Author Topic: Btittracker V.1.1 Fixed Version  (Read 13418 times)

Offline Lupin

  • Administrator
  • Hero Member
  • *****
  • Posts: 10,952
    • http://www.btiteam.org
Btittracker V.1.1 Fixed Version
« on: October 01, 2005, 06:51:17 PM »
UPGRADE TO V.1.1 IS RECOMMENDED TO ALL WEBMASTER

- account.php:
   + fixed: fatal error if gd library not set
- usercp.php:
   + fixed: hack sql injection code on avatar url
- functions.php:
   + fixed: makesize function with negative parameters
- upload.php:
   + fixed: malicious code in torrent filename/info.

Download link:
http://www.btiteam.org/index.php?ind=downl...ry_view&iden=44 (http://www.btiteam.org/index.php?ind=downloads&op=entry_view&iden=44)
« Last Edit: October 01, 2005, 06:53:04 PM by Lupin »
Please don't PM me about question already asked in forum!

Help or support requested using PM will be billed 50 euros/hour, minimum 1 hour; support on forum is free.

Offline Lupin

  • Administrator
  • Hero Member
  • *****
  • Posts: 10,952
    • http://www.btiteam.org
Btittracker V.1.1 Fixed Version
« Reply #1 on: October 02, 2005, 11:12:12 AM »
as soon as i get time to post it, I'll post the change to fix your tracker manualy, so anyome with customized site could fix himself.
Please don't PM me about question already asked in forum!

Help or support requested using PM will be billed 50 euros/hour, minimum 1 hour; support on forum is free.

seaman

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #2 on: October 02, 2005, 11:36:45 PM »
First sorry for my bad english :(

are is this upgrade for Btit v.1 Pleasuredome edition too?

thanks and nice job

dodge

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #3 on: October 03, 2005, 02:49:04 AM »
Hi guys, just installed this version but i still canīt manage to create a new member, surely because of the gd library not being enabled by my host in php.ini. The numbers are not showing, and i donīt even get a "submit" button.
Is there a way to disable image activation in account.php? Sorry if i should have placed this question anywhere else.
Thanks for any help spared, and congratulations for the great tracker, u guys did a hell of a job :)

Offline Lupin

  • Administrator
  • Hero Member
  • *****
  • Posts: 10,952
    • http://www.btiteam.org
Btittracker V.1.1 Fixed Version
« Reply #4 on: October 03, 2005, 08:55:56 AM »
gd library detection should be automatic into account.php... did you get some errors?
Please don't PM me about question already asked in forum!

Help or support requested using PM will be billed 50 euros/hour, minimum 1 hour; support on forum is free.

Offline Lupin

  • Administrator
  • Hero Member
  • *****
  • Posts: 10,952
    • http://www.btiteam.org
Btittracker V.1.1 Fixed Version
« Reply #5 on: October 03, 2005, 08:57:42 AM »
Quote
First sorry for my bad english :(

are is this upgrade for Btit v.1 Pleasuredome edition too?

thanks and nice job
I think it's not OK for pleasuredome edition, asap I'll post the exact corrections to upgrade by hand.
Please don't PM me about question already asked in forum!

Help or support requested using PM will be billed 50 euros/hour, minimum 1 hour; support on forum is free.

Offline Lupin

  • Administrator
  • Hero Member
  • *****
  • Posts: 10,952
    • http://www.btiteam.org
Btittracker V.1.1 Fixed Version
« Reply #6 on: October 03, 2005, 11:09:42 AM »
HowTo upgrading manualy your tracker

account.php
search for
Code: [Select]
// -----------------------------
// Captcha hack
// -----------------------------
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
// -----------------------------
// Captcha hack
// -----------------------------
}
Replace with
Code: [Select]
// -----------------------------
// Captcha hack
// -----------------------------
if (extension_loaded('gd'))
  {
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
  }
// -----------------------------
// Captcha hack
// -----------------------------
}

search for
Quote
$public=$_POST['public_key'];
$private=$_POST['private_key'];

