Skip to content
/ rutorrent-login Public

Plugin for HTTP cookie based support of multi-user ruTorrent setups

5 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

katlogic/rutorrent-login

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
images
images
 
 
lang
lang
 
 
README.md
README.md
 
 
auth.php
auth.php
 
 
conf.php
conf.php
 
 
init.js
init.js
 
 
init.php
init.php
 
 
login.css
login.css
 
 
plugin.info
plugin.info
 
 

Repository files navigation

Multiuser login for ruTorrent

This plugin enchances ruTorrent with cookie-based form-login multi user support.

Setting up

This setup has been tested only with apache, however it should be pretty universal as long you have working installation of PHP with _SESSION[] support.

RPC

First make sure you're NOT using http auth (.htaccess/.htpasswd). Also remove all SCGI/RPC stuff from your webserver. Enable the RPC plugin for all users by default by putting the following snippet into conf/plugins.ini:

[plugins]
rpc = enabled
login = enabled

Second, we need to direct the SCGI/RPC plugin at proper RPC socket based on who's logged in, in your conf/config.php:

 $scgi_port = 0;
 session_start();
 $ruser=$_SERVER[DOCUMENT_ROOT]?$_SESSION[login]:$_SERVER[argv][1];
 $scgi_host = "unix:////home/".$ruser."/.rtorrent.rpc";
 $_SERVER[REMOTE_USER]=$_SERVER[PHP_AUTH_USER]=$ruser;

The complex REMOTE_USER variable override must be in the config file because the plugin cannot hook into all places expecting it otherwise.

Naturally, there must be working SCGI socket at /home/user/.rtorrent.rpc, eg.

scgi_local=/home/user/.rtorrent.rpc

Should be in /home/user/.rtorrent.rc.

Authentication

Finally, you have to configure your authentication scheme in plugins/login/conf.php, for example:

function auth_ok($uname,$upass) {
   if ($uname == "user" && "$upass" == "secret")
    return true;
   if ($uname == "luser" && "$upass" == "secret2")
    return true;
   return false;
}

The auth_ok() function provides great deal of flexibility. Not only you can use arbitrary database setup, but you can also invoke a sudo script which launches rtorrent in screen on successful login, and fix permissions of /home/user/.rtorrent.rpc (because it must be R/W accessible by the webserver).

Security

The plugin tries to disable all other plugins (including RPC) when no valid user credentials are present. RPC pipe is directed according to HTTP session, so user cannot go around and RPC rtorrent of other users.

Note that all PHP scripts MUST run under different user if your users can upload .php of their own (~/public_html, a common ie multi-purpose UNIX box). If that is your case, make sure that directory root of rutorrent uses suPHP and only that user can sudo, chmod/chown .rtorrent.rpc for users. Also check that php session files are not readable by your local users).

About

Plugin for HTTP cookie based support of multi-user ruTorrent setups

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages