Jump to content

Multi-user Webui-Shell

Lord Alderaan

Recommended Posts

[h]Current Release: 0.7.0[/h]

The Webui-Shell is an PHP application that empowers the µTorrent webui.

Main Features:

  • Create multiple users.
  • Limit which torrents a user can see and control.
  • Limit what a user can do in the webui (change settings, view/change properties, add/start/stop/remove/data/recheck/etc torrents).
  • Allow a user to download the actual files.
  • Provide a user with additional information.
  • Impose quotas on a user.
  • Manage multiple µtorrent instances.

Screenshots & demos:

Video: The admin panel

Video: The Topbar: Change Password, See Diskspace, Display Errors

Video: Downloading Files

The Webui-Shell comes in two releases:

  • The normal release that has only the required files and which is OS and webserver independent.
  • An easy to install windows only package that includes all the required software (Apache+PHP+modules).
There is also a add-on for the normal release that removes the need for the rewriter in Apache.


Instructions: http://trac.utorrent.com/trac/wiki/Webui-Shell (mirror in case trac is down)

Believe me you need those instructions. It is impossible to get this to work without reading them.

For the people who are already familiar with the Webui-Shell here are direct links to the latest releases:



Contains only the required files, for if you already have a webserver running.

No-rewriter add-on:


For if you are not allowed to change the Apache config files.



Ready-to-use. Includes a pre-setup Apache webserver.

The instructions are NOT included and only available on trac (mirror). And let me repeat myself, you simply cannot get this to work without reading them.

Still need help. Post here.

However first make sure that:

You read the instructions (mirror).

You are using the latest version of µtorrent, the webui and the Webui-Shell.

You have all the dependencies (mirror) working properly.

You have read the common problems below.

Any feedback, hints, tips, feature requests, etc are also welcome.

[h]Next Release 0.8.0:[/h]

The todo can be found here on trac.

[h]Current WIP 0.7.0:[/h]

The Work In Progress is available through SVN on trac.

The WIP typically contains what is marked as -=done=- in the todo (see above).

SVN: svn://trac.utorrent.com/webui/webui/webui-shell/trunk

[h]Common Problems:[/h]

When logging in as a user I see {"build":0,"error":"SHELL: cURL error: couldn't connect to host"}

This happens when the Webui-Shell cannot connect to µtorrent+webui.

Make sure that µtorrent is running and that the domain and port of that user's instance are correct.

When logging in as a user I see {"build":0,"error":"SHELL: Configuration Error: Wrong login details."}

This happens when the Webui-Shell reached µtorrent+webui but the login information was rejected.

Make sure the username and password of that user's instance are correct.

When logging in as a user I see {"build":0,"error":"SHELL: Configuration Error: Invalid request."}

This happens when the Webui-Shell reached µtorrent but got a Invalid request error.

Make sure the webui is enabled in µtorrent.

Make sure that if you enabled the webui alternative port in µtorrent that you used that port in that user's instance.

Make sure that the restricted list in µtorrent is either empty or that the IP of the computer running the Webui-Shell is in the list.

Link to comment
Share on other sites

  • Replies 540
  • Created
  • Last Reply

I have to think about whether or not I have XSS leaks. Probly yeah, never delved much into XSS.

Also everything is allowed except what I block. I explicitly block certain actions. So yeah its probably a bit leaky atm especially in relation to unkown features that are in the backend. I might turn it around. Shouldn't be too much work. Or I might even make a simple vs advanced system. Where simple is the current one and advanced is where you can manually block (or allow) each action and even add blocks for new actions that the script doesn't know about.

Good points both. Both go on the todo :P

Link to comment
Share on other sites

Lord Alderaan,

nice, thanks for your efforts :D

The questions:

- Does Webui Shell limit the disk space each user have?

- May I limit the number of active torrents for each user?

- If yes, can they still access the other settings or I should block settings access?

- Same for download folder (may I specify where the files goes to, and lock it)?

And the most important is: can more than 1 user add the same torrent?

I tried Vuze (formerly Azureus) with AZSMRC and the main problem was this limitation..



Link to comment
Share on other sites

- Does Webui Shell limit the disk space each user have?

Nope. I could add this. But it would only work properly if you disable torrent removal (without data). Otherwise a user can remove a torrent and the webui shell will remove it from a users quota but it is still physically taking space on the server.

I'll think about this one. Goes on the todo list as a optional.

- May I limit the number of active torrents for each user?

Nope. Max active torrents, upload speeds, max connections etc are all decisions that should be based on the bandwidth of the machine running µtorrent. So it makes no sense to have per users settings. Besides, it would be complicated to implement such a feature. To prevent users from messing around with this stuff you simply block access to the settings and don't allow them to force start torrents.