$p=new ocr_captcha();

    if ($p->check_captcha($public,$private) != true)
       {
        print(ERROR." ".ERR_IMAGE_CODE."<br>");
        print("<a href=account.php>".BACK."</a>");
        block_end();
        exit;
    }

replace with
Code: [Select]

if (extension_loaded('gd'))
  {
  $public=$_POST['public_key'];
  $private=$_POST['private_key'];

    $p=new ocr_captcha();

    if ($p->check_captcha($public,$private) != true)
        {
        print(ERROR." ".ERR_IMAGE_CODE."<br>");
        print("<a href=account.php>".BACK."</a>");
        block_end();
        exit;
    }
  }

usercp.php
search for
Code: [Select]
    elseif ($do=="user" && $action=="post")
        {
        if ($_POST["confirm"]==FRM_CONFIRM)
           {
           $idlangue=0+$_POST["language"];
           $idstyle=0+$_POST["style"];
           $email=$_POST["email"];
           $avatar=$_POST["avatar"];
           $idflag=0+$_POST["flag"];
replace with
Code: [Select]
    elseif ($do=="user" && $action=="post")
        {
        if ($_POST["confirm"]==FRM_CONFIRM)
           {
           $idlangue=0+$_POST["language"];
           $idstyle=0+$_POST["style"];
           $email=AddSlashes($_POST["email"]);
           $avatar=AddSlashes($_POST["avatar"]);
           $idflag=0+$_POST["flag"];


functions.php
search for
Code: [Select]
function makesize($bytes) {
  if ($bytes < 1000 * 1024)
    return number_format($bytes / 1024, 2) . " KB";
  if ($bytes < 1000 * 1048576)
    return number_format($bytes / 1048576, 2) . " MB";
  if ($bytes < 1000 * 1073741824)
    return number_format($bytes / 1073741824, 2) . " GB";
  return number_format($bytes / 1099511627776, 2) . " TB";
}
replace with
Code: [Select]
function makesize($bytes) {
  if (abs($bytes) < 1000 * 1024)
    return number_format($bytes / 1024, 2) . " KB";
  if (abs($bytes) < 1000 * 1048576)
    return number_format($bytes / 1048576, 2) . " MB";
  if (abs($bytes) < 1000 * 1073741824)
    return number_format($bytes / 1073741824, 2) . " GB";
  return number_format($bytes / 1099511627776, 2) . " TB";
}

upload.php
search for
Code: [Select]
if (isset($_POST["filename"]))
   $filename=$_POST["filename"];
else
    $filename = StripSlashes($_FILES["torrent"]["name"]);

if (isset($hash) && $hash) $url = $TORRENTSDIR . "/" . $hash . ".btf";
else $url = 0;

if (isset($_POST["info"]))
   $comment = addslashes($_POST["info"]);
else
    $comment = "";
replace with
Code: [Select]
if (isset($_POST["filename"]))
   $filename=htmlentities($_POST["filename"]);
else
    $filename = StripSlashes($_FILES["torrent"]["name"]);

if (isset($hash) && $hash) $url = $TORRENTSDIR . "/" . $hash . ".btf";
else $url = 0;

if (isset($_POST["info"]))
   $comment = htmlentities(addslashes($_POST["info"]));
else
    $comment = "";

That's all.
Please don't PM me about question already asked in forum!

Help or support requested using PM will be billed 50 euros/hour, minimum 1 hour; support on forum is free.

dodge

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #7 on: October 03, 2005, 12:11:58 PM »
Quote
gd library detection should be automatic into account.php... did you get some errors?
Just the usual:
Quote
Fatal error: Call to undefined function: imagettftext() in /.../.../public_html/tracker/include/functions.php on line 1713.

After the image code input field i get nothing else, just the error.

Is it possible to enable gd library via htaccess?
« Last Edit: October 03, 2005, 12:18:48 PM by dodge »

seaman

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #8 on: October 03, 2005, 12:57:54 PM »
Thank you Lupin
I try to upgrade now

Best regards

thewarlock

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #9 on: October 03, 2005, 01:23:07 PM »
Just install it and no problemo, works fine, thanks master Lupin.

