Good day,
I created this plugin and hack for ruTorrent which supports web login / logout for multiple users with a friendly AJAX interface and CAPTCHA security code. I created it based on recent SVN trunk version.
IMPORTANT: On single user setups the default username is: admin and a password MUST be defined. Leaving $userpass blank will prevent your from logging in.
Version 0.2:
-now captcha verfication can be enabled/disable on user's choice by editing /userauth/conf.php
-did some some graphic improvements
-cleaned up some CSS code
-the logout texts can now be set according to the selected language - translations are required.
Features:
-ajax login page
-improved security using captcha and bruteforce delays
-multiple user support
-confirm logout
-relative easy to customize
-relative easy to implement
Known Bugs:
-this login system works only with APACHE, since lighthttpd and others doesnt recognise .htaccess, thereby /share dir is exposed.
-usernames containing '/.' chars probably won't work
Improvements:
-Logout button should be more obvious
-create some translations
-come code improvements according to ruTorrent code syntax
-Suggest some
You can download the plugin from the following links since the file is larger than the attachment limit on this board:
Screenshots:
Main login page
In menu logout button
Installation:
To implement this plugin theree files need to be modified:
A variable $userpass must be defined in every config.php you will create which will stand for that user's password.
Example:
Code:
$forbidUserSettings = false;
// password for this user
$userpass = 'mypasswordhere';
$scgi_port = 5001;
util.php:
This file needs to be modified to allow the web auth mechanism to be implemented and to prevent other information leaks since, from what I noticed is the file which is included in any other php script after config.php
Please modify the code in BOLD which is found at the beginning of util.php:
Code:
<?php
if(function_exists('ini_set')
{
ini_set('display_errors',false);
ini_set('log_errors',true);
}
if(!isset($_SERVER['REMOTE_USER']))
{
if(isset($_SERVER['PHP_AUTH_USER']))
$_SERVER['REMOTE_USER'] = $_SERVER['PHP_AUTH_USER'];
else
if(isset($_SERVER['REDIRECT_REMOTE_USER']))
$_SERVER['REMOTE_USER'] = $_SERVER['REDIRECT_REMOTE_USER'];
}
WITH THE FOLLOWING CODE:
Code:
session_start();
if(isset($_SESSION['uname'])) {
$_SERVER['REMOTE_USER'] = $_SESSION['uname'];
} else {header("Location: login.html"); die();}
index.html:
index.html needs to be renamed to index.php and need the following BOLD code at the very top of the file to prevent any login:
Code:
<?php
include('php/util.php'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
Additional files:
login.html - this file is the main login page and needs to be added besides the newly modified index.php
If you spot bugs or have any suggestions dont hesitate to reply to this topic.
UPDATE: Bold doesnt seem to work in the / code tags of this board, so make "the code in BOLD" is actually the code which is found between
Code:
and
Code:
I created this plugin and hack for ruTorrent which supports web login / logout for multiple users with a friendly AJAX interface and CAPTCHA security code. I created it based on recent SVN trunk version.
IMPORTANT: On single user setups the default username is: admin and a password MUST be defined. Leaving $userpass blank will prevent your from logging in.
Version 0.2:
-now captcha verfication can be enabled/disable on user's choice by editing /userauth/conf.php
-did some some graphic improvements
-cleaned up some CSS code
-the logout texts can now be set according to the selected language - translations are required.
Features:
-ajax login page
-improved security using captcha and bruteforce delays
-multiple user support
-confirm logout
-relative easy to customize
-relative easy to implement
Known Bugs:
-this login system works only with APACHE, since lighthttpd and others doesnt recognise .htaccess, thereby /share dir is exposed.
-usernames containing '/.' chars probably won't work
Improvements:
-Logout button should be more obvious
-create some translations
-come code improvements according to ruTorrent code syntax
-Suggest some
You can download the plugin from the following links since the file is larger than the attachment limit on this board:
- Version 0.2: http://www.mediafire.com/?u9r3zyoapdaqhvu
- Version 0.1: http://www.mediafire.com/?zojdz82szutzqcq
Screenshots:
Main login page
In menu logout button
Installation:
To implement this plugin theree files need to be modified:
- config.php which is in /conf and /conf/user/config.php
- util.php which can be found in /php dir
- index.html which is found in the root dir
A variable $userpass must be defined in every config.php you will create which will stand for that user's password.
Example:
Code:
$forbidUserSettings = false;
// password for this user
$userpass = 'mypasswordhere';
$scgi_port = 5001;
util.php:
This file needs to be modified to allow the web auth mechanism to be implemented and to prevent other information leaks since, from what I noticed is the file which is included in any other php script after config.php
Please modify the code in BOLD which is found at the beginning of util.php:
Code:
<?php
if(function_exists('ini_set')
{
ini_set('display_errors',false);
ini_set('log_errors',true);
}
if(!isset($_SERVER['REMOTE_USER']))
{
if(isset($_SERVER['PHP_AUTH_USER']))
$_SERVER['REMOTE_USER'] = $_SERVER['PHP_AUTH_USER'];
else
if(isset($_SERVER['REDIRECT_REMOTE_USER']))
$_SERVER['REMOTE_USER'] = $_SERVER['REDIRECT_REMOTE_USER'];
}
WITH THE FOLLOWING CODE:
Code:
session_start();
if(isset($_SESSION['uname'])) {
$_SERVER['REMOTE_USER'] = $_SESSION['uname'];
} else {header("Location: login.html"); die();}
index.html:
index.html needs to be renamed to index.php and need the following BOLD code at the very top of the file to prevent any login:
Code:
<?php
include('php/util.php'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
Additional files:
login.html - this file is the main login page and needs to be added besides the newly modified index.php
If you spot bugs or have any suggestions dont hesitate to reply to this topic.
UPDATE: Bold doesnt seem to work in the / code tags of this board, so make "the code in BOLD" is actually the code which is found between
Code:
and
Code: