Passkey system for private tracker
seidren - March 25, 2009 - 15:56
| Project: | BitTorrent |
| Version: | 6.x-9.0-beta1 |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
The private tracker did not work out of the box as expected. I did some digging and found these issues and fixed them temporarily.
I believe the author is working towards an overhaul of the passkey system. http://drupal.org/node/259604#comment-1267216
But for the moment these modifications make the private tracker work.
In bt_tracker.module the function bt_tracker_get_passkey is empty. The code is commented out. I enabled it and made a few changes...
<?php
function bt_tracker_get_passkey($reset = FALSE) {
global $user;
// Determine if the passkey needs to be reset.
$passkey_stat = db_fetch_array(db_query("SELECT btu.passkey_status, btu.passkey FROM {bt_tracker_users} btu WHERE uid = %d", $user->uid));
if ($passkey_stat['passkey_status'] == 1 || $passkey_stat['passkey'] == NULL || $reset) {
$passkey = sha1($user->uid . $user->name . time() . variable_get('drupal_private_key', ''), FALSE);
$in_table = db_result(db_query("SELECT COUNT(btu.passkey) FROM {bt_tracker_users} btu WHERE uid = %d LIMIT 1", $user->uid));
if ($in_table) {
db_query("UPDATE {bt_tracker_users} btu SET btu.passkey = %b, btu.passkey_status = 0 WHERE uid = %d", $passkey, $user->uid);
}
else {
db_query("INSERT INTO {bt_tracker_users}(uid, passkey) VALUES (%d, %b)", $user->uid, $passkey);
}
drupal_set_message(t('Your passkey has been updated please re-download any currently running torrents.'));
}
else {
$passkey = db_result(db_query("SELECT btu.passkey FROM {bt_tracker_users} btu WHERE uid = %d", $user->uid));
}
return $passkey;
}
?>In announce.php the section where it validates the passkey has to be modified too... like this
<?php
if (array_key_exists('passkey', $request)) {
if ($_tracker_scope != 0) {
if (strlen($request['passkey']) != 40) {
bt_message('Invalid passkey: '. $request['passkey'], BITTORRENT_MESSAGE_ERROR);
}
}
else if ($_tracker_scope == 0) {
bt_message('Invalid passkey: '. $request['passkey'], BITTORRENT_MESSAGE_WARNING);
unset($request['passkey']);
}
}
?>Further down in announce.php I had to comment out the code that check 'user permission to use the tracker'
<?php
// Start the generating the response.
if ($_tracker_scope == 2) {
// Lookup the user and validate permission to use the tracker.
$uid = db_result(db_query("SELECT uid FROM {bt_tracker_users} WHERE passkey = '%s'", $request['passkey']));
if (empty($uid)) {
bt_message('Passkey does not exist please re-download torrent.', BITTORRENT_MESSAGE_ERROR);
}
// Determine if the user has permission to use the tracker.
// $account = user_load( array('uid' => $uid) )
// if (!user_access('download torrents', $account)) {
// bt_message('User does not have permission to user the tracker.', BITTORRENT_MESSAGE_ERROR);
// }
?>
#1
Is the tracker working correctly with these changes? The only issue I have just from looking over the post is commenting out the check to see if the user has permission to use the tracker. This uses Drupal's built-in user permission system to allow user access. Simply give your user(s) access from the admin side and they should be allowed in. Was there a specific reason for commenting this out?
Thanks for looking into the passkey side of things. I have been up to my eyeballs in getting Views 2 working with this module.
#2
I think the announce.php script crashes/stops at the 'user_load' function. Without commenting it out.. the bt client says 'tracker sent null' .
After commenting it out.. the bt client is working fine.
I haven't looked into the reasons for the user_load function to crash. The uid is valid but the function halts the script. Probably the function is inaccessible or something.
#3
Out of curiosity, are you running a mixed tracker or strictly private?
#4
It is a strictly Private Tracker.
I forgot to mention that I also modified the bt_torrent_view function to append the passkey to the torrent download link. The code was taken from the D5 version.
<?php
function bt_torrent_view($node, $teaser = FALSE, $page = FALSE) {
if (!$teaser) {
// Use Drupal's default node view.
$node = node_prepare($node, $teaser);
global $user;
if (module_exists('bt_tracker') && $user->uid != 0 && variable_get('bt_override_announce', 1) == 2 && variable_get('bt_tracker_scope', 0) != 0) {
$passkey = module_invoke('bt_tracker', 'get_passkey');
$link = theme('bt_torrent_link', 'torrent/download/'. $node->nid .'/'. urlencode($passkey));
}
else {
// Add the link to the torrent download.
$link = theme('bt_torrent_link', 'torrent/download/'. $node->nid);
}
$node->content['torrent_link'] = array(
'#value' => $link,
'#weight' => 1
);
}
if ($teaser) {
// Use Drupal's default node view.
$node = node_prepare($node, $teaser);
}
return $node;
}
?>
I also would like to know the reason behind checking if the user has permission to access the tracker. Without access the user wouldn't have got torrent in the first place right ? Or am I missing something ?
#5
The module is designed so that if you do not want to operate a tracker you may choose to not do so. Or if you want to have a only a certain set of users use your local tracker while others use a different one, that is allowed. Does this make sense?
One possibility is that I was trying to please too wide of an audience when no one wanted that use case. :)
#6
Hmm. I believe its too wide of audience... ;) I would wait for a feature request to show up before I wreck my brain on such complicated scenarios.
But for the moment, how about move the permission check to the bt_torrent_view function ?
That way... the user will be able to download the torrent only if he has permission to download.
You can control access to the tracker using access to the torrent. right ?
<?php
function bt_torrent_view($node, $teaser = FALSE, $page = FALSE) {
if (!$teaser) {
// Use Drupal's default node view.
$node = node_prepare($node, $teaser);
global $user;
if (user_access("download torrent") == TRUE) {
if (module_exists('bt_tracker') && $user->uid != 0 && variable_get('bt_override_announce', 1) == 2 && variable_get('bt_tracker_scope', 0) != 0) {
$passkey = module_invoke('bt_tracker', 'get_passkey');
$link = theme('bt_torrent_link', 'torrent/download/'. $node->nid .'/'. urlencode($passkey));
}
else {
// Add the link to the torrent download.
$link = theme('bt_torrent_link', 'torrent/download/'. $node->nid);
}
$node->content['torrent_link'] = array(
'#value' => $link,
'#weight' => 1
);
}
}
if ($teaser) {
// Use Drupal's default node view.
$node = node_prepare($node, $teaser);
}
return $node;
}
?>
#7
There should definitely be a limit on accessing the torrent, and the whole purpose of passkey is to limit access on the tracker side. On the tracker side there is logic to account for multiple people using the same passkey, it accordingly "deactivates" the passkey. Forcing the user to re-download the torrent (which in turn generates the new passkey).
But if a user violates some rules of your site and you would like to remove their permission to use the tracker, it should be as simple as changing a role the user has. I will try and step through this and figure out why it is not working. In the old module there was a rather interesting SQL call that determined access.
Thanks for your help!
#8
hi does anyone know how to make the mod_bt tracker private???
need help ASAP.
thanx alot.
#9
Please, create separate "support request" issue.
#10
#11
Automatically closed -- issue fixed for 2 weeks with no activity.