If you really want a separate setup for each user where you properly divide the bandwidth over x clients please note that multiple µtorrent instance support is gonna be in version 0.2. Then read up on properly setting up multiple µtorrent instances on the same machine/internet connection.

- If yes, can they still access the other settings or I should block settings access?

You must remember that none of the settings are per user. If you allow someone access to the settings you trust him. If not, block access. I might do it per section of settings in the future (which is a LOT of work to implement) but right now users you don't trust should be disallowed access to the settings.

- Same for download folder (may I specify where the files goes to, and lock it)?

Right now the webui has no way to decide where the file goes. It is based on the µtorrent setting (default download folder, etc). When the Webui gets this feature I'll implement it in the shell including proper authorization options.

And the most important is: can more than 1 user add the same torrent?

If you set Allow_Existing_Torrents to 1 and a user adds a torrent that already exists for another (or no) user it is then (also) listed as their torrent. If you set it to 0 then the Webui Shell will refuse to add the torrent.

Link to comment
Share on other sites

Thanks, Lord Alderaan.

I'm currently running multi-instances, with separated download folders and a FTP account for each customer, with the download folder as homedir.

Then with Webui Shell all downloads will be put in the "same basket"? A feature sugestion: when a user add a torrent, it can be put on X:\default_ut_download_folder\username\ :)

About the torrent limit, blocking access to the settings, and supposing I limited it to 10 active torrents, each user can add 10 torrents or this number will be shared by all Webui Shell users?

Another time, Thanks for your work!


won't Allow_Existing_Torrents 1 on a common uT installation allow multiple instances of the torrent (duplicated files)? If affirmative, can't you make this allow 1 instance of the torrent to each user?

Link to comment
Share on other sites

As I said the Webui cannot decide where files are gonna be downloaded. And thus the shell can't either. However with multiple instances you'll be able to set up a default dir for each instance. With the multi instance system you will have to pick an instance for each user. A instance can have multiple users on it but a single user only gets access to a sinlge instance.

There is no max limit to number of torrents (not in the Shell or in µtorrent itself). There is a global (per instance) max limit on active torrents. You can set it in the µtorrent queue preferences.

µtorrent itself will not allow the same torrent twice.

So either a torrent belongs to one (or no) user and other users that try to upload it are refused or when a user tries to add a torrent that already exists you allow that user to manage that torrent too. Thats what the Allow_Existing_Torrents is for.

Link to comment
Share on other sites

Then it will be more util for me when allow multiple instances (I'll set 1 user per instance). For now, I will continue using multiple instances and giving the users each WebUI admin password.

- If you now a way to disallow Settings access to the user on standard WebUI, please say me here (or by PM to avoid run away of thread subject).

Thanks, Lord :)


You could post some Webui Shell screens :)

Link to comment
Share on other sites

- If you now a way to disallow Settings access to the user on standard WebUI, please say me here (or by PM to avoid run away of thread subject).

So far this Shell is the only effort that makes disabling Settings access posible. So simply wait for the next Webui Shell version which has multi-instance support. Or you could also install multiple copies of the Webui Shell, one for each Wbeui instance. See: http://forum.utorrent.com/viewtopic.php?pid=363065#p363065

You could post some Webui Shell screens

I don't think you get it. The Webui Shell doesn't really have its own interface. It shows the Webui. It only adds a login screen and an admin panel to manage users. A user logs in and gets the normal webui but with some functions disabled depending on how the admin set that user up.

It might change a few minor things in the UI (currently it replaces disabled options with the word "disabled" and removes disabled icons from the toolbar) but most of what the webui does is invisible to the user (it checks and filters requests made by the webui to µtorrent).

Link to comment
Share on other sites


great work done here!

i have only one question - can be done that all torrents, added by main application (and not gui) are seen by all users?

well.... i did it myself by now, this setting is per user.

FILE index.php:

FIND [NEAR line 53]

FIND [NEAR line 288]
if ( $_SESSION['user']['Show_All_Torrents'] == 0 ) {
if ( array_key_exists($item[0],$users_list[$_SESSION['username']]) ) {
$ok = array_key_exists($item[0],$users_list[$_SESSION['username']]);
if (!$ok && $_SESSION['user']['Allow_No_User_Torrents']) {
$ok = true;
foreach($users_list as $us => $li) {
if (array_key_exists($item[0], $li)) {
$ok = false;
//finnaly adds torrent:
if ($ok) $newtorrents[]=$item;

Link to comment
Share on other sites

Hi Lord Alderaan, Folks,

I think Lord Alderaan has addressed a real issue with his WebUI Shell, namelly to make uTorrent

a Multy Tennant plattform, or give the possibility to build a muly user server based on uTorrent.

