Rapidleech Server File Transfer, Professionally

Share on facebook
Share on twitter
Share on linkedin

Rapid Leech is a free server transfer script for use on various popular upload/download sites such as megaupload.com, Rapidshare.com and more than 45 others. The famous Rapidleech script transfers files from Rapidshare, Megaupload, Depositfiles.com, Easy-share.com, etc, via your fast servers connection speed and dumps the file on your server. You may then download these files from your server anytime later.

Rapidleech script has being used by more than 5 million users worldwide and has being installed on more than 2000 servers.

For webmasters, if you have not tried the script before, download and install now and you will see how convenient the script can be. You may also generate income by offering your Rapidleech sites to end-users and earn income from advertising programs. Some webmasters are earning hundreds per day on the advertising program(Google and yahoo Ads) from their Rapidleech sites. Script installation is extremely easy and does not require any database.

For end-users, you may search on our forum for readily available installed scripts on servers worldwide. You may use them but please support these sites by visiting their sponsors or donate in order to keep these sites available.

Rapidleech is evolving constantly, check back for more exciting news about Rapidleech script!

Script Information

  1. Easily transfer files from other servers to your server
  2. Requires PHP (no MySQL required)
  3. Currently works with: rapidshare, megaupload, MyTempDir, getfile.biz, webfile.ru
  4. Loading % transfer bar displaying speed, how much downloaded & % complete
  5. Cool user interface which runs on 1 php page
  6. Proxy support
  7. Send to email support
  8. Save in x directory
  9. File manager which stores info such as date added, comments etc.

This page compiles the most frequently asked questions and their answers. Please do make sure you search here before posting at the forums.

How do I use Rapidleech?

To use Rapidleech, you will need a web hosting which supports PHP. There are also minimum requirement for the configuration of PHP, this includes safe_mode turned off, fsockopen is allowed and upload_max_filesize above 100M. You can also run Rapidleech on your local Windows computer, by install XAMPP.

What’s with all the different Rapidleech versions?

Well, there is eqbal’s plugmod, TheOnly’s Mod and some other user contributed mods. But the main version is eqbal’s plugmod. TheOnly’s Mod extends the capability of Rapidleech suitable for public environment. If you’re looking to host a public Rapidleech, you might be looking for this version. Besides, there is also a nightly build which contains latest fix and features in the trunk. It is quite unstable and meant for developers only.

Installation Questions

Where do I get the latest version of Rapidleech?

You can download the latest version of Rapidleech here: http://code.google.com/p/rapidleech/downloads/list Be careful not to download the nightly versions! They are unstable and are meant for developers only.

How do I chmod a folder to 777?

Well it depend on the ftp software you are using. For most of them , just right-click on the file[example index.php] Click on button set attribute or change permission, Then write 777 in the display box or by clicking on all the radio button. That’s all. Sometimes, it might be that you have reached rapidshare limit.

Rapidleech Errors

Cannot find premium cookie

The plugin must be outdated, download the latest here: http://code.google.com/p/rapidleech/source/list and put them into the appropriate hosts/folder

Error getting access code

Ensure that your files/ folder is chmod to 777, otherwise download the latest here: http://code.google.com/p/rapidleech/source/list and extract them into the appropriate hosts/ folder

Error open socket [rapidshare.com:80] or Error open socket [upload.com:80]

Your host doesn’t support Rapidleech, find another.

Wrong counter

The plugin must be outdated, download the latest here: http://code.google.com/p/rapidleech/source/list and extract them into the appropriate hosts/ folder

Error getting available server’s list

The plugin must be outdated, download the latest here: http://code.google.com/p/rapidleech/source/list and extract them into the appropriate hosts/ folder

Error getting access image url

The plugin must be outdated, download the latest here: http://code.google.com/p/rapidleech/source/list and extract them into the appropriate hosts/ folder

My download stops and then said “Do you want to resume” so when I click it then it says your server dosn’t support resume, what’s wrong?

