X-Fusion Tracker

[Fynnon]

##############################################
INCLUDED HACKS
##############################################

PHP Code:

Ban BitTorrent Clients easily, By Petr1fied
Recover pasword by secret question by dottor
Change user class text to image By Bkiller
Add/subtract upload/download credit by The RED GUY (i have changed a few things and made it work on torrentstrike)
Request and Offer mod complete and working MADE SAFE by Sir_SnuggleBunny (i have changed a few things and made it work on torrentstrike)
More Sofisticated Warning System v2.0 by FeDePeCo
Tracker Protection by Christian Knerr (CBACK.DE - Der Online Computerguide)
Lottery Mod v2 - iMT, modification of iBheat, Automated/Dynamic Lottery System
Virtual Keyboard (stop keyloggers) by tony
Request to be Uploader by ScarS
Requested Type by dokty
Send message Priviliges by RAW
SeedBonus, new version by elegor
New Report mod, Safer faster EZ install by Sir_SnuggleBunny
Modified Abnormal Upload Speed Detector by ThaDon
Delete Dead Torrents by Xth-0utlaw
Delete Disabled Users by Alex2005
Active Users Modified By Sh0Ly
nforipper by RAW
Updated useragreement.php by mistero
Max. Staff v0.2 by xam
When user change his pass by RAW
Updated QUOTE function by retro
Search Torrents in browse.php by Lamers
When torrent is dead, not show in browse.php, immediately after not seeders by RAW
New ICGstation.css by me (more clean lol)
Number confirmation on signup By DemoN (i have changed a few things and made it work on torrentstrike)
Refresh Verification Image by Xam
NFO Ripper by RAW
Manage Tracker Categories by LiquidAtoR
Show/Hide torrents in userdetails.php by Cue i have changed a few things and made it work on torrentstrike)
Category image mod (replace category name with image in browse) by fixed
News Mod, with Show\Hide by devinkray
Temporary Demotion by Retro
Online Staff (missing credits)
Devin Custom Inbox provided by devin (Based on Tux system, Thanks to OiNK for it)
Request system provided by devin (Thanks to OiNK and Enzo for supplying the mod)
Invite Hack by rightthere & others
Online Users on index page (missing credits)
MySQL driven faqs by Avataru
First Line of support by aQuatomic
Warned panel by Wilba
Contact Staff by Echo
New Dynamic Control Panel by Nazaret2005
Little MySQL injection and other hacking protection By aymanghost
Poster Mod by johim, modified by enzo,devinkray (ripped from fullymodded)
Simpaty mod by yuna
Donor Panel by Alex
Shoutbox ban by irccar
Uploaders info panel
Reset Shoutbox by Codemaster
Progress Bar, by david (modified by Tony)
BBcode added to (comments , news , sendmessage)
Download / Upload Speed, by Nazaret2005
BT Client Selection Option By Enzo
Clickable thank you button in details ,by be4i
Gender mod by enzo
Online (Yes/No) Mod, By Sh0Ly
Golden Torrents, Mod by Laffin and MMN-O (ripped from fullymodded)
Port checker by lords
Present on christmas by Cue
Quick Reply in Comments by ltn100
Stopping staff from being added to the friends list
New shoutbox by dehas
STOP AOL PROXIES by Bainsy
Birthday gift mod by HoBoZ and XiaNYdE
Friends online in online list, by SvavarL & slightly
Stats ripped from FullyModded, modified by me
Upload & Downoad & forum priviliges, Original Code By Kipe & Modified By Wilba (ripped from fullymodded)
Current Mood mod by anka
Mod Tool View Ratings with show/hide by killerB
Change username   email for staff   reset users password in userdetails (ripped from FullyModded)
Birthday Mod (ripped from fullymodded)
6 Failed Logins by xam
Simple Announcement MOD by ashkarkm
Invite Tree Final by devin, based on OiNK's code
Code for Floods and Cheats block!, created by A1
Short Description by s4ne & devinkray (ripped from fullymodded)
Parked Mod
Remove Multiple-Tracker URLs by Wilba
Latest Nforce Releases
True Speed on userdetails by lords
Bad Password checker by LonniE
Anticheat: Increase ratio using Firefox, by Angel
Last 10 Torrents (torrentstrike edition) by me
Needing seeds on index (torrentstrike edition) by tony
Manage tracker countries by HCLivess
Wilba's Server Load Code
Torrent Info Mod by ltn100
Contact (icq,msn,yahoo,aim,skype )by Nazaret2005
Duplicate IP
Email banning mod by x0r 


##############################################
FRESH INSTALLATION
##############################################

PHP Code:

-1- Uploading the files:
------------------------

Upload all files to your website.


-2- Additional setup: Creating missing folders/files and CHMOD them (only needed by restricted apache server)
-------------------------------------------------------------------------------------------------------------

 
Files or folder to chmod:

  - chmod 777 your torrents folder
  - chmod 666 phpBB2/config.php
  - chmod 666 include/config.php
  - chmod 777 phpBB2/images/avatars (only neeeded if you want your users to send their own avatars)
  - chmod 666 info/stats.txt
  - chmod 666 your cache/staff.txt
  - chmod 777 your include/banned_clients.txt


-3- Setting up TBDev :
----------------------

open your web browser to http://www.yourdomain.com/admincp.php
Enter all the needed info there and submit.
Torrents and BitBucket must be the two folder you have created
Keep the 'Activate PhpBB Forum' box unchecked for now !

After saving your config, the install will install the needed sql files for you.


-4- Create a TBDev sysop account:
--------------------------------

open your web browser to http://www.yourdomain.com and choose Register
Register your account. 
This first created account will be granted with Sysop administrative rights, so it's good to choose 'admin' as 'Desired username'.


-5- Installing phpbb:
--------------------

Click the forum link, and choose "INSTALL NOW !" (This link is only shown if your are the sysop)
All parameters are set for you by TorrentStrike (check if they are correct for you), you only need to reenter your sysop account password.
Click the 'finish installation' button.

-6- Activate phpbb:
-------------------

open your web browser to http://www.yourdomain.com/admincp.php
check the 'Activate PhpBB Forum' box and submit.
delete install/ and contrib/ directories from the phpbb2 folder.
Logout and then Login again from the sysop account to update the phpbb admin login. (do it it's important!)

-7- Configure phpbb:
-------------------

use the link 'Go to Administration Panel' inside each phpbb page, you will need to identify yourself again 


[markwright]

For those that have the

Code:

"Access Denied!","We come to believe you are using a fake account, therefore we've logged this action!"

problem after installing this source that is because you need to write the name of the tracker admins in bittorrent.php

1. You can open bittorrent.php and on line 55 you will find:

Code:

$lsysopnames = array("Admin", "Admin2", "Neptune", "Admin3"); // Case sensitive. Change this (YOUR SYSOP-ADMIN NAMES GOES HERE) (example: array("adminname1","adminname2","adminname3","adminname4","so far")

You need to replace the names "Admin, Neptune..." with the names of your admins ( I wrote Fynnon) :P


2. If that doesn`t work you can disable this mod be deleting the:

Max. Staff v0.2 by xam mod from "bittorrent.php"

Code:

//---------------------------------
//---- Max. Staff v0.2 by xam
//---------------------------------
function maxsysop () {
global $CURUSER;
// Check Staff Names
$lmaxclass  = 96;
$lsysopnames = array("Admin", "admin", "Neptune"); // Case sensitive. Change this (YOUR SYSOP-ADMIN NAMES GOES HERE) (example: array("adminname1","adminname2","adminname3","adminname4","so far")
	if ($CURUSER["class"] >= $lmaxclass)
		if (!in_array($CURUSER["username"], $lsysopnames, true)) { // true for strict comparison
			$msg = "Fake Account Detected: Username: ".$CURUSER["username"]." - UserID: ".$CURUSER["id"]." - UserIP : ".getip();
			write_log($msg);
			stderr("Access Denied!","We come to believe you are using a fake account, therefore we've logged this action!");
		}
// Check Staff IDS			
define ('UC_STAFF', 64); // Minumum Staff Level (4= UC_MODERATOR)
if ($CURUSER['class'] >= UC_MODERATOR) {
	$allowed_ID = array(1); // Change this (YOUR SYSOP-ADMIN IDS GOES HERE) (example: array(1,2,3,4,5))
		if (!in_array((int)$CURUSER['id'], $allowed_ID, true)) { // true for strict comparison
			$msg = "Fake Account Detected: Username: ".$CURUSER["username"]." - UserID: ".$CURUSER["id"]." - UserIP : ".getip();
			write_log($msg);
			stderr("Access Denied!","We come to believe you are using a fake account, therefore we've logged this action!");			
		}		
	}
}
//---------------------------------
//---- Max. Staff v0.2 by xam
//---------------------------------

and the code line

Code:

maxsysop ();

from every page you get the error.

[seb35]

nice but unsecure

[18cent]

In utorrent I got this error : HTTP 404!

[18cent]

Screenshot , where??

[Explorer]

you take screenshot in your site :D

and paste here

[rocky10]

Hello, I have just installed the tracker, I have to say that is well made. Congratulations. I have only one problem: If I put a torrent .. I quit on ? torrent: tracker sending invalid data ... how can I solve?
And finally .. which thema reccomended me to install?

Thank you all and sorry for the English. :)

[Kotafi]

I dunno if this helps but try this announce.php...
Works for me :D

Code:

<?
/*
// +--------------------------------------------------------------------------+
// | TorrentStrike X-Edition by Neptune                                       |
// +--------------------------------------------------------------------------+
// | This file is part of TorrentStrike X-Edtion. Is based on TBDev,          |
// | originally by RedBeard of TorrentBits, extensively modified by           |
// | Gartenzwerg.                                                             |
// |                                                                          |
// | TorrentStrike is free software; you can redistribute it and/or modify    |
// | it under the terms of the GNU General Public License as published by     |
// | the Free Software Foundation; either version 2 of the License, or        |
// | (at your option) any later version.                                      |
// |                                                                          |
// | TorrentStrike is distributed in the hope that it will be useful,         |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of           |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            |
// | GNU General Public License for more details.                             |
// |                                                                          |
// | You should have received a copy of the GNU General Public License        |
// | along with TorrentStrike; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA            |
// +--------------------------------------------------------------------------+
// |                                       TorrentStrike X-Edition by Neptune |
// +--------------------------------------------------------------------------+
*/
ob_start("ob_gzhandler");

require_once("include/bittorrent.php");
require_once("include/benc.php");



function err($msg)
{
	benc_resp(array("failure reason" => array(type => "string", value => $msg)));
	exit();
}

function benc_resp($d)
{
	benc_resp_raw(benc(array(type => "dictionary", value => $d)));
}

function benc_resp_raw($x)
{
	header("Content-Type: text/plain");
	header("Pragma: no-cache");
	print($x);
}

$req = "info_hash:peer_id:!ip:port:uploaded:downloaded:left:!event:!passkey";
foreach (explode(":", $req) as $x)
{
	if ($x[0] == "!")
	{
		$x = substr($x, 1);
		$opt = 1;
	}
	else
		$opt = 0;
	if (!isset($_GET[$x]))
	{
		if (!$opt)
			err("missing key");
		continue;
	}
	$GLOBALS[$x] = unesc($_GET[$x]);
}

if (ENA_PASSKEY && (
		strlen($passkey) != 32 && 
		@mysql_num_rows(@mysql_query("SELECT id FROM users WHERE passkey=" . sqlesc($passkey))) != 1))
	err("Invalid passkey! Re-download the .torrent from $BASEURL ($passkey)");
$passkey=sqlesc($passkey);	

foreach (array("info_hash","peer_id") as $x)
{
	if (strlen($GLOBALS[$x]) != 20)
		err("invalid $x (" . strlen($GLOBALS[$x]) . " - " . urlencode($GLOBALS[$x]) . ")");
}

