Passkey

Started by greentide, July 24, 2011, 04:55:25 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

stoner

I know what your after and have just implemented it to my site.

This is not fully tested as of yet, but I have seen no problems so far.

takeupload.php
Comment all this code
  //$dict['value']['announce']=bdec(benc_str($INSTALLER09['announce_urls'][0]));  // change announce url to local
    //$dict['value']['info']['value']['private']=bdec('i1e');  // add private tracker flag
    //$dict['value']['info']['value']['source']=bdec(benc_str( "{$INSTALLER09['baseurl']} {$INSTALLER09['site_name']}")); // add link for bitcomet users
    //$dict['value']['comment'] = bdec(benc_str("In using this torrent you are bound by the {$INSTALLER09['site_name']} Confidentiality Agreement By Law")); // change torrent comment
    //unset($dict['value']['announce-list']); // remove multi-tracker capability
    //unset($dict['value']['nodes']); // remove cached peers (Bitcomet & Azareus)
    //$dict=bdec(benc($dict)); // double up on the becoding solves the occassional misgenerated infohash
    //list($ann, $info) = dict_check($dict, "announce(string):info");
   

Make sure you still have
$infohash = sha1($info["string"]);
Then add.
unset($dict);
just under
    $tmaker = (isset($dict['value']['created by']) && !empty($dict['value']['created by']['value'])) ? sqlesc($dict['value']['created by']['value']) : sqlesc($lang['takeupload_unkown']);


Add
move_uploaded_file($tmpname, "{$INSTALLER09['torrent_dir']}/$id.torrent");

under
    sql_query("INSERT INTO files (torrent, filename, size) VALUES ".file_list($filelist,$id));



Announce.php
Comment this (might have to revert)

if($_GET['compact'] != 1)
{
$resp = "d" . benc_str("interval") . "i" . $INSTALLER09['announce_interval'] . "e" . benc_str("private") . 'i1e' . benc_str("peers") . "l";
}
else
{
$resp = "d" . benc_str("interval") . "i" . $INSTALLER09['announce_interval'] ."e" . benc_str("private") . 'i1e'. benc_str("min interval") . "i" . 300 ."e5:"."peers" ;
}


And add
if($_GET['compact'] != 1)
{
$resp = "d" . benc_str("interval") . "i" . $INSTALLER09['announce_interval'] . "e" . benc_str("peers") . "l";
}
else
{
$resp = "d" . benc_str("interval") . "i" . $INSTALLER09['announce_interval'] ."e" . benc_str("min interval") . "i" . 300 ."e5:"."peers" ;
}


Upload.php
change
<input type=\"text\" size=\"40\" readonly=\"readonly\" value=\"{$INSTALLER09['announce_urls'][0]}\" onclick=\"select()\" />

for
<input type=\"text\" size=\"80\" readonly=\"readonly\" value=\"{$INSTALLER09['announce_urls'][0]}?{$CURUSER['passkey']}\" onclick=\"select()\" />


All seems to be working for me.  As you can see, I have said comment rather than delete the code, so it can be reverted.   Only bit I'm not 100% on is the announce.
Should be fine for you.  But I have let users upload the original way and my bot with this new way.

Laffin

There are plenty of ways of implementing a secure token system.
1) By Torrent (Passkey per torrent - standard which makes your suggestion impossible)
2) By User (Passkey remains the same for each user)
3) By User/IP

or a system that implemts a combination of each method.

MY suggestion would be to add a By User passkey which is locked to an ip. Note, I did say Add, so you can use a normal client for standard users, and a special key for seedboxes, maybe use a special torrent for this box for verifications, and give the passkey to the user, most advance users can change the torrent announce to include the key

---
Laffin BCFH

Coolmax

Quote from: cm27 on March 24, 2012, 12:58:51 AM
Its safer to use a passkey no biggie

Oh of course it is..
What im saying is having your passkey included at the end of the announce.
eg: announce.php?pid=xxxxxxxxxxxxxxxxxxxxxxxxx
That way if your using rutorrent you can seed it right away without redownloading the torrent file and sending it back to rutorrent.

Coolmax

cm27

Its safer to use a passkey no biggie
Never fall to those that just sit there.. Always look for the way to the top even if you have to code it your self and mistakes and all... quote from BonZO...

Coolmax

I wish this was possible..
Would make life easier uploading with a seedbox.

AMB

Cause it's not suppose to be like that Greentide.. I tried that awhile ago lol.. You have to use the regular announce, then redownload the .torrent to get the passkey.. No other way currently

greentide

#5
Thanks so much for this. :)

I have a problem when i stop and start the torrent im getting
QuoteTracker: [Failure reason "Invalid Passkey"]

Mindless

Upload.php -=

Code (php) Select
<input type=\"text\" size=\"40\" readonly=\"readonly\" value=\"{$INSTALLER09['announce_urls'][0]}\" onclick=\"select()\" />

To :

Code (php) Select
<input type=\"text\" size=\"80\" readonly=\"readonly\" value=\"{$INSTALLER09['announce_urls'][0]}?{$CURUSER['passkey']}\" onclick=\"select()\" />

greentide

#3
Hi

Thanks for the help!

Basicly the announce url and passkey gets generated on there upload page for the user eg. http://sitename.za.com/announce.php?passkey=901549b26fds6a342e859a83c5c7ghf".

Once you have uploaded all i need to do is to stop and start the torrent and it will start seeding.

Mindless

Thats an image and it means absolutely nothing to me - Care to elaborate a little and explain exactly what this is cos guessing is no my thing ?

greentide

#1
I im wondering if this will be possible.

I would to have this system in place regarding passkeys the reason been is it makes it easer to upload using a seedbox. Click on image to see.

Thanks for your help

[attachment deleted by admin]