Your host has a small script executing time and since you do not have a premium account, once the download has stopped, it is impossible to resume…

Progress bar is not seen while server is downloading

If you enable zlib compression and output buffering, you wont’ see the progress bar. Turn it off at php.ini if you have access or just enter the following into .htaccess:

php_flag output_buffering off
php_value zlib.output_compression 0
php_value zlib.output_compression_level -1

If that does not solve your problem, add the following line to .htaccess (only seems to work for mod-php5:

SetEnvIf Request_URI "^/*\.php$" no-gzip

If you are using PHP in FastCGI or mod_fcgid the above methods are unlikely to work anyway. However with FastCGI there is the -flush option to force-flush output, which can only be configured in the fastcgi.conf or appropriate configuration depending on your host OS, see http://www.docunext.com/blog/2007/09/php-fastcgi-buffer-annoyances.html

Couldn’t connect to at port 80

This has been explained many times but I understand it can be hard to find on the forum. Apache has a ‘maxclients’ setting, see http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxclients. If you are sharing your Rapidleech with many people, then you are probably reaching this limit, and as a result you or some other users will receive the ‘couldn’t connect to’ error. If you are sure not that many people are using the server and you are still receiving the error, then it’s Rapidshare blocking it. See “RapidShare blocked malicious third party programs” under http://rapidshare.com/news.html. It’s also possible that the plugin must be outdated, download the latest here: https://code.google.com/p/rapidleech/source/list and extract them into the appropriate hosts/ folder

Couldn’t connect to rapidshare.com at port 80

If you bump into this problem after downloading files from rapidshare, download new plugins from here: http://code.google.com/p/rapidleech/source/list and extract them into the appropriate hosts/ folder Otherwise your host might not support Rapidleech.

My transfer hangs in the middle! It’s always at XX MB!

Check if you have safe_mode on, then have a look upload_max_filesize, if the value is same as the size your file stops downloading, your host does not support Rapidleech.

The previous question is incorrect! My file stops randomly around XX% to XX%!

Well, this is another situation.

When I transload files, they complete fine, but they are not appearing in the files list!

You might not have chmod your configs/files.lst or configs/ to 777.

Warning: Call-time pass-by-reference has been deprecated

This has been fixed in rev. 41.

For previous versions, edit index.php. Find:

$file = getftpurl($_GET["host"], $ftp["port"] ? $ftp["port"] : 21, $_GET["path"], &$pathWithName);

Change to:

$file = getftpurl($_GET["host"], $ftp["port"] ? $ftp["port"] : 21, $_GET["path"], $pathWithName);


$file = geturl($_GET["host"], $_GET["port"], $_GET["path"], $_GET["referer"], $_GET["cookie"], $_GET["post"], &$pathWithName, $_GET["proxy"], $pauth, $auth, $ftp["scheme"]);

Change to:

$file = geturl($_GET["host"], $_GET["port"], $_GET["path"], $_GET["referer"], $_GET["cookie"], $_GET["post"], $pathWithName, $_GET["proxy"], $pauth, $auth, $ftp["scheme"]);

Rapidleech Questions

How to setup password on rapidleech?

  1. Open config.php using notepad (or Any ASCII editor).
  2. Find
    $login = false;

    change to:

    $login = true;
  3. Find
    $users = array('admin' => 'admin', 'test' => 'test');


    $users = array('user1' => 'pass1', 'user2' => 'pass2');

    where user1 means your Username and pass1 means your Password. Change them as you like. Save the file and upload it to the web server. Now it will ask for user name and password every time the page is opened.

How do I split files on Rapidleech and join them after I have downloaded to my PC?

Say you have a file on webserver. [aa.avi] You splitted it using rapidleech split option in suppose 2 parts. You will get 3 files

aa.001 aa.002 aa.crc

Download all these files to your PC and put them in 1 folder

Download the software: http://www.freebyte.com/hjsplit/

Run the software select the .crc or .001 file and click join.

How to download files from a FTP site which requires a username and password and cannot b logged in as anonymous using Rapidleech?

In the download box type:


Can Rapidleech download torrent files?

No, and we will never support downloading torrent files unless PHP supports it natively.

Is it possible to transfer files from IRC to your server using Rapidleech?

No, Rapidleech won’t be supporting it either.

Does Rapidleech support rar and unrar?

Not currently, we might in the future.

How to use premium accounts in Rapidleech?

To use premium account, edit configs/config.php

If you have a rapidshare.com account, edit this line:

//$premium_acc["rs_com"] = array('user' => 'your username', 'pass' => 'your password'); # Remove '//' from the beginning and enter your username and password for rapidshare.com premium account

Enter your username and password between the (Don’t remove them!), then don’t forget to remove the ‘//’ at the beginning of the line!

How to set a custom filename prefix or suffix for all downloaded files?

Simply open up the config.php and edit the values under the ### Auto-Rename ### section.

How to use a proxy with Rapidleech?

I’m almost certain most of this isn’t going to work with the some/most of the plugins as they are atm, since when programming it for use, the required code for allowing proxy use was probably not included. Anyway here’s how you do it, hoping it will work for you!

Open the settings tab, then click the ‘Use Proxy Settings’ checkbox. Now fill in ‘Proxy’, ‘Username’ and ‘Pass’. User and pass are obvious, you will have to ask the proxy owner to give you them, or you will be given them. also you will be given a proxy (say from proxy.org) in the format ip:port – enter this into the ‘Proxy’ box, e.g. 123.456.78.9:8080. If the proxy doesn’t specify a port then try using port 80 explicitly, e.g. 123.456.78.9:80.

Using Rapidleech

How do I upload files to filehosting sites?

Go to the Files tab, then select Action -> Upload. Then select a filehosting site of your choice. If you want to upload many files automatically, use the auto-uploader (see the button in the left column).

How do I extract RAR files?

It is possible to extract RAR files, using the plusRAR mod by DanielX_x, see forum index for more info and link.

Rapidleech Development Questions

I want to help Rapidleech development, what should I do?

Look at our Development Introduction, it will guide you to developing Rapidleech.

I’d like to help, but I don’t know programming, what should I do?

There are many ways you can contribute to Rapidleech. You can help us moderate our forum, create new skins for Rapidleech if you are good in web designing, or even help us write articles to make our wiki more complete!

If you don’t know how to start

There’s an excellent PHP tutorial for absolute beginners at the Zend Developers’ Zone.

Fix Rapidleech

Try to fix plugins

Plugins is the easiest portion of code in Rapidleech. There are some tutorial on how to write but if you still don’t understand, you might want to start by try fixing broken ones.

Implement New Things

You can try to implement new features or anything to make Rapidleech even usable. You can submit your mods in a way that everyone can understand.

Programming Guidelines

There are a few rules that we want developers to know when writing codes for Rapidleech:

Try your best st a URL to download from Rapidleech, Rapidleech will act ato comment

When sometimes, there are hacks which are needed to make things work right, some developers do not understand when going through them. To prevent them from removing lines which are not supposed to be removed, you might want to write some comment on it so that everyone who reads it understand what you are trying to do. But it is unnecessary to comment each line and every word on what you’re trying to do, keep the code clean and simple, plus understandable.

Don’t copy your same code around everywhere

If you have a piece of code which is needed a lot of times, don’t use copy. Use a function instead and put the function in others.php since it will always be included.

How to Write a Download Plugin For Rapidleech

If you want to make an upload plugin, please goto here.

NOTE: This article might not be suitable for everyone. You must at least have a little knowledge with PHP and quite capable with HTML to continue.


When you request a URL to download from Rapidleech, Rapidleech will act as a browser. It will send a so-called HTTP request to the host’s server and receives the response. During this transmition, there are a few important components, which are referer, cookie and post. Please make sure you do understand them before continuing. In order not to make this article too long, I will not be explaining them. Some file hosts require the correct referer and cookie value sent in order to give you the download link to download, so it is essential to always give the correct value. Now, you might be a little confused here, don’t worry, try to understand what I’m saying, eventhough you don’t know, just understand first, and continue.

In this article, I will take the easiest file host as example: zshared.net. I believe that after reading this article, you will be able to write even more complicated plugins on your own. But of course, I will also explain some essential parts.

