Jump to content

Multi-user Webui-Shell

Lord Alderaan

Recommended Posts

WHERE (userid = $userid AND instanceid = $instanceid) OR (userid = 0 AND instanceid = $instanceid AND claimed = 0)

perhaps you can ease this query assuming userid and instanceid are not 0 or empty string: if torrent file does not have user or userid, then it is unclaimed, dont you think so?

WHERE instanceid = $instanceid AND (userid = $userid OR userid = 0)

Link to comment
Share on other sites

  • Replies 540
  • Created
  • Last Reply

Awesome!! :D

It works now.

Thanks a lot looka and alderaan!

Btw: "To enable the curl extension find the "extension=php_curl.dll" line and make sure it has no # in front of it." In my php.ini, it had a ; before the sentence not a #, so I didn't remove it, that was why it wasn't working duh! xD

Link to comment
Share on other sites

Ok I'm not a real pro on XSS so I read around on the internet and I mashed together the following function to sanitize the output of strings that might at one time or another have been inputted through a query:

function xsssanitize($str)
global $non_sgml_chars;
if (empty($non_sgml_chars))
for ($i = 0; $i <= 31; $i++)
if ($i == 9 || $i == 13 || $i == 10) continue;
$non_sgml_chars[chr($i)] = '';
for ($i = 127; $i <= 159; $i++)
$non_sgml_chars[utf8_encode(chr($i))] = '';
$str = iconv('UTF-8', 'UTF-8//IGNORE', $str);
$str = strtr($str, $non_sgml_chars);
$str = htmlspecialchars($str);
return $str;

It uses a UTF-8 to UTF-8 conversion to remove improper UTF-8 stuff.

I removes non sgml chars with the exception of tab, newline and return carriage.

And then it changes special HTML chars to their non-parsed equivalent (I already did this since 0.1).

This allows full UTF-8 username and password (for example) including HTML characters while maintaining XSS security.

Anyone have any suggestions, flaws or hacks?

Link to comment
Share on other sites

Thanks for the great addon.

I was able, after much trial and error, to get it to work in IIS.

This is ideal for me since I am running a 2003 server that already has IIS installed.

Now I gotta come up with a way to have torrent files associated and add to the server with a single click!

: D

For those curious:

To get it to run in IIS (I used IIS 6.0).

1. Install PHP, do it manually, dont use the installer.

- make sure php_curl, php_sqlite, php_pdo, and php_gd2 are enabled.

2. Install Latest utorrent (I also updated to the latest webui, dont know if that effected anything).

3. *IMPORTANT SPECIAL STEP* Install Ionic Isapi Rewriter http://cheeso.members.winisp.net/IIRF.aspx

4. the Rewriter does not support QSA, so a workaround is needed. In IsapiRewrite4.ini code in:

RewriteCond %{QUERY_STRING} ^$
RewriteRule ^/gui/(.*)$ /webui_shell/index.php?shell_file=$1 [L]
RewriteRule ^/gui/(.*)\?(.*)$ /webui_shell/index.php?shell_file=$1&$2 [L]

5. unzip the four files into your IIS website into a folder named webui_shell

6. add the isapi filter to your website in IIS

I think that should do it. Configure it like normal, just using IIS!

Link to comment
Share on other sites

One of the features coming in 0.3 is optional IP based authorization.

This will allow you to either assign an IP to a user in the admin panel or to opt to remember the last IP a user logged in with. Then if someone comes from that IP it is assumed it is that user and won't have to login. This means other community efforts (remote .torrent file handler, Fx plugin, µRemote, mIRC script and anything else that goes directly for the µtorrent backend) will work.

This will of course greatly reduce security and is an OPTIONAL system. By default this will be off.

SilenStriker thanks for that if you don't mind I would like to add those instructions to the next readme.

