Start your own public tracker

[dudave]

hey again

found a small error on the torrent page
usually after the first post it's writin this:


Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/dudave/public_html/torrent.php on line 84

and this is what is found on line 84 in the torrent.php file:

while($row=mysql_fetch_assoc($res)){
if($row['ctextbb']===''){
fload('bbcode');
$bb=bbcode($row['ctext']);
$res=mysql_query('UPDATE `commenttext` SET `ctextbb`='.dbesc($bb).' WHERE `cid`='.$row['cid']) or error('Database error');
$row['ctextbb']=$bb;
}

it doesn't interfer with anything, it's just giving this message under
the first comment.

[spectator1]

Hey rvt,

I had to insert

Code:

    @include_once('db.php');
    if(!defined('DB')) error('Cannot load database functions');
    dbopen();

at line 43 in announce.php because I got an error about dbesc being a unkown function and I saw it also didn't open the database.

I thought that piece of code might as well be moved somewhere earlier (line 33 maybe so that lines 37-39 become redundant)?

My settings:
define('ULACCT',true);
define('OPENTRACK',false);
define('PRIV',false);
define('SOURCE','');
define('MARKPRIV',false);

[Lope333]

wow rvt: you're my hero. how many users u reckon this tracker would handle at once?

does it delete old records? (like after a certain period of inactivity to keep the DB size down)
personally i'm not interested in the ability to connect with other trackers.

well done on the tracker and best wishes for a speedy recovery. i've just gotten into php in the last few months. this will be awesome to play with. peace

btw i thought of cool features:
forum should have a capcha thing to reduce spam.
when user uploads a torrent they must type in their forum user and password.
torrents uploaded can be recorded as supplied by them and the number of downloads of each torrent can be recorded
then there can be a "best uploaders" page showing the best uploaders calculated by whos torrents have had the most downloads
these users can then be given special treatment somehow, like skipping queues (i dont know how slots are allocated with BT so this might be nonsense)

as well as encouraging uploading, it also allows for an element of trust, you get to know that superjoex only uploads decent stuff. etc.
all files listed can have trust points (showing how many points the uploader of that file has)

i understand the concern... IPs dont need to be stored for this feature.

if it is possible to give users special treatment, (i dont know enough about the system) then allowing for user login/pass with ratios would be sweet.

some torrent sites ban users who dont upload enough. i dont care about that. i prefer to reward the good rather than punish the bad

[rvt]

@spectator1: good spotting. Exactly the way I would fix it.
Every time I see that nick I think of bob, but I guess you were probably around for all those fun and games, you old fart

The next release will probably be nothing like the last one.
That one was a bit rushed and shoddy, this one is from ground up. It'll have a lot more features though.
It'll also more than likely be split into two branches, one for public and one for private.

To adress a couple of points raised by Lope333:
Captcha systems are designed as a way of determining whether the poster is human rather than spam prevention. A human could post 100 times a minute even with a captcha in place. If someone starts to bomb your forums with posts, I always see it as better to deal with that person rather than limit all your other users.

Requiring username and password for upload is a waste of time with this code really. The cookies are protected by having the IP address hashed into them, taking out a major source of account hacks. It still leaves 3 possibilities.
1) They know your password, in which case this will not stop them.
2) They are on your computer. This would stop them, but if they are using your computer they can more than likely bluff an admin into resetting their password. The next version will include a recovery script for passwords, which means they could do it without involving an admin.
3) Database hacks. Although I'm fairly confident there are no SQL holes, it's a remote possibility. If this happens though, there are bigger problems than torrents being uploaded. Even if we require a password, there is nothing to stop someone with database access from running a rainbow table attack.

The next version will tie uploaded torrents to specific users for the purposes of being able to edit. Code can either be modded in to do what you want, or I may include some of it by default. Either way, I'll throw in an anonymous box for uploads so they can keep their names from the top lists.

On the subject of ratios, it's something I'm debating. At revolt we don't use ratios for anything. It's a small place and we figure a user is worth more than a number. If I leave out ratios, it might encourage more sites to run a similar system and mark the code as being for smaller groups (mainly friends). It also removes the problem of ratio cheaters completely.
Lots of smaller, friendlier sites with lower operating costs is how I'd like to see the torrent scene go to make things harder on the mafiaa, but people will run the sites they want to run.

If I include ratios, it makes the site more durable for a range of uses, but still encourages ratio logging and leaves the problem of cheats.
If ratios are included, I cannot include any of the code I have written for detecting various cheat clients by name, as this would give the makers clues to improve their cheats. The best that could be included in a public release is a speed reporter, and this only catches the most stupid cheats rather than the worst ones.