I have asked questions about the topic in the discussions about uTorrent, and the development of uTorrent didnt show

any interrest in the issue.

So I think we have luck that somebody works to solve the problem of implementing a multy user solution.

My suggestion to Lord Alderaan is, to define the goals of the WebUI Shell development, so the

project keeps its integrity and WebUI Shell targets real demands.

So my idea is to answer the questions.:

-What is WebUI Shell?

-What demands does WebUI Shell target, what issues does it want to solve?

-Why should somebody use WebUI Shell, what are the benefits?

-What use cases wants WebUI Shell implement?

-What features are required for these use cases?

The questions could be tuned of course, but the idea is to define What webUI should do, what it should solve, and implement only but the necessery features.

Why I write this is.:

WebUI is a VERY good idea it adresses things, the original uTorrent isnt interested in, namelly:

-Provide a plattform for a Multy user environment

-Provide granulated access control to uTorrent features for the users.

-Rights can be set by the administrator

But in my oppinion the problem now is, that on one side WebUI Shell is very strong, perhaps stronger than it needs to be.

This side is the granulated access control side.

But on the other hand, it doesnot target the issue of separating the user environments from each other.

If user A downloads some very nasty XXX Stuff I am very sure he doesnt want B to se his stuff.

And of course.: What benefit would it meen to have more accounts which access the same torrents?

So, my suggestion is.:

Define waht WebUI is born to achive, define the tipical scenario somebody wanted to use WebUI Shell in, define the tipical use cases, define the features needed, develop only and but what is needed, not more, do not get fragmented. If You do this You can be sure WebUI Shell will be used in real life Torrent scenarios.



Link to comment
Share on other sites

Ok I just released 0.2 .

See the OP.

To upgrade from 0.1: Download the new rar and extract the files in it. Overwrite all the old webui_shell files with the new ones except for your config.php.

In the php.ini:

Enable the pdo extension by finding the "extension=php_pdo.dll" line and making sure it has no # in front of it.

Enable the sqlite extension by finding the "extension=php_sqlite.dll" line and making sure it has no # in front of it.

Restart the Apache server.

Then login to your admin panel and the system will automatically migrate your old settings to the new SQLite database.

After that all files in the settingsfolder can be deleted with the exception of sql_users.dat.

Also the domain and port lines can be deleted from your config.php.

To install afresh follow the readme.

The major changes are also listed in the OP.

I've been coding in more and more stuff without really keeping things tidy. The code is very messy and unnecessarily big atm but I'm planning on doing some cleaning in 0.3. I'm also looking forward to new feature requests people have.

@j4ni: As to your request to go all proper-project-management on this.

tbh, I don't want to. For one I cba. The coding itself is enough work as it is. Takes a lot of spare time.

I just code in what I think are good ideas.

I have no real goals except to offer solutions to specific problems people might have.

To still give an idea of what is behind the Webui Shell.

It is to provide a multi-user environment where an owner can limit what users can do and see without providing a whole new self-written UI and to support the core webui.zip now and in the future with minimal maintenance.

This will find application in all kinds of situations. For example:

* Manage Shared internet connections (apartments, dorms, etc).

* Shared Seedboxes (I do not officially support them but I'm not gonna ignore that the Shell finds application there)

* Loaning out your underused connection to a more enthusiastic BitTorrenter while still maintaining some degree of control.

As to not seeing the XXX someone else downloads. Try to actually READ my replies and the readme... This has been supported since version 0.1 by disabling the Show All Torrents option.

@looka: Your tweak is now rendered useless because I switched to SQLite. However I decided to implement your feature, see the new Show Unclaimed Torrents option.

Link to comment
Share on other sites

my tweak/work is not useless, because it is a usefull feature and i am glad you treat it that way :)

OH - one question: how is that you do not use a db-portable solution, like adodb or adodb-lite ?

many of php freaks, that posess apache have mysql already installed - so we can use mysql (decided somewhere in settings) or whatever db we want to. as i briefly saw sqlite - in syntax there is no real difference from other dbs?

i can give you a hand with that.

Link to comment
Share on other sites

I didn't mean useless in that way. I mean the tweak itself as you posted it (change this in that) is now useless but the functionality it implemented isn't :)

Simple. SQlite requires no running background service and no separate installation of software.