Link to comment
Share on other sites

For IP authorization there's no way you can "bounce" valid_IP from the WebUI right? You're planning on adding an ACL to the initial connect phase? :D Very ambitious feature for such a "new" interface. I think this may indeed be the choice very soon for those... individuals who resell / host with uTorrent as their preferred client. Cheers for making this a reality Lord Alderaan.

Link to comment
Share on other sites

The IP feature is done I just have to test it a bit. It uses $_SERVER['REMOTE_ADDR'] which of is spoofable but not without a relation to the IP your are trying to spoof (same subnet for example).

I'm also thinking about implementing optional basic http auth just like the webui itself.

Yes, I think seedbox sellers and resellers might find use in the Webui Shell. Whoever wants to employ the Webui Shell needs access to the apache/IIS and php config itself which means that not just anybody who has a 'seedbox' can 'abuse' my Webui Shell for reselling without the owners knowing. Everybody happy \o/

But as I said before I didn't write this for seedboxes. I'm willing to implement anything I think is useful in general and I am less likely to take up requests or suggestions that only help seedbox sellers/resellers. The prime goal is to make BitTorrent on shared home connections easier (dorms/apartments/line sharing through wifi/etc).

Link to comment
Share on other sites

Things you will need:

IIS 6 (7?) install:

Windows installation CD, This should work on XP pro, Windows 2003/2008, and (vista versions?).

Latest PHP for windows, available at www.php.net. Get the zip format, not the exe.

Ionic Isapi Rewriter available from http://cheeso.members.winisp.net/IIRF.aspx

Latest utorrent available from http://www.utorrent.com

Latest WebUI for utorrent availabe from the forums at http://www.utorrent.com

Latest version of the multi user shell also available fromt he forums at http://utorrent.com

Apache Install:



Im going to assume you have utorrent installed with the webui enabled. Make sure you have the latest webui zip in

c:\documents and settings\<user>\application data\utorrent\

Installing IIS:

Installing IIS is fairly simple, go to your control panel, open "Add or Remove Programs," Click on Add/REmove

Windows Components. Once the "Windows Component Wizard" opens Check "Internet Information services"(windows XP) or

drill down through "Application Server" -> "Internet Information Services"(Windows 2003). Click next, make sure your

Windows CD is in the drive. IIS will install.

Installing Apache:


INstalling PHP (Apache/IIS):

-Create a PHP directory in your root. (c:\PHP)

-Unzip the PHP installation zip into this directory.

-Add the PHP directory to your PATH environmental variable. Right click on My computer->

properties->advanced->Environmental Variables. In the bottom portion labeled "system variables"

double click on "Path." To the FRONT OF THE DIALOGUE BOX add "C:\PHP;" there is no spaces, and

no quotations. click ok three times.

-open your c:\PHP directory and create a folder named "sessions."

-Find the file named php.ini-recommended and rename it to php.ini

-Open php.ini in a text editor

---Uncomment (remove the ; from the line) cgi.force_redirect and set it to 0

---change session.save_path to point to c:\php\sessions

---change extension_dir= c:\php\ext

---Uncomment extension=php_curl

---Uncomment extension=php_sqlite

---Uncomment extension=php_pdo

---Uncomment extension=php_gd2

-Save php.ini

-click start->run. type in regedit to open the registry editor. Drill down through HKEY_LOCAL_MACHINE, right click

on software->new->Key. Name the new key PHP. drill down through software, click on the new PHP key. IN the right

hand box right click->new->string value. Name the new string IniFilePath and set the data to C:\PHP

-Close the registry editor

Adding PHP to IIS:

Go to your administrative tools in your control panel and open Internet Services Manager.It should automatically

connect you to your local machine. Right click on web Service Extensions on the left hand side and click "add a new

web service extension." Enter in php and click add. Browse to C:\php\php5isapi.dll. Set extension status to allow.

click okay.

Right click on website and click properties, go to the documents tab and add index.php asa start document. Click on

the "Home Directory" tab and click "configuration" near the bottom.