Offline Lupin

  • Administrator
  • Hero Member
  • *****
  • Posts: 10,952
    • http://www.btiteam.org
Btittracker V.1.1 Fixed Version
« Reply #10 on: October 04, 2005, 09:20:06 AM »
Quote
Quote
gd library detection should be automatic into account.php... did you get some errors?
Just the usual:
Quote
Fatal error: Call to undefined function: imagettftext() in /.../.../public_html/tracker/include/functions.php on line 1713.

After the image code input field i get nothing else, just the error.

Is it possible to enable gd library via htaccess?
seems that gd library is enable, but freetype library (also required) is not. try to find a turn around, sorry...
in account serch for
Code: [Select]
if (extension_loaded('gd'))
  {
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
  }
replace with
Code: [Select]
if (extension_loaded('gd'))
  {
  $arr = gd_info();
  if ($arr['FreeType Support']==1)
  {
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
  }
}

not tested, let me know if it work.
Please don't PM me about question already asked in forum!

Help or support requested using PM will be billed 50 euros/hour, minimum 1 hour; support on forum is free.

dodge

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #11 on: October 05, 2005, 05:47:04 PM »
Thanks master Lupin :P
Iīll give it a try and return with some feedback later.


--edit---

Sweet! It works.
The condition to check wether freetype support is enabled solved the problem.
Thanks again Lupin, youīre the man :)
« Last Edit: October 05, 2005, 06:11:32 PM by dodge »

dodge

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #12 on: October 07, 2005, 02:00:53 AM »
Talked too early. Got a error message whenever someone try to register...
Everything works fine until they press the "Confirm" button. Then, this appears:

Code: [Select]
Error: Image Code dont match

Image code function is still working somehow. Canīt i just erase this function?
Or maybe a mod to just deactivate this all function in admincp?
« Last Edit: October 07, 2005, 02:02:04 AM by dodge »

Offline Lupin

  • Administrator
  • Hero Member
  • *****
  • Posts: 10,952
    • http://www.btiteam.org
Btittracker V.1.1 Fixed Version
« Reply #13 on: October 07, 2005, 08:43:03 AM »
Sorry, in account.php

find:
Code: [Select]
if (extension_loaded('gd'))
 {
 $public=$_POST['public_key'];
 $private=$_POST['private_key'];

   $p=new ocr_captcha();

   if ($p->check_captcha($public,$private) != true)
       {
       print(ERROR." ".ERR_IMAGE_CODE."<br>");
       print("<a href=account.php>".BACK."</a>");
       block_end();
       exit;
   }
 }
replace with
Code: [Select]
if (extension_loaded('gd'))
 {
 $arr = gd_info();
 if ($arr['FreeType Support']==1)
   {
 $public=$_POST['public_key'];
 $private=$_POST['private_key'];

   $p=new ocr_captcha();

   if ($p->check_captcha($public,$private) != true)
       {
       print(ERROR." ".ERR_IMAGE_CODE."<br>");
       print("<a href=account.php>".BACK."</a>");
       block_end();
       exit;
   }
  }
 }

 
Please don't PM me about question already asked in forum!

Help or support requested using PM will be billed 50 euros/hour, minimum 1 hour; support on forum is free.

dodge

  • Guest
Btittracker V.1.1 Fixed Version
« Reply #14 on: October 07, 2005, 03:33:27 PM »
Iīm the one who's sorry Lupin, for all the trouble.
Tryed the above code but it seems that ImageTTFText is also not enabled in my server.

Code: [Select]
Fatal error: Call to undefined function: imagettftext() in /home/kronos/public_html/tracker/include/functions.php on line 1999 (in the registration table).

I commented out all references (3) in functions.php to ImageTTFText, and the error goes away, i get the "confirm" and "cancel" buttons, and the registration is working although i get also this after registration:

Code: [Select]
Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/kronos/public_html/tracker/account.php on line 118


Account Created

Congratulations your account is now valid!
Now you can login on the site using your account.


Itīs working, but with errors.

Iīm also trying to integrate ipb 2.0.3 with btit, iīve managed to create account in both tables by registering only in the tracker, including ibf_member_extra, where vdirs and avatar info goes.
My next step will be to display in the forum uploaded/downloaded info beneath members avatar. Has anyone tryed that already?
If so, which is the file to edit?
« Last Edit: October 08, 2005, 05:24:42 AM by dodge »