch_assoc($res))
{
$row["peer_id"] = hash_pad($row["peer_id"]);
if ($row["peer_id"] === $peer_id)
{
$userid = $row["userid"];
$self = $row;
continue;
}
$resp .= "d" .
benc_str("ip") . benc_str($row["ip"]) .
benc_str("peer id") . benc_str($row["peer_id"]) .
benc_str("port") . "i" . $row["port"] . "e" .
"e";
}
$resp .= "ee";
$selfwhere = "torrent = $torrentid AND " . hash_where("peer_id", $peer_id);
if (!isset($self))
{
$res = mysql_query("SELECT $fields FROM peers WHERE $selfwhere");
$row = mysql_fetch_assoc($res);
if ($row)
{
$userid = $row["userid"];
$self = $row;
}
}
//// Up/down stats ////////////////////////////////////////////////////////////
if (!isset($self))
{
$valid = @mysql_fetch_row(@mysql_query("SELECT COUNT(*) FROM peers WHERE torrent=$torrentid AND passkey=" . sqlesc($passkey)));
if ($valid[0] >= 1 && $seeder == 'no') err("Connection limit exceeded! You may only leech from one location at a time.");
if ($valid[0] >= 3 && $seeder == 'yes') err("Connection limit exceeded!");
$rz = mysql_query("SELECT id, uploaded, downloaded, class FROM users WHERE passkey=".sqlesc($passkey)." AND enabled = 'yes' ORDER BY last_access DESC LIMIT 1") or err("Tracker error 2");
if ($MEMBERSONLY && mysql_num_rows($rz) == 0)
err("Unknown passkey. Please redownload the torrent from $BASEURL.");
$az = mysql_fetch_assoc($rz);
$userid = $az["id"];
// if ($left > 0 && $az["class"] < UC_VIP)
if ($az["class"] < UC_VIP)
{
$gigs = $az["uploaded"] / (1024*1024*1024);
$elapsed = floor((gmtime() - $torrent["ts"]) / 3600);
$ratio = (($az["downloaded"] > 0) ? ($az["uploaded"] / $az["downloaded"]) : 1);
if ($ratio < 0.5 || $gigs < 5) $wait = 0;
elseif ($ratio < 0.65 || $gigs < 6.5) $wait = 0;
elseif ($ratio < 0.8 || $gigs < 8) $wait = 0;
elseif ($ratio < 0.95 || $gigs < 9.5) $wait = 0;
else $wait = 0;
if ($elapsed < $wait)
err("Not authorized (" . ($wait - $elapsed) . "h) - READ THE FAQ!");
}
}
else
{
// Get the last uploaded amount from user account for reference and store it in $last_up
$rst = mysql_query("SELECT class, uploaded FROM users WHERE id = $userid") or err("Tracker error 5");
$art = mysql_fetch_array($rst);
$last_up = $art["uploaded"];
$class = $art["class"];
$upthis = max(0, $uploaded - $self["uploaded"]);
$downthis = max(0, $downloaded - $self["downloaded"]);
if ($free)
$downthis = 0;
if ($double)
$upthis *= 2;
if ($upthis > 0 || $downthis > 0)
mysql_query("UPDATE users SET uploaded = uploaded + $upthis". ($torrent['free']=='no'?", downloaded = downloaded + $downthis ":' '). "WHERE id=$userid") or err("Tracker error 3");
// Initial sanity check xMB/s for 1 second
if($upthis > 2097152)
{
//Work out time difference
$endtime = time();
$starttime = $self['ts'];
$diff = ($endtime - $starttime);
//Normalise to prevent divide by zero.
$rate = ($upthis / ($diff + 1));
//Currently 2MB/s (2097152). Increase to 5MB/s (5242880) once finished testing.
if ($rate > 2097152)
{
if ($class < UC_MODERATOR)
{
$rate = mksize($rate);
$client = $agent;
$userip = getip();
auto_enter_cheater($userid, $rate, $upthis, $diff, $torrentid, $client, $userip, $last_up);
}
}
}
}
/////////////////////Fix Increase ratio using Firefox //////////////////////
$headers = getallheaders();
if (isset($headers["Cookie"]) || isset($headers["Accept-Language"]) || isset($headers["Accept-Charset"]))
err("Anti-Cheater= You cannot use this agent");
///////////////////end of fix//////////////////////
$dt = gmtime() - 180;
$dt = sqlesc(get_date_time($dt));
function portblacklisted($port)
{
// direct connect
if ($port >= 411 && $port <= 413) return true;
// bittorrent
if ($port >= 6881 && $port <= 6889) return true;
// kazaa
if ($port == 1214) return true;
// gnutella
if ($port >= 6346 && $port <= 6347) return true;
// emule
if ($port == 4662) return true;
// winmx
if ($port == 6699) return true;
return false;
}
$updateset = array();
if ($event == "stopped")
{
if (isset($self))
{
mysql_query("DELETE FROM peers WHERE $selfwhere");
if (mysql_affected_rows())
{
if ($self["seeder"] == "yes")
$updateset[] = "seeders = seeders - 1";
else
$updateset[] = "leechers = leechers - 1";
}
}
}
else
{
if ($event == "completed")
{
$updateset[] = "times_completed = times_completed + 1";
mysql_query("INSERT INTO snatched (torrentid,userid) VALUES ($torrentid,$userid)");
}
if (isset($self))
{
mysql_query("UPDATE peers SET uploaded = $uploaded, downloaded = $downloaded, to_go = $left, last_action = NOW(), seeder = '$seeder'"
. ($seeder == "yes" && $self["seeder"] != $seeder ? ", finishedat = " . time() : "") . " WHERE $selfwhere");
if (mysql_affected_rows() && $self["seeder"] != $seeder)
{
if ($seeder == "yes")
{
$updateset[] = "seeders = seeders + 1";
$updateset[] = "leechers = leechers - 1";
}
else
{
$updateset[] = "seeders = seeders - 1";
$updateset[] = "leechers = leechers + 1";
}
}
}
else
{
if ($az["parked"] == "yes")
err("Error, your account is parked! Please read the FAQ!");
if (portblacklisted($port))
err("Port $port is blacklisted.");
else
{
$sockres = @fsockopen($ip, $port, $errno, $errstr, 5);
if (!$sockres)
$connectable = "no";
else
{
$connectable = "yes";
@fclose($sockres);
}
}
$res1_s = mysql_query("SELECT torrentid, userid FROM snatched WHERE torrentid = $torrentid AND userid = $userid") or err('Tracker error (120)');
$row1_s = mysql_fetch_assoc($res1_s);
if (!$row1_s)
mysql_query("INSERT INTO snatched (torrentid, userid, port, start_date, agent,ip,peer_id) VALUES ($torrentid, $userid, $port, $dt, " . sqlesc($agent) . "," . sqlesc($ip) . "," . sqlesc($peer_id) . ")");
$ret = mysql_query("INSERT INTO peers (connectable, torrent, peer_id, ip, port, uploaded, downloaded, to_go, started, last_action, seeder, userid, agent, uploadoffset, downloadoffset) VALUES ('$connectable', $torrentid, " . sqlesc($peer_id) . ", " . sqlesc($ip) . ", $port, $uploaded, $downloaded, $left, NOW(), NOW(), '$seeder', $userid, " . sqlesc($agent) . ", $uploaded, $downloaded)");
if ($ret)
{
if ($seeder == "yes")
$updateset[] = "seeders = seeders + 1";
else
$updateset[] = "leechers = leechers + 1";
}
}
}
if ($seeder == "yes")
{
if ($torrent["banned"] != "yes")
$updateset[] = "visible = 'yes'";
$updateset[] = "last_action = NOW()";
}
if (count($updateset))
mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id = $torrentid");
benc_resp_raw($resp);
?>
|
|
| Tags |
| passkey or peers , problem |
«
Previous Thread
|
Next Thread
»
|
|
All times are GMT +2. The time now is 20:21.
vBulletin skin by ForumMonkeys.
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright ©2000 - 2024, vBulletin Solutions Inc.