Passkey problem
malinens - May 17, 2008 - 14:23
| Project: | BitTorrent |
| Version: | 5.x-2.0-beta3 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | gildedgod |
| Status: | won't fix |
Jump to:
Description
My passkey looks like this:
http://myste/drupalweb/announce.php?passkey=%FB%B1%CD%BC%B4%3B.%5E%C2%04...
and I have problem- I can not seed torrent, I have this error: User does not have permission to user(yes, user not use) this tracker.
I hope You'll help me :)
/sorry for my bad english/
#1
Thanks for catching the bad string (many long nights went into this, apparently some were to long :)). As far as the passkey is concerned, it should be decoded automatically by php. The passkey that is created for you is created using sha1(, TRUE) meaning that the returned passkey does contain binary (the reason for all the escaping). I will look at converting the passkey into hex before assigning it to a user hopefully making everything easier on both the client and server side.
NOTE: This is a copy from the original post at #250601: Question about Bit Torrent
#2
I'm also having a problem with the passkey. Instead of saying does not have permission my torrent client transmission is simply saying "Invalid passkey: qP%253BL%25DA%25A8%25BFg%25A3%25B3%25D7%25A3%25A1%259A%25CF%25D4%2516J%25E7%25E2". This is from a torrent that I had downloaded from another tracker and then resubmitted to my site as a test.
#3
Grrrr!
I also have such a passkey and message "User does not have permission to user(yes, user not use) this tracker.":
http://****.ru/announce.php?passkey=%EB%DC%2B%F3%8F%05%C5%88NQ%1Di%81%CE...
#4
There some bugs in code:
FROM:
<?php
// Determine if the user has permission to use the tracker.
$role = db_result(db_query("SELECT r.name FROM {role} r INNER JOIN {users_role} ur ON ur.rid = r.rid INNER JOIN {permission} p ON p.rid = ur.rid WHERE ur.uid = %d AND p.perm LIKE '%download torrent%'"));
if (!$role) {
bt_message('User does not have permission to user the tracker.', BITTORRENT_MESSAGE_ERROR);
}
?>
TO:
<?php
// Determine if the user has permission to use the tracker.
$role = db_result(db_query("SELECT r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid INNER JOIN {permission} p ON p.rid = ur.rid WHERE ur.uid = %d AND p.perm LIKE '%download torrent%'"));
if (!$role) {
bt_message('User does not have permission to user the tracker.', BITTORRENT_MESSAGE_ERROR);
}
?>
There is a misprint here: users_roles
FROM:
<?phpif (array_key_exists('passkey', $request)) {
if (strlen(urldecode($request['passkey'])) != 20) {
bt_message('Invalid passkey: '. $request['passkey'], BITTORRENT_MESSAGE_ERROR);
}
}
?>
TO:
<?phpif (array_key_exists('passkey', $request)) {
if (strlen($request['passkey']) != 20) {
bt_message('Invalid passkey: '. $request['passkey'], BITTORRENT_MESSAGE_ERROR);
}
}
?>
The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results. http://php.net/urldecode
#5
Thanks for all of your help in finding and isolating these issues, I will try and roll in some of these changes over the weekend.
#6
Also, you should fix this permission problem too:
FROM:
$role = db_result(db_query("SELECT r.name FROM {role} r INNER JOIN {users_role} ur ON ur.rid = r.rid INNER JOIN {permission} p ON p.rid = ur.rid WHERE ur.uid = %d AND p.perm LIKE '%download torrent%'"));TO:
$role = db_result(db_query("SELECT r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid INNER JOIN {permission} p ON p.rid = ur.rid WHERE ur.uid = %d AND p.perm LIKE '%%download torrent%%'", $uid));I replaced '%download torrent%' with '%%download torrent%%'
#7
The passkey system is getting an overhaul in the new D6 release. There is a focus on getting the basic tracker up and functioning nicely before implementing the system. The changes there will definitely be backported to here.
~Chris
#8
5.x version is longer not supported.