When you want to download from zshared, you will first enter the file url, then hit enter on the browser. During this process, the browser actually sends a GET request to the server which looks like this:

GET / HTTP/1.1
Host: zshare.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

Upon receiving this request, the server will return a response, which looks as below:

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.0-8+etch13
Content-type: text/html; charset=UTF-8
Last-Modified: Tue, 17 Mar 2009 10:32:36 -0400
Cache-Control: post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: sid=ed161d014ec131d4146ab3239892ac45; expires=Wed, 17 Mar 2010 14:32:36 GMT; path=/; domain=.zshare.net
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4232
Date: Tue, 17 Mar 2009 14:32:36 GMT
Server: lighttpd/1.5.0

Note that this is just the header of the response, there are still some more data below, which is the page which you will usually see when you open zshare.net in the browser.

During this request and response, you can see that the browser first requested a page ‘/’ to the server, the server then responded with a cookie value which is defined by ‘Set-Cookie’. This value is usually very important as many file hosts will check the cookie value before allowing you to download a file.

Writing the plugin

Rapidleech passes the download url as $LINK. But before you request a response, you must parse the url into a few components: Host, port, path and query. You can do that by using:

$Url = parse_url($LINK);

Then, when you get the components of a url, you can request and receive response in this way:

$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : "") ,$Referer , $cookie, $post, 0, $_GET["proxy"],$pauth);

In this case, all headers and body contents will be in the variable $page. Next, you will want to check if there are any cookie values set, you can do that by:

preg_match_all('/Set-Cookie: (.*);/U',$page,$temp);
$cookie = $temp[1];
$cookie = implode(';',$cookie);

All cookies will be saved into $cookie. But you don’t have to do this everytime, you will understand about that later.

Proceeding to download page

So next, if you want to download a file, you will need to click on the download button, right? But how do you do that in Rapidleech? Well, you can emulate a browser receiving clicks. But you will have to see what type is it.

There are basically 2 types of clicks, one is redirection, another is form submittion. Ok, so how do you differentiate it? In zshare, look for this line:

<form name="form1" method="post" action="">
<input name="referer2" type="hidden" id="referer2" value="">
<input name="download" type="hidden" id="download" value="1">
<input name="imageField" type="image" id="imageField" src="/images/download.gif" width="219" height="57" border="0">

Well, it seems obvious that they are using the post method. Form is the signature, the ‘Download Now!’ button you see in the browser is the line with name=”imageField”.

When you see file hosts using post method, you must be extremely careful. You must pass every value of the input. As you can see, there are 3 input tags in this form. But the ones with values are ‘referer2’ and ‘download’, so you must pass these 2 values to the server. Besides, you must also note the form action, see where it is posting to. In zshared, the action is empty, it means it will be posted to the same page. Some file hosts will post the content to other pages, in this case you will need to get the url in the action. You can use the following function to get the url:

$url_action = cut_str($page,'<form method="post" action="','"');

But this will not work on every site, some site might not work with it. For example, zshare will not work. Because, cut_str actually finds the string ‘<form method=”post” action=”‘ exactly, however, in zshare, we have ‘<form name=”form1″ method=”post” action=”‘. Note the difference? So you can just change it to match.

However, if you know RegExp (Regular Expressions), you can use the following function to get the action value:

preg_match('/<form.*method="post" action="(.*)"/U',$page,$url_action);
$url_action = trim($url_action[1]);

Remember to add the second line, the results returned by preg_match is in array.

Both methods work the same but I prefer the RegExp method.

However, in zshared, the action value is empty, so you actually don’t have to care about it. You can just post back to the same url.

So, in order to post some values, we construct an array as below:

$post['referer2'] = '';
$post['download'] = 1;

See that it is important to put fields without values too. Sometimes your plugin might not work just because you miss out this important post value.

