djone21 Posted September 20, 2006 Report Share Posted September 20, 2006 My friend (splintax) wrote this page in php so that a user can enter their IP, port, username and password and it will load up the WebUI in their browser. Check it out, its very nice. Comments welcomehttp://splintax.com/utorrent.php Link to comment Share on other sites More sharing options...
Stan Posted September 20, 2006 Report Share Posted September 20, 2006 would be nice if he releases the code... We dont know what he is really doing Link to comment Share on other sites More sharing options...
Gussi Posted September 20, 2006 Report Share Posted September 20, 2006 It's nifty, but there's really no use for it other than logging someones else username and password.... and that's not cool :/ Link to comment Share on other sites More sharing options...
ICleolion Posted September 20, 2006 Report Share Posted September 20, 2006 no need for this unless the www.utorrent.com site is gonna add a WebUI logon button to the linkbar. Link to comment Share on other sites More sharing options...
Pleh Posted September 20, 2006 Report Share Posted September 20, 2006 if you have to enter your ip, port, username and password, why wouldnt you just type those into the addressbar and press enter instead of using the redirect thingy? seems like a needless extra step to me :s Link to comment Share on other sites More sharing options...
ICleolion Posted September 20, 2006 Report Share Posted September 20, 2006 Plus this will only work in browsers that allow user and pass to be in url Link to comment Share on other sites More sharing options...
Ultima Posted September 20, 2006 Report Share Posted September 20, 2006 What ever happened to splintax anyway? He hasn't been around in the longest time =o Link to comment Share on other sites More sharing options...
Lord Alderaan Posted September 20, 2006 Report Share Posted September 20, 2006 My scam alert just went off in my head. Folks I suggest NOT using this cos it is guaranteed to give the owner of that webpage ur webui login information. Link to comment Share on other sites More sharing options...
dAbReAkA Posted September 20, 2006 Report Share Posted September 20, 2006 i dont think splintax is a person who steals private data.. anyways this is designed for mac (or aol) users it wont work on IE6 SP2 as ICleolion already said.. not that useful.. Link to comment Share on other sites More sharing options...
Stan Posted September 20, 2006 Report Share Posted September 20, 2006 Lord Alderaan, thats why I request the source (its a simple script (if he is doing the right thing) I dont know why not) Link to comment Share on other sites More sharing options...
djone21 Posted September 21, 2006 Author Report Share Posted September 21, 2006 I will speak to splintax later and see if he wants to release the code. I can assure you that he is not the type of person who would steal peoples personal data :/ Link to comment Share on other sites More sharing options...
Ultima Posted September 21, 2006 Report Share Posted September 21, 2006 splintax has been a big contributor to µTorrent (heck, he's a member of the µTorrent Helper group), and unless there was some kind of problem that caused his absence from the community that I'm unaware of, I can advocate his trustworthiness as well. Even still, I don't blame anyone for being wary with something like this. Link to comment Share on other sites More sharing options...
Stan Posted September 21, 2006 Report Share Posted September 21, 2006 Lets make something clear here, Im not discussing him in anything. If he release the code he will gain (more) credibility Link to comment Share on other sites More sharing options...
splintax Posted September 21, 2006 Report Share Posted September 21, 2006 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head><title>µT WebUI</title><?php // if running this on your own server, change this to your domain $d = 'splintax.com'; if($_POST) { // if form has been submitted echo '<meta http-equiv="refresh" content="1;'; // site auto-refreshes // generate and refresh url echo 'http://'.$_POST["user"].':'.$_POST["pass"].'@'.$_POST["ip"].':'.$_POST["port"].'/gui/index.html'; echo '" />'; }?><meta name="author" content="Scott Young" /><meta http-equiv="content-type" content="text/html;charset=windows-1252" /><style type="text/css">* {margin: 0; padding: 0;}body {font-family: tahoma, sans-serif; background-color: #666; color: #000; text-align: center;}h1 {text-decoration: underline; margin-bottom: 10px;}h2 {color: #fff; background-color: #333;}div#m {border: 3px #999 solid; width: 20em; margin-left: auto; margin-right: auto; margin-top: 10em; padding: 10px; font-weight: bold; font-size: 0.5em; background-color: #<?php if($_POST) echo '000'; else echo 'ddd'; ?>; color: #000;}input {margin-bottom: 10px; text-align: center;}.submit {padding: 10px;}.n {font-weight: normal;}a {color: #555; text-decoration: none; background-color: #ccc;}a:hover {text-decoration: underline; background-color: #bbb; color: inherit;}</style></head><body><div id="m"><?php if($_POST) { echo '<br /><br /><br /><h2>redirecting..</h2>'; } else { $rnd = rand()%65534 + 1; echo '<h1>µT WebUI</h1>'; echo '<form action="'.$PHP_SELF.'" method="post">'; echo '<div>'; echo 'ip address (yours by default)<br />'; echo '<input name="ip" type="text" value="'.$REMOTE_ADDR.'" /><br />'; echo 'port (randomized)<br />'; echo '<input name="port" type="text" value="'.$rnd.'" /><br />'; echo 'username<br />'; echo '<input name="user" type="text" value="user" /><br />'; echo 'password<br />'; echo '<input name="pass" type="password" value="pass" /><br />'; echo '<input class="submit" name="submit" type="submit" value="open webui" /><br />'; echo 'written by scott young<br /><span class="n">valid <a href="'; echo 'http://validator.w3.org/check?uri=http%3A%2F%2F'.$d.$PHP_SELF; echo '">xhtml 1.0 strict</a> / <a href="'; echo 'http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2F'.$d.$PHP_SELF; echo '">css</a></span></div></form>'; }?></div></body></html>Hi Ultima I haven't been around in a while, since I've been a lot busier this year with school - final year Nice to see some healthy skepticism though.AFAIK there's no security risk with this, as it just passes your IP, etc. straight back to itself using POST. However I'm not a PHP expert, I suppose my server could be logging the postdata or something.I really just wrote it to muck around with the CSS validator, I was trying to make a page that didn't throw any CSS warnings edit: And just to make you more skeptical.. releasing the PHP source isn't really that helpful, since you can't 'compile it yourself' so to speak. I could still be running different code. Link to comment Share on other sites More sharing options...
dAbReAkA Posted September 21, 2006 Report Share Posted September 21, 2006 lol, too much echo-s Link to comment Share on other sites More sharing options...
Ultima Posted September 21, 2006 Report Share Posted September 21, 2006 @Stan: Yeah I know, I was just running along with what djone21 was saying @splintax: Good to see you still alive And yeah, lol I'd been thinking the same thing (about the possibility that you could just release the source code and run different code xD). Oh well Link to comment Share on other sites More sharing options...
splintax Posted September 21, 2006 Report Share Posted September 21, 2006 dabreaka: Yeah, I just kept adding more things to that section of it, and I don't like escaping out of PHP. /me is surprised a thread about a script which accepts a variable then puts it as part of a URL has lasted so long Link to comment Share on other sites More sharing options...
Lord Alderaan Posted September 21, 2006 Report Share Posted September 21, 2006 Please accept my apologies splintax.It wasn't my intention to say anything bad about you. Even if you were an unkown person to this community. I should have added that even if the owner of the page gets the info it doesn't mean he's gona abuse it. And now that I look at the full source it your logging has to be fairly extensive to aquire the data now. A GET form for example would have shown the info in your website log. That doesn't say anything about someones intentions ofcourse, but the info would be there stored on your server all the same.Still I would warn against creating this kinda pages. Its very easy for someone to take your code. Include some php to store the details and then post it here and say "Hey try this one, I made one too."There are enough people out there that are prepared to do something like this then ruin someones torrents just to gloat over the 'stupidity' of the guy he just harrassed just to make themselves feel better. Link to comment Share on other sites More sharing options...
dAbReAkA Posted September 21, 2006 Report Share Posted September 21, 2006 splintax, i dont like escaping out of php too.. i just use one big block and i echo it like:echo '<h1>µT WebUI</h1><form action="'.$PHP_SELF.'" method="post"><div>';instead of: echo '<h1>µT WebUI</h1>'; echo '<form action="'.$PHP_SELF.'" method="post">'; echo '<div>'; Link to comment Share on other sites More sharing options...
Stan Posted September 22, 2006 Report Share Posted September 22, 2006 great splintax! Link to comment Share on other sites More sharing options...
Raaz Posted September 23, 2006 Report Share Posted September 23, 2006 Or if you want linebreaking in code:echo ('<h1>µT WebUI</h1><form action="'.$PHP_SELF.'" method="post"><div>'); Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.