Tutorial : Rapidleech Upload Plugin
NOTE: This article might not be suitable for everyone. You must at least have a little knowledge with PHP and be quite capable with HTML to continue.
NOTE: We are using Filefactory member upload plugin as an example in this tutorial. The code you see is simply to illustrate how things work with filefactory so you can see how to put the whole plugin together. Don’t expect to just copy this code into a new plugin and expect it to work!
How Rapidleech Works
Before teaching you how to really write a plugin, I must explain the way Rapidleech works, you can see this if you read the Rapidleech Download Plugin Tutorial. If however, you already understand, you can skip it.
Categorised Upload Stages
The main stages in getting Rapidleech to upload a file to a site are (btw these are what we need to make the Rapidleech script do itself):
Log in to the target site
Grab any cookies sent back from the server
Navigate to (=load) the upload page of the target site using the login cookies we just got earlier
Get the target upload url and perhaps a random id from the upload form using the cut_str() function, or you can use preg_match()
Use these login cookies and/or upload id together for the file upload if required – they may or may not be needed for uploading depending on how the uploader works
Always remember, Rapidleech acts like a browser does, in that it ‘imitates’ what a normal user does when logging in to a site, clicking the login / upload buttons etc.
Logging In with HTTP Debugger
Login via browser (to see headers)
So we first get Rapidleech to login to the target site and load the cookies that are sent back.
Simply load up HTTP Debugger or your HTTP header catcher of choice, and then login to FileFactory in your browser. Make sure you are on the login page, or can see a login form where you can enter your user and pass, and then clear your cookies. We do this to make sure no session cookies were already set when we initially loaded the login page. Input your login and pass, and click on Login. In your HTTP debugger you should see the postdata:
As you can see the postdata got urlencoded before it was posted (sent) to the server, that’s why you can see the %40 instead of an @ symbol.
Analysing the Header Response Code
The server’s response to this post is a 302 Found, and a cookie is set:
HTTP/1.1 302 Found Date: Tue, 31 Mar 2009 16:09:17 GMT Server: Apache X-Powered-By: PHP/5.2.6 Set-Cookie: ff_membership=xLjW0ueLtA4IdfYHy%2F7imBhYGl0eV%2FwUNE4bw5FPzoGYgPVERneUMr6TSVSvMLWc%2v9ZVXQwBr%2BLI7ZIp1CiUSJB9VJSb3h%2FeE1gSvigoNfs4m92WxfhruNqoQuAKbpc5pb9AxYSRYRE%3D; expires=Thu, 30-Apr-2009 16:09:17 GMT; path=/; domain=.filefactory.com Location: /?login=1 Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Connection: close Content-Type: text/html
As you can see, it tells us the new location is /?login=1 so that’s where we basically point Rapidleech. You can see it easier if you look at the filefactory.com_member.php file in the uploads/ folder.
Logging In with Rapidleech
Log In to Filefactory
First, login to filefactory with RL: $post = array(); $post['email'] = trim($_REQUEST['my_login']); $post['password'] = trim($_REQUEST['my_pass']); $post['redirect'] = '/'; $page = geturl("www.filefactory.com", 80, "/", 0, 0, $post, 0, $_GET["proxy"], $pauth); is_page($page); is_notpresent($page, 'HTTP/1.1 302 Found', 'Error logging in - are your logins correct?');
Storing the Login Cookies
Next, grab all the cookies the server sent us. We preg_match the ff_membership cookie to see if it was sent, and if it is missing we know there was an error so we return our own custom html error with the html_error() function.
$cook = GetCookies($page,true); $cookie = @implode("; ",$cook); if (!preg_match('%(ff_membership=.+); expires%', $cookie, $lcook)) html_error('Error getting login-cookie');
Log in again (with login cookies)
Now we can login to the site using the cookie we just got, and the upload form is on the page we’re getting:
$page = geturl("www.filefactory.com", 80, "/?login=1", 0, $lcook, 0, 0, $_GET["proxy"], $pauth); is_page($page); is_notpresent($page, 'You have been logged in as', 'Error logging in - are your logins correct?');
Retrieving the Upload Url
Analysing the upload form
As is the case with downloading, for uploading you basically send some content to the server at some pre-defined address. If you look at the upload form on a website, you will see a form:
Ok, so that form is pretty big..but it doesn’t matter, depending on what folders you set up in Filefactory, you’ll only see them in the options dropdown (the “select” tag).
The action url ‘http://ul016….’ is dynamically generated, because filefactory has more than one upload server, that’s why we have to cut it out and use the one they give at upload-time, rather than use the same one all the time! – you can be sure that if we did use the same one all the time, that server would become very loaded and probably fail eventually.
Storing the upload url
The good thing is, all you usually need to realise is the