Next, we send the post request to the server using the same command as previous:

$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : "") ,$Referer , $cookie, $post, 0, $_GET["proxy"],$pauth);

But this time, you have a referer, which is the download link itself. In zshared, you can ignore it but in some other sites it might be important. In this request, the browser sends the following:

POST /download/57177513735828d7/ HTTP/1.1
Host: www.zshare.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.zshare.net/download/57177513735828d7/
Cookie: sid=ed161d014ec131d4146ab3239892ac45
Content-Type: application/x-www-form-urlencoded
Content-Length: 135


It’s always a good idea to use a tool for analysing headers that are received and sent during a download/upload, such as LiveHTTPHeaders plugin for Firefox, or WireShark if you are more familiar. I personally prefer HTTP Debugger Pro. Some sites also use JavaScript to either set cookies or send information, so when you look at the headers you might wonder where some of them came from (how they got sent or received) – so look in the javascript for things like ‘onClick’ to see if it sets a cookie, or posts information along with the rest of the <form>. Well, if you are familiar with HTML, you might notice. Whenever there is an image input type, you must post the name.X and name.Y values together. But what about the referer2? Well, you can leave that out as that actually should be the page before you reach this download page, which is empty.

So this is the correct post array:

$post['referer2'] = '';
$post['download'] = 1;
$post['imageField.x'] = 90;
$post['imageField.y'] = 35;

Ok, so in the browser, after we clicked the button, there will be a countdown before the link appears. Well, we will need to do that in Rapidleech too since the download won’t be available until the countdown finishes…

Counting down

So, in order to countdown from Rapidleech, we must get how many seconds exactly do we need to countdown first. I have found the countdown value here:


To get the countdown seconds, use the method same as getting the action link:

$countdown = cut_str($page,'|start|link|document|important||here|','|');

Or preg_match(‘/|start|link|document|important||here|(.*)|class|onClick|Click|/’,$page,$countdown);

$countdown = trim($countdown[1]);

So now, $countdown contains the value of time you will need to countdown. In order to let Rapidleech countdown and wait for the download link, use this function:

insert_timer($countnum, "Counting down...");

Well, you can put anything instead of “Counting down…”, just make sure it makes sense to the user.

Retrieving the link and download it

Ok, here comes the difficult part. You will need to know the exact link which points to the file you want to download. zshare seems to make it complicated enough like here:

var link_enc=new Array('h','t','t','p',':','/','/','d','l','0','1','2','.','z','s','h','a','r','e','.','n','e','t','/','d','o','w',

Notice the download link? They are all splitted by “‘,'”, so you know what I mean? So here’s the easy way:

First, get rid of those extras like var link_enc etc:

$dllink = cut_str("var link_enc=new Array('","')");

Then, you just get rid of those “‘,'” to get a valid download link!

$dllink = str_replace("','","",$dllink);

Here’s if you know RegExp:

preg_match('/Array\((.+)\);link/', $page, $dllink);
$dllink = $dllink[1];
$dllink = preg_replace('/\'[, ]?[ ,]?/six', '', $dllink);

The last thing you will have to do, is tell Rapidleech that you have found the download link, and let it download the file. In order to do so, you must parse the download link again first and tell Rapidleech the filename:

$Url = parse_url($dllink);
$FileName = basename($Url["path"]);

Then, pass the url to Rapidleech this way:

$loc = "{$_SERVER['PHP_SELF']}?filename=" . urlencode ( $FileName ) . 
	"&host=" . $Url ["host"] . "&port=" . $Url ["port"] . "&path=" . 
	urlencode ( $Url ["path"] . ($Url ["query"] ? "?" . $Url ["query"] : "") ) . 
	"&referer=" . urlencode ( $Referer ) . "&email=" . ($_GET ["domail"] ? $_GET ["email"] : "") . 
	"&partSize=" . ($_GET ["split"] ? $_GET ["partSize"] : "") . "&method=" . $_GET ["method"] . 
	"&proxy=" . ($_GET ["useproxy"] ? $_GET ["proxy"] : "") . "&saveto=" . $_GET ["path"] . 
	"&link=" . urlencode ( $link ) . ($_GET ["add_comment"] == "on" ? "&comment=" . 
	urlencode ( $_GET ["comment"] ) : "") . $auth . ($pauth ? "&pauth=$pauth" : "") . 
	"&cookie=" . urlencode($cookie) .
	"&post=" . urlencode ( serialize ( $post ) );
insert_location ( $loc );

In some file hosts, you will still need to pass a cookie and some posts in order to download the file, so don’t forget to put it there. Now, if you look into Rapidleech’s plugin, you will see that all insert_location is done in 1 line. This is not really a good practise, I hope that you will follow this way to make the plugin more editable later on.