//if (empty($ip) || !preg_match('/^(\d{1,3}\.){3}\d{1,3}$/s', $ip))
	$ip = getip();

$port = 0 + $port;
$downloaded = 0 + $downloaded;
$uploaded = 0 + $uploaded;
$left = 0 + $left;

$rsize = 50;
foreach(array("num want", "numwant", "num_want") as $k)
{
	if (isset($_GET[$k]))
	{
		$rsize = 0 + $_GET[$k];
		break;
	}
}

$agent = $_SERVER["HTTP_USER_AGENT"];

// Deny access made with a browser...
//if (ereg("^Mozilla\\/", $agent) || ereg("^Opera\\/", $agent) || ereg("^Links ", $agent) || ereg("^Lynx\\/", $agent))
//	err("torrent not registered with this tracker");

if (!$port || $port > 0xffff)
	err("invalid port");

if (!isset($event))
	$event = "";

$seeder = ($left == 0) ? "yes" : "no";


// Banned Clients - By Petr1fied
$filename = "include/banned_clients.txt";
if (filesize($filename)==0 || !file_exists($filename))
$banned_clients=array();
else
{
$handle = fopen($filename, "r");
$banned_clients = unserialize(fread($handle, filesize($filename)));
fclose($handle);
}

foreach($banned_clients as $k => $v)
{
if(substr(bin2hex($peer_id), 0, 16) == $v["peer_id"] || substr(bin2hex($peer_id), 0, 6) == $v["peer_id"])
{
$client_ban=array($v["client_name"], $v["reason"]);
}
}

if($client_ban)
err("I'm sorry, $client_ban[0] is banned from this tracker (".stripslashes($client_ban[1]).")");
// Banned Clients - By Petr1fied


$res = mysql_query("SELECT id, banned, free, seeders + leechers AS numpeers, UNIX_TIMESTAMP(added) AS ts FROM torrents WHERE " . hash_where("info_hash", $info_hash));

$torrent = mysql_fetch_assoc($res);
if (!$torrent)
	err("torrent not registered with this tracker");

$torrentid = $torrent["id"];

$fields = "seeder, peer_id, ip, port, uploaded, downloaded, userid, UNIX_TIMESTAMP(last_action) AS ts";

$numpeers = $torrent["numpeers"];
$limit = "";
if ($numpeers > $rsize)
	$limit = "ORDER BY RAND() LIMIT $rsize";
$res = mysql_query("SELECT $fields FROM peers WHERE torrent = $torrentid AND connectable = 'yes' $limit");

$resp = 'd' . benc_str('interval') . 'i' . $announce_interval . 'e' . benc_str('peers') . (($compact = ($_GET['compact'] == 1))?'':'l');
unset($self);
while ($row = mysql_fetch_assoc($res))
{
	$row["peer_id"] = hash_pad($row["peer_id"]);

	if ($row["peer_id"] === $peer_id)
	{
		$userid = $row["userid"];
		$self = $row;
		continue;
	}
	if($compact)
	{
		$peer_ip = explode('.', $row["ip"]);
		$plist .= pack("C*", $peer_ip[0], $peer_ip[1], $peer_ip[2], $peer_ip[3]). pack("n*", (int)$row["port"]);
	} else {
		$resp .= "d" .
		benc_str("ip") . benc_str($row["ip"]) .
		benc_str("peer id") . benc_str($row["peer_id"]) .
		benc_str("port") . "i" . $row["port"] . "e" .
		"e";
	}
}

$resp .= ($compact ? benc_str($plist):''). "ee";

$selfwhere = "torrent = $torrentid AND ". (ENA_PASSKEY ?"passkey=$passkey AND ":'') . hash_where("peer_id", $peer_id);

if (!isset($self))
{
	$res = mysql_query("SELECT $fields FROM peers WHERE $selfwhere");
	$row = mysql_fetch_assoc($res);
	if ($row)
	{
		$userid = $row["userid"];
		$self = $row;
	}
}


//--- Fix Increase ratio using Firefox & Deny access made with a browser ---//
$agent = $_SERVER["HTTP_USER_AGENT"];
if (isset($_SERVER['HTTP_COOKIE']) || isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) || isset($_SERVER['HTTP_ACCEPT_CHARSET']))
       
       if (isset($_GET['info_hash']) || isset($_GET['uploaded']) || isset($_GET['downloaded']) || isset($_GET['event']))
       {
$ip = getip();
write_log("A user has been detected trying to cheat. Their IP address is $ip");
       die("Your penis is too small... go eat some brocoli.");
       }
       elseif (ereg("^Mozilla\\/", $agent) || ereg("^Opera\\/", $agent) || ereg("^Links ", $agent) || ereg("^Lynx\\/", $agent) || ereg("^curl\\/", $agent))
die("torrent not registered with this tracker");
//---- end of fix ----//


//// Up/down stats ////////////////////////////////////////////////////////////

if (!isset($self))
{
	if(ENA_PASSKEY && ENA_PASSKEYLIMITCONNECTIONS)
	{
		$valid = @mysql_num_rows(@mysql_query("SELECT id FROM peers WHERE torrent=$torrentid AND passkey=$passkey"));
		if ($valid[0] >= 1 && $seeder == 'no') 
			err("Connection limit exceeded! You may only leech from one location at a time.");
		if ($valid[0] >= 3 && $seeder == 'yes') 
			err("Connection limit exceeded!");
	}
	$rz = mysql_query("SELECT id, uploaded, downloaded, class FROM users WHERE ip='$ip' AND enabled = 'yes' ". (ENA_PASSKEY ? "AND passkey=$passkey ":''). "ORDER BY last_access DESC LIMIT 1") or err("Tracker error 2");
	if ($MEMBERSONLY && mysql_num_rows($rz) == 0)
		err("Unrecognized host ($ip). Please go to $BASEURL to sign-up or login.");
	$az = mysql_fetch_assoc($rz);
	$userid = $az["id"];

//	if ($left > 0 && $az["class"] < UC_VIP)
	if ($az["class"] < UC_VIP)
	{
		$gigs = $az["uploaded"] / (1024*1024*1024);
		$elapsed = floor((gmtime() - $torrent["ts"]) / 3600);
		$ratio = (($az["downloaded"] > 0) ? ($az["uploaded"] / $az["downloaded"]) : 1);
		if ($ratio < 0.5 || $gigs < 5) $wait = 48;
		elseif ($ratio < 0.65 || $gigs < 6.5) $wait = 24;
		elseif ($ratio < 0.8 || $gigs < 8) $wait = 12;
		elseif ($ratio < 0.95 || $gigs < 9.5) $wait = 6;
		else $wait = 0;
		if (($elapsed < $wait)&&($seeder == 'no'))
				err("Not authorized (" . ($wait - $elapsed) . "h) - READ THE FAQ!");
	}
}
else
{
	
// Get the last uploaded amount from user account for reference and store it in $last_up
    $rst = mysql_query("SELECT class, uploaded FROM users WHERE id = $userid") or err("Tracker error 5");
    $art = mysql_fetch_array($rst);
    $last_up = $art["uploaded"];
    $class = $art["class"];
	
	$upthis = max(0, $uploaded - $self["uploaded"]);
	$downthis = max(0, $downloaded - $self["downloaded"]);

	    if ($upthis > 0 || $downthis > 0)
        mysql_query("UPDATE users SET uploaded = uploaded + $upthis". ($torrent['free']=='no'?", downloaded = downloaded + $downthis ":' '). "WHERE id=$userid") or err("Tracker error 3");
}

// Initial sanity check xMB/s for 1 second
    if($upthis > 2097152)
    {
        //Work out time difference
        $endtime = time();
        $starttime = $self['ts'];
        $diff = ($endtime - $starttime);
        //Normalise to prevent divide by zero.
        $rate = ($upthis / ($diff + 1));
        //Currently 2MB/s. Increase to 5MB/s once finished testing.
        if ($rate > 2097152)
        {
            if ($class < UC_MODERATOR)
            {
                $rate = mksize($rate);
                $client = $agent;
                $userip = getip();

                auto_enter_cheater($userid, $rate, $upthis, $diff, $torrentid, $client, $userip, $last_up);
            }
        }
    }

///////////////////////////////////////////////////////////////////////////////

function portblacklisted($port)
{
	// direct connect
	if ($port >= 411 && $port <= 413) return true;

	// bittorrent
	if ($port >= 6881 && $port <= 6889) return true;

	// kazaa
	if ($port == 1214) return true;

	// gnutella
	if ($port >= 6346 && $port <= 6347) return true;

	// emule
	if ($port == 4662) return true;

	// winmx
	if ($port == 6699) return true;

	return false;
}

$updateset = array();

if ($event == "stopped")
{
	if (isset($self))
	
	{
		mysql_query("DELETE FROM peers WHERE $selfwhere");
		if (mysql_affected_rows())
		{
			if ($self["seeder"] == "yes")
				$updateset[] = "seeders = seeders - 1";
			else
				$updateset[] = "leechers = leechers - 1";
		}
	}
}
else
{
	if ($event == "completed")
		$updateset[] = "times_completed = times_completed + 1";

	if (isset($self))
	{
		mysql_query("UPDATE peers SET uploaded = $uploaded, downloaded = $downloaded, to_go = $left, last_action = NOW(), seeder = '$seeder'"
			. ($seeder == "yes" && $self["seeder"] != $seeder ? ", finishedat = " . time() : "") . " WHERE $selfwhere");
		if (mysql_affected_rows() && $self["seeder"] != $seeder)
		{
			if ($seeder == "yes")
			{
				$updateset[] = "seeders = seeders + 1";
				$updateset[] = "leechers = leechers - 1";
			}
			else
			{
				$updateset[] = "seeders = seeders - 1";
				$updateset[] = "leechers = leechers + 1";
			}
		}
	}
	else
	{
		if (portblacklisted($port))
			err("Port $port is blacklisted.");
		else
		{
			$sockres = @fsockopen($ip, $port, $errno, $errstr, 5);
			if (!$sockres)
				$connectable = "no";
			else
			{
				$connectable = "yes";
				@fclose($sockres);
			}
		}

		$ret = mysql_query("INSERT INTO peers (connectable, torrent, peer_id, ip, port, uploaded, downloaded, to_go, started, last_action, seeder, userid, agent, uploadoffset, downloadoffset, passkey) VALUES ('$connectable', $torrentid, " . sqlesc($peer_id) . ", " . sqlesc($ip) . ", $port, $uploaded, $downloaded, $left, NOW(), NOW(), '$seeder', $userid, " . sqlesc($agent) . ", $uploaded, $downloaded, $passkey)");
		if ($ret)
		{
			if ($seeder == "yes")
				$updateset[] = "seeders = seeders + 1";
			else
				$updateset[] = "leechers = leechers + 1";
		}
	}
}

if ($seeder == "yes")
{
	if ($torrent["banned"] != "yes")
		$updateset[] = "visible = 'yes'";
	$updateset[] = "last_action = NOW()";
}

if (count($updateset))
	mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id = $torrentid");

benc_resp_raw($resp);


?>

[rocky10]

Thank you for having responded .. I tried .. but always comes out the same mistake:

Code:

tracker sending invalid dates <NULL>

is ... normal? :cry:

[seb35]

Fix error

in cleanup find:

Code:

sql_query("DELETE FROM captcha WHERE dateline < $dt") or sqlerr(__FILE__,__LINE__);

and change to:

Code:

mysql_query("DELETE FROM captcha WHERE dateline < $dt") or sqlerr(__FILE__,__LINE__);

put in db

Code:

CREATE TABLE `captcha` (
`imagehash` varchar(32) NOT NULL default '',
`imagestring` varchar(8) NOT NULL default '',
`dateline` bigint(30) NOT NULL default '0',
KEY `imagehash` (`imagehash`),
KEY `dateline` (`dateline`)
) ENGINE=MyISAM;