HOWTO:TorrentFlux, php-based interface for bittorrent client

How are you using your Bubba? Got ideas for a cool modification? Share!
Tim
Posts: 36
Joined: 16 Jun 2007, 03:18
Location: Australia

Re: LightTP and SQLite

Post by Tim » 06 Nov 2007, 02:36

Yes please Bjorn, this would be really good.

I suspect that it would be a bit more secure - not so many SQLite crackers as MySQL...

Cheers,

/Tim

bjorn
Posts: 88
Joined: 03 Jan 2007, 09:02

Post by bjorn » 15 Nov 2007, 17:46

The (in)security of any database engine in conjuction with PHP is mostly derived from the PHP-application itself.

Sloppy written PHP can allow for SQL-Injections by sending malicious queries in regular web-forms. Any database would presumably be vulnerable to this kind activities. Coders MUST validate user input in their application.

The main objective while switching to SQLite for my part was to minimize footprint of the database and webserver functions. I completely removed mysql and apache, hence it's guaranteed that the bubba admin-gui would function after performing the switch.

:)

Tim
Posts: 36
Joined: 16 Jun 2007, 03:18
Location: Australia

Re: LightTP and SQLite - Reply

Post by Tim » 15 Nov 2007, 20:25

Thanks Bjorn - Can you post what sort of memory savings you got? My interest is in using web servers with Python and SQLite.

Yes the SQL injection problem should be dealt with by the programmer. As you know you can reduce this with "mysql_real_escape_string" in MySQL.

Interestingly, Secunia shows these vulnerabilities:-

MySQL 4 - 16 patched, 4 unpatched.
MySQL 5 - 8 patched.
Apache 1.3 - 19 patched, 1 unpatched.
Apache 2.0 - 32 patched, 3 unpatched.
Apache 2.2 - 4 patched, 1 unpatched.
SQLite (All) - None reported (the SQLite people are very committed to quality).
Lighttpd - 6 patched.

I prefer using the completely free SQLite licence http://sqlite.org/copyright.html to the MySQL GPL/Commercial mixture.

/Tim

cyborgxs
Posts: 6
Joined: 31 Aug 2007, 08:49

torrentflux sqlite

Post by cyborgxs » 23 Feb 2008, 14:15

hi

Thanks Bjorn for an execellent tutorial, I just have a query relating to sqlite. I have got torrentflux running fine with mysql, but concerned with server load : memory 100% usage + harddrive running at 53C, etc, :(

I have tried following a couple of guides about installing sqlite:

Code: Select all

#sudo apt-get install php4-sqlite
creating the sqlite db:

Code: Select all

#sqlite tf.db < sqlite_torrentflux.sql
#sudo cp tf.db /var/db/tf.db 
from the script available at:
http://www.torrentflux.com/forum/index. ... 352.0.html

then changing config.php from:

Code: Select all

$cfg["db_type"] = "mysql";       // mysql, postgres7 view adodb/drivers/
$cfg["db_host"] = "localhost";   // DB host computer name or IP
$cfg["db_name"] = "torrentflux"; // Name of the Database
$cfg["db_user"] = "root";        // username for your MySQL database
$cfg["db_pass"] = "";            // password for database
to:

Code: Select all

$cfg["db_type"] = "sqlite";       // mysql, postgres7 view adodb/drivers/
$cfg["db_host"] = "/var/db/tf.db";   // DB host computer name or IP
$cfg["db_name"] = "main"; // Name of the Database
$cfg["db_user"] = "root";        // username for your MySQL database
$cfg["db_pass"] = "";            // password for database
but if I restart apache2 and browse to http://myserver/tf/ where using mysql, there was a fully working torrentflux, there is now a blank page. the apache2 log at /var/log/apache2/error.log show no errors.

cheers

henry

C-mon
Posts: 1
Joined: 02 Mar 2008, 13:50

Re: torrentflux sqlite

Post by C-mon » 02 Mar 2008, 14:02

cyborgxs wrote: but if I restart apache2 and browse to http://myserver/tf/ where using mysql, there was a fully working torrentflux, there is now a blank page. the apache2 log at /var/log/apache2/error.log show no errors.

cheers

henry
I solved this by adding the line

Code: Select all

extension=sqlite.so
to the "extension" part of /etc/php4/apache2/php.ini

I guess this should have been added automatically by the php4-sqlite package but it wasn't.

The next problem I ran into was that the login page couldn't write to the db. For some reason the www-data user has to have write permissions to the directory containing the db file. Simply setting the right permissions to the db file doesn't work.

I now have torrentflux running on the standard apache2 webserver together with sqlite. It feels a bit snappier than with mysql, but the difference isn't dramatic. I guess the next step is to swap Apache2 for Lighttpd.

It seems though that Lighttpd doesn't exist in Bubba's standard repositories. Does anyone know which repository to add to get lighttpd?

Thanks in advance!

solar
Posts: 4
Joined: 01 Mar 2008, 10:49

Re: torrentflux sqlite

Post by solar » 02 Mar 2008, 14:18

cyborgxs wrote: It seems though that Lighttpd doesn't exist in Bubba's standard repositories. Does anyone know which repository to add to get lighttpd?
Simply add "deb http://www.backports.org/debian sarge-backports main contrib non-free" to the sources.list. Then you should be able to install with
"apt-get -t sarge-backports install lighttpd".

Enjoy!

cyborgxs
Posts: 6
Joined: 31 Aug 2007, 08:49

Post by cyborgxs » 21 Mar 2008, 07:47

I ve managed to get lighttpd working with torrentflux and sqlite, and it is _much_ more responsive, non of the "The page will refresh in -4000 seconds" I was getting before. Not quite sure how the web-admin interface for the bubba works though so I have set up a seperate /var/www2/ directory for lighttpd and am running it side by side with apache.

Now all I need to do is get hold of a version of php 5.2 (plus php-cgi) so I can run the latest version of phpsysinfo on lighttpd!

tester22
Posts: 4
Joined: 15 Jul 2007, 11:10

Post by tester22 » 26 Mar 2008, 07:00

I would reccomend upgrading from torrenflux to torrentflux-b4rt (http://tf-b4rt.berlios.de/).

Have been using it on my bubba together with transmission and sqlite and there are some great functionality that is missing in the standard version of torrenflux.

Locked