So, if you have been following closely all the way, you might have written a plugin for yourself already! But if you compare to the original zshare plugin, ther emight be some difference. There are a lot of things not needed in zshare which are taught in this article. But I hope that you are now able to write a plugin yourself.

Sites with captcha

However, in this article, I haven’t been teaching how to write plugins for sites with captchas. Well, zshare doesn’t have captcha but I will show you how to do it when you come up to a site with captchas.

When a site has captcha, you must split the process of downloading the file into 2 steps. So use an ‘if’ statement at the beginning like:

if ($_GET['step'] == 1) {

Inside this ‘if’ statement is step 2. Use the ‘else’ statement for step 1 like:

if ($_GET['step'] == 1) {
	// Step 2
} else {
	// Step 1

In step 1, you must get the captcha and display it to the user and let the user enter the captcha. In step 2, you will post the captcha the user entered to the file host and request the download link.

To get the captcha, you must find the captcha image in a page. There are 2 types of captchas, 1 is static with the link and another is dynamic. Static ones display the same letters and numbers in the captcha no matter how many time you refresh with the image link. The dynamic ones will renew itself each time it is accessed. To identify whether a captcha is dynamic or not, find the captcha’s image link. Like for megaupload, the captcha is static. Because this


is always DVC8, well, it’s expired now but it won’t be so fast when the user retrieves it, so it’s ok to use that link as the captcha image. However, some file hosts change their image everytime you request it. In this case, you can only request it once from the server and save it to the server temporarily and present it to the user. For example, ziddu is a file host which is considered dynamic captcha. You will have to retrieve the url of the captcha image first. In ziddu, you can find the captcha image here:

<img src="/CaptchaSecurityImages.php?width=100&height=38&characters=5" align="absmiddle" id="image" name="image"/>

So you can retrieve it using the technique above. I’m not going to show you once more, if you still don’t know how to retrieve it, you might need to restart all over again. After you got the url of the captcha and saved it into a variable like let’s say $img, we then parse the url to download it and save it as a file:

$Url = parse_url($img);
$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : ""), $LINK, $cook, 0, 0, $_GET["proxy"],$pauth);
$headerend = strpos($page,"\r\n\r\n");
$pass_img = substr($page,$headerend+4);
write_file($download_dir."ziddu_captcha.jpg", $pass_img);
$randnum = rand(10000, 100000);
$img_data = explode("\r\n\r\n", $page);
$header_img = $img_data[0];

In some circumstances, the host will pass some cookie values together with the image, just remember to capture them. So you got the image as files/ziddu_captcha.jpg then you must display it to the user so he/she can enter it.

As I have mentioned above, these types of plugins have two stages, one occur before the captcha and one after it. These two stages does not share the same session so variables are not stored. In order to pass the variables, you must enter it together with the form. Like the ziddu plugin, it appears like this:

print 	"<form method=\"post\" action=\"$PHP_SELF\">$nn";
print	"<b>Please enter code:</b><br>$nn";
print	"<img src=\"{$download_dir}ziddu_captcha.jpg?id=".$randnum."\" >$nn";
print	"<input name=\"link\" value=\"$LINK\" type=\"hidden\">$nn";
print	"<input name=\"referer\" value=\"$referer\" type=\"hidden\">$nn";
print	"<input name=\"flink\" value=\"$flink\" type=\"hidden\">$nn";
print	"<input type=hidden name=id value=$id[1]>$nn";
print	"<input name=\"zd\" value=\"ok\" type=\"hidden\">$nn";
print	"<input name=\"cookie\" value=\"$cook\" type=\"hidden\">$nn";
print	"<input name=\"name\" value=\"$name\" type=\"hidden\">$nn";
print	"<input name=\"fid\" value=\"$fid[1]\" type=\"hidden\">$nn";
print	"<input name=\"tid\" value=\"$tid[1]\" type=\"hidden\">$nn";
print	"<input name=\"fname\" value=\"$fname[1]\" type=\"hidden\">$nn";
print	"<input name=\"securecode\" value=\"$securecode[1]\" type=\"hidden\">$nn";
print	"<input name=\"keyword\" value=\"$keyword[1]\" type=\"hidden\">$nn";
print	"<input name=\"securitycode\" type=\"text\" >";
print	"<input name=\"submit\" value=\"Download\" type=\"submit\"></form>";