Just enabling of the extension in php and a file to store the db in. And SQLite is fairly well supported. It might not have the transactional performance or authentication sophistication of a mysql or mssql database but this is only a simple database that hasn't any noteworthy performance or authentication requirements.

Link to comment
Share on other sites

Costs me time coding my class so it works with both and then I have to test it.

I might do it in the future after I have cleaned up a bit but right now SQLite is a simple and to the point solution that was tons better then the 0.1 serialization stuff. Supporting other databases adds little extra. It might satisfy some user's preference but no actual added functionality.

Btw guys I'm sorry for the confusion earlier. Allow Existing Torrents was the first thing I implemented in 0.2 and as a consequence I forgot it wasn't in 0.1 which is why some of my [urlhttp://forum.utorrent.com/viewtopic.php?pid=363888#p363888]earlier posts might not have made complete sense :)

Link to comment
Share on other sites

Oops. :P My bad.

0.21 fixing that issue is now out.


When you disabled the Show All Torrents the JSON torrentlist is parsed into an array and then the torrent sub-array is filtered. However the filtered array wasn't saved back into the main array before it was encoded back into JSON.

Insert on line 377 of index.php: $json['torrents']=$newtorrents;

Or download the new files.

Link to comment
Share on other sites

good, now it works :)

i see u use a lot of === and !== where they are really not necesarry, i guess your style of coding?

and i am unsure about one thing - with user setting to disabled see all torrent or unclaimed torrents i see torrents that are added later then first login of user. possible to be an error?

Link to comment
Share on other sites

Yeah I always prefer === and !== over == and !=. Its a habit I learned myself because it is better to be strict from the start then chase bugs resulting from supple comparisons afterward :)

And yes I just confirmed a bug with new torrents. Will fix it asap. It has to do with cache.


0.22 released. Bug fixed.

Link to comment
Share on other sites

okay, another issue i think - show_unclaimed_torrents setting: try to make an action on unclaimed torrent. no good:)

perhaps you should select all torrents with 1 query, looking lik:

 $q = 'SELECT * FROM torrents WHERE user_id="' . $user_id . '"';
if ($show_unclaimed) $q .= ' OR user_id=""';

where $user_id contains users id and show_unclaimed variable is boolean.

well, i have also found one thing i am unsure about - is that possible that this shell significantly occupies firefox? i found my firefox quite..... like possesed with something: not making connections, show errors of its internal scripts etc...

and maybee at official release for people you'd consider error_reporting(0), not E_ALL... i have found one warning that sneaked into javascript file:)

otherwise, i like your work!

you'll need help with sth particular, let me know.

Link to comment
Share on other sites

Hey Alderaan, great effort on this script!!

I find it very useful, but I have been not able to set it up completely.

I went through all the installation process, and when I try to access myip/gui/ i get this

"Configuration error: cURL extension not available."

Any help?

btw i installed xampp with all the services

btw2 im totally new to php and apache and all that stuff :P

Thanks a lot

Link to comment
Share on other sites

the answer is simple: you installed xampp with all SELECTED options, but obviously, you still did not enable curl extension. read the manual and enable those, it is simple, you only uncomment a few lines in your apache and php configuration files. tip: if you do not find them at mentioned locations, try find tool in windows ;)

Link to comment
Share on other sites


Its pretty obvious that you don't have cURL installed then thirit.

Find and open php.ini and make sure the following line is in it (and without a # in front of it):


Also if you use windows make sure the libeay32.dll and ssleay32.dll from the php folder are in your system32 folder (If they already exist there you must overwrite them).


Ah yeah another bug :(

That might be a good idea it'll be something like this then: WHERE (userid = $userid AND instanceid = $instanceid) OR (userid = 0 AND instanceid = $instanceid AND claimed = 0)

I'll release a fix asap.


0.23 is out fixing this.

About Fx. I use Fx3 myself.

Once you login you pretty much completely get the webui as normal. If there are any errors in the webui that you don't get if you don't use the Webui Shell I'd be surprised but I'd love to see the console errors you get.

I'm not sure what you mean with the error_reporting thing. ini_set('display_errors',0); should stop showing errors in pages but it will still log them to your logfiles (if enabled in php.ini). Setting error_reporting to 0 would also disable errors showing up in your logfiles iirc. If people want to log errors or not should not be a decision by my script so I prefer to not touch error_reporting. But it shouldn't make any difference to the user. Do note that afaik neither setting stops SQLite errors but I'm gonna tweak the sql stuff in the future. And I'll check on this to make sure I got how the error_reporting and display_errors stuff works right.

Also thanks for reporting this stuff back to me. I usually release what I've made without extensive testing so I'm pleased with any bug you find.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...