I'm toying with various ideas to allow seedtime as a point system, but without some ratio inclusion that discriminates against seedboxes which seed to high ratios for a very short time.

Whatever happens, I'll be redoing the sysdev site to include some forums, so we should be able to at least have a mod section.

[SAM]

thanks rvt that's very nice

[Lope333]

thats awesome rvt.

you're right about the capcha thing. simply having a non-standard forum will prevent most automated spam bots.

i have a slightly different approach to security. if people cheat on my site and give themself an inflated ratio whether its for their ego or to leech, i dont care. most people are normal and wont go to such great lengths. if someone steals someone else's account i dont really care either. 99% of the time things will work as they are planned.

giving certain users special treatment was just an idea to encourage uploading, but not important.

a good way for rewarding users with privelages (which is hard to hack) is counting the number of different users download torrents that they have created.
(but i'm not sure how to determine whether downloaders are unique without storing IPs)

the main thing that i see as being important is being able to know that a certain alias uploaded a certain torrent, which gives it *some* authenticity. (more than none)

and if peoples passwords get hacked they can recover them with an email link and then make their password more secure.
the system should probably store failed login attempt IPs for a certain period of time, and then block that user from making too many attempts.

another idea for killing forum spam is giving users with more than x posts on the site the ability to mark a post as spam, and if 3 of them do that, it will get moved to a spam section where the mods can review it.

[TheFoX]

you're right about the capcha thing. simply having a non-standard forum will prevent most automated spam bots.

A spam bot can be modified to work with any forum, so a non-standard is not the answer.

I created something a year or so back called anti-flood code, and is designed to only allow x torrent comments, forum posts or personal messages to be sent every hour. Once that limit has been reached, no more submissions can be made until cleanup is run (whereby a percentage of the sum is reduced).

A similar system, based on my own, was submitted by ScarS, which again restricts the number of allowed postings (or messages or torrent comments).

My system allows me to change the maximum value for each attribute, so a persistant forum spammer can easily be restricted to one post per hour, whereas a valued contributor can have that value increased to whatever we felt would be benefitial.

Along with that code is another bit of code that restricts how many times a client can announce, which is also another form of flooding (when it is done repeatedly).

All this, and more, can be found on TBDev.net...

[jasperr]

any further development rvt??

[rvt]

Been working on it flat out. Lots of fairly big code pieces are getting done at the moment. Mostly backend stuff, like a proper ip to name function that doesn't block a page for minutes at a time, integrating maxminds geoip ip to country, fully working utf-8 support, url/ip/email validation are all done.
Also done a whois lookup page for mods, so they can click an IP and see the ISP name etc, even when PTR lookups fail.

Security is mostly done. Auto logouts when your cookies are used from a different address, blocking of brute force attempts on login/cookie login/password recovery/email change validation etc. Currently adding in a session based verification for mod functions to prevent mods being tricked into doing something from an external link.

I'm putting in some intelligent caching, whereby the cache is actually a php file. An example of where it's useful, a profile page. Normally, you want certain parts of a profile only accessable to staff, like mod comments. If you cache the HTML output, it's either missing the staff parts, or they become accessable to everyone. Storing as a php file allows us to keep the seperation while storing all the data preloaded and preparsed.
Works nicely on the news page as well, where you have a lot of bbcode() calls that can be cut down by caching but also want links to edit/delete only for admins.

It has 2 stage access control. There are mod/torrent mod/admin and sysop flags for classes, as well as class numbers. You can have a sysop at class number 1000 say, and an admin at 2000. The admin still only gets admin access, but can alter the sysops account. It allows you to make a coder class with sysop privs (can see everything), but have the coders account settings accessable to the admins.

I've built a setup script for it, which should run you through everything easily. All that needs doing on that is plugging in the sql queries once the code is finished.

Been building this one on windows with php4, and testing with linux and php5. Testing on apache and lighttpd. It should be more reliable, although it might be better running it on a VPS or paid for webspace rather than free space.

This version will be definately aimed towards private sites. Once this is finished with, I can start replacing the private stuff with public stuff.

[jasperr]

that sounds way awesome rvt...... your a monster!!.. lol

looking at the SSs and what i've read so far though(unless i missed that), are there any plans to have the ability to have catagories?? or are ya gonna forgo all that... eiether way works for me personely...

keep up the good work m8!