Thats it! now to test the pHP installation.

Go to the default website in c:\inetpub\wwwroot and make a text file. Name the file phpinfo.php. Open it with a text

editor and put in <?php phpinfo(); ?>

Open a web browser and go to http://<server name>/phpinfo.php

If everything is installed correctly you should see a lot of info about your php installation. If it is not working,

try a reboot.

Adding PHP to Apache:


Adding the Ionic Isapi Rewriter to IIS:

Create a new folder in c:\ named IonicIsapiRewriter. Extract IsapiRewrite4.dll from the lib directory in the zip,

move it to c:\IonicIsapiRewriter\

Create a new text document in c:\ionicIsapiRewriter. Rename it IsapiRewrite4.ini.

Open IsapiRewrite4.ini and put in the following code:

RewriteCond %{QUERY_STRING} ^$

RewriteRule ^/gui/(.*)$ /webui_shell/index.php?shell_file=$1 [L]

RewriteRule ^/gui/(.*)\?(.*)$ /webui_shell/index.php?shell_file=$1&$2 [L]

Save the file. Close.

Open up Internet Services Manager and find the website you plan to install the shell in (XP users only have 1

website). The default web site is named "Default Web Site." Right click on it and go to properties. Click on the

ISAPI Filters tab and click add. Filter name = Ionic Rewriter. Click browse drill to c:\ionicIsapiRewriter\ and

chose ISAPIRewrite4.dll.

Now we have all the prep work done.

Installing the Multi User SHell(IIS):

Browse to your folder with your website. Assuming default: c:\inetpub\wwwroot\ and create a folder named

webui_shell. Extract the multi user shell into this folder, delete the readme. Open config.php and configure a

settings folder for you multiple users. This folder must not be in the website tree. C:\webui_shell\ is appropriate.

Set you admin username and password. Set your port number for utorrent. Save.

You should now be able to browse to http://<server>/gui/ (the last / is important. http://<server>/gui will not

work) and see the website in action. login as your admin to begin configuring.

Installing the Multi User Shell(Apache):


Link to comment
Share on other sites

Hello, guys!

Hi, Lord Alderaan.

Just to understand better: "support for multiple instances" means I can set up more than 1 WebUI Shell (and configure each one to manage 1 different instance of uTorrent), or is only 1 WebUI Shell able to manage multiple uTorrent instances?

Anyway, thanks for you work, had not installed it yet, but I'm sure it is so great and fit my needs! :)

Link to comment
Share on other sites

  • 2 weeks later...

This is perfect for what I need, only problem is when a user logs in I get {"build":12639}, which is a bit annoying as it means I can't use it.

With a bit more digging, I am able to view /gui/index.html however with no formatting as its not receiving the CSS properly.

All the correct modules and things are running so I don't understand whats wrong.

Thanks for any help


Link to comment
Share on other sites

I'm fairly sure, I have Rewrite enabled and thats working as I can view the pages corectly and ?list=1 returns properly, so that is working. (also I can access the multi user settings page and thats working properly)

.htaccess - There is no reference in the readme to using .htaccess in the tutorial nor is it using it in anyway atm.

I am really confused as to why it's not working, apache works with css elsewhere so that shouldn't be a problem

@thelittlefie: the webui works fine normally

EDIT: hmm it seems to work under IE&chrome but not Firefox :s

Link to comment
Share on other sites

not when loading straight /gui/

if I load /gui/index.html I do get errors referring to the style sheets MIME type are text/html and not text/css - and then the page loads without any styling.

EDIT: I've created a guest account that has no privileges, for you to use so you can see the error I'm getting, pm if you want the information

EDIT2: I have asked some of my friends to try and it works on their firefox so I have no idea why it isnt working on mine :s (Tried hard refreshing and clearing the cache)

EDIT3: cleared my cookies and its working thanks for helping

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...