PHP API : Problem adding torrent file via curl

[mondel]

Hi all and thanks for this nice API for webui,

I am trying to add a file to my webui server through php curl without success.

I uploaded myfile.torrent on the same folder of the .php file and set the CHMOD of the folder and all the files to 777 and here is my code :

<?php
$file="myfile.torrent";
$ch = curl_init("http://ip:port/gui/?action=add-file");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_USERPWD, "user:pass");
curl_setopt($ch, CURLOPT_HTTPHEADERS,array('Content-Type: multipart/form-data'));
curl_setopt($ch, CURLOPT_POSTFIELDS, "torrent_file=$file");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$out=curl_exec($ch);
curl_close($ch);
echo $out;
?>

Please help

[DreadWingKnight]

Blatantly missing token authentication information.

[mondel]

The line

curl_setopt($ch, CURLOPT_USERPWD, "user:pass");

replaces the token authentication.

[Ultima]

What? No it doesn't. Basic HTTP authentication is not token authentication.

There are already PHP scripts available that handle the details for you. Why not just use them instead?

[lithopsian]

Token auth is two steps. Get token in one request, then send the token in the actual command. Cookies and user/password are still required but curl handles them nearly automatically.

I don't have a PHP script, but here is a shell script showing token auth for the ?add-url command:

#!/bin/bash

# Get token
export token=$(curl -G -s -c ~/.utorrent/ucookie.txt -n http://192.168.0.4:9091/gui/tok
en.html|sed 's/<[^<>]*>//g')
# echo $token

# Add URL
curl -G -s -n -b ~/.utorrent/ucookie.txt -d token=$token -d action=add-url -d s="$1" ht
tp://192.168.0.4:9091/gui/

Try that (or test with token auth disabled) and post back if it still doesn't work.

[mondel]

Thank you all for your help. I just tried with add-url instead and it works fine now

One last question for Ultima about token auth: when I pick the token from token.html and use it without HTML auth it doesn't log in. So what is the utility of the token auth? And should it let me log in to the webui and I have a problem with mine??

[Ultima]

I'm really not sure what you mean. Are you thinking token authentication is a replacement for basic HTTP authentication or something? Because if so, then you'd be wrong. Both authentication systems are used to fix two distinct classes of security problems, and both complement each other in securing the WebUI backend.

[mondel]

Yes, that was my question. Thanks.

[lithopsian]

The token that is given out to curl would be accepted if supplied by your browser with the webui, although I don't know how you would persuade it to do that. It will not replace the need to log in to the webui and correctly exchange cookies. Once you have authenticated using a username and password you don't have to supply those again in subsequent requests in the same session but you will need to send the token each time.

More practically you could use the same token in multiple curl sessions, or even in other applications you might write. I believe the token is acceptable for a minimum of 30 minutes from any source and for the whole duration of a particular session.

[drfrog666]

hello here is a simple perl script to upload torrents

you may need to install the two required modules LWP::UserAgent and HTTP::Cookies

thats a quick thing on mac or linux

sudo cpan LWP::UserAgent HTTP::Cookies

here it is all you need to change is the server username and password, ive made this to upload to my buffalo nas and you may or may not need the credentials part

#!/usr/bin/perl

use strict;
use warnings;

use HTTP::Cookies;
use LWP::UserAgent;

my @ns_headers = (
    'User-Agent' => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20041107 Firefox/1.0',
    'Accept'     => 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*',
    'Accept-Charset'  => 'iso-8859-1,*,utf-8',
    'Accept-Language' => 'en-US',
  );

# config your server here
my $directory = "/place/to/upload/torrents/from"; #where your torrents are located local to the script
my $server = "192.168.1.25:9090";
my $username = "user";
my $password = "pass";


my $upload_url = "http://$server/gui";
my $token_url = "$upload_url/token.html";
my $realm = "uTorrentEmbedded";

# zero the cookie jar
my $ua = LWP::UserAgent->new();
$ua->cookie_jar( { } );

#login
$ua->credentials( $server, $realm, $username => $password );

# get token
my $response = $ua->get( $token_url , @ns_headers );

my $return =  ( $response->is_success && $response->as_string =~/token/) ? 1 : 0 ;

# token scraping and verification
my $token_page = $response->as_string;
$token_page =~ /none\;\'\>(.+)\<\/div/g;

my $token = undef;
$token=$1;

unless ($return ==1 && $token ){ print "not logged in or no token exiting";exit; }

# get files and loop through them sending and uploading
opendir( DIR, $directory ) or die "can't opendir $directory: $!"; 
while ( defined( my$file = readdir( DIR ) ) )
  {
    upload_file ( "$directory/$file" ) if $file =~/\.torrent$/;
  }
closedir( DIR );

sub upload_file {

  my $filename = shift;

  #make query string
  my %args = ( action => 'add-file', token =>$token,);
  my $query_string = join '&', map { "$_=$args{$_}" } keys %args;
  my $url = $upload_url . "/?" . $query_string;

  # post form content
  my @content = (
               Content_Type => 'form-data', 
               Content => [
                         torrent_file => [ $filename ],
                         submit => 'ADD_FILE_OK',
                        ]
              );

  $response = $ua->post( $url, @ns_headers, @content );

  $return =  ($response->is_success && $response->as_string =~/build/) ? 1 : 0 ;

  unless ($return ==1  )
    { 
      print "upload not successful for $filename\n"; 
    }
  else 
    { 
      unlink $filename;
    }
}

[chrispy9658]

Sorry to reopen a dead thread.. but i got it working posting with php using a form, just incase anyone stumbles upon this.. I'll give a brief tutorial also..

1) go to http://[ip]:[port]/gui/token.html

2) View source on that page..

3) you will see something similar to this:

<html><div id='token' style='display:none;'>T2XFLY1j-KM2dOYOe1XNgryuGLAKDK48DJJTRD2nKWcCKiy4SLPu61SVx1lEAAAAA</div></html>

4) copy the code (T2XFLY1J ... AAAAA) and paste in where I've put ##TOKEN###.

5) replace [ip]:[port] at the begining of the form with your IP and port numbers.

6) best of luck!

<html>
    <body>
        <form action="http://[ip]:[port]/gui/" method="GET">
            <input type="hidden" value="add-url" name="action">
            <input type="text" placeholder="Magnet Link..." name="s" id="s">
            <input type="hidden" value="##TOKEN##" name="token" id="token">
            <input type="submit" value="submit">
        </form>
    </body>
</html>

[thatkookooguy]

Hey everybody!

I'm trying to use the above code and I get an Unauthorized respond from my request. But using the same ip address, port, username, and password on chrome works just fine...

so I can't understand what's the problem with my execution of the code. can anyone help?

thanks

[iblop]

chrispy9658, I love you