Some are the variables retrieved from forms earlier and some are required to let Rapidleech know that is in the next stage. Below is a checklist that you should always not forget to put together with this form:

  1. First and foremost, the captcha image and the field
  2. Next, it’s important to put an input element with the name ‘link’ and the exact value that is entered by the user, this ensures that Rapidleech will later come back to this specific plugin
  3. A variable to let the plugin know that it is entering the next stage. In ziddu, we have ziddu=”ok”.
  4. POST values that may be passed to the host.

Next, when the user enters the captcha and submits the form, it is our time to submit the results to the file host.

Submitting the captcha

We need to know that we are now entering this after captcha stage. So you must see this in the code:

if ($_POST['zd'] == 'ok') {

In this stage, we must capture all values which are posted from the previous stage, although some are not needed. When we get those values, we can post them to the file host. In zshare, the download will be initiated once you post the captcha. So we collect the variables passed:

$post = Array();
$post["fid"] = $_POST['fid'];
$post["tid"] = $_POST['tid'];
$post["securitycode"] = $_POST['securitycode'];
$post["fname"] = $_POST['fname'];
$post["securecode"] = $_POST['securecode'];
$post["Keyword"] = 'Ok';
$post["submit"] = 'Download';
$cookie = $_POST['cookie'];
$Referer = $_POST["referer"];
$Href = $_POST["flink"];
$FileName = $_POST["name"];
$Url = parse_url($Href);

Make sure to capture cookie, referer and the download link, determine the filename and off we go posting it!


Writing a plugin for a file host is a very flexible thing. Process written here is not necessary followed and you will have to twist your mind to follow the file host not this tutorial. Besides, file host love to always change their script to break our plugins as a present, so the most important is that you frequently check. Users will report, but it is always good to fix before any reports turn up, isn’t it?

Things to remember

Below is a list of things to remember:

  1. File host change their script frequently to break our plugin, don’t forget to fix.
  2. Always remember to check for cookies and hidden input elements when posting forms.
  3. Don’t leave out the referrer when redirecting or posting form.
  4. If you encounter some problems and want to debug so that you know what Rapidleech is receiving instead of what you’re seeing in the browser, use this line:
    echo "<pre>";var_dump(nl2br(htmlentities($page)));echo "</pre>";exit;

    This will print out the html source of the page Rapidleech is receiving.

  5. You can also use this link to find out if your regular expression is working or not!
  6. Last but not least, if you still can’t find where the problem is, you can request help in the forum! Provide a valid link to the file host you’re trying to write the plugin for, and state what you have done and what kind of problems you are facing. The community is always ready to help!

How to Write an Upload Plugin For Rapidleech

Before teaching you how to really write a plugin, I must explain the way Rapidleech works, you can see this if you read the Rapidleech Download Plugin Tutorial. If however, you already understand, you can skip it.

Categorised Upload Stages

The main stages in getting Rapidleech to upload a file to a site are (btw these are what we need to make the Rapidleech script do itself):

  1. Log in to the target site
  2. Grab any cookies sent back from the server
  3. Navigate to (=load) the upload page of the target site using the login cookies we just got earlier
  4. Get the target upload url and perhaps a random id from the upload form using the cut_str() function, or you can use preg_match()
  5. Use these login cookies and/or upload id together for the file upload if required – they may or may not be needed for uploading depending on how the uploader works

Always remember, Rapidleech acts like a browser does, in that it ‘imitates’ what a normal user does when logging in to a site, clicking the login / upload buttons etc.

Logging In with HTTP Debugger

Login via browser (to see headers)

So we first get Rapidleech to login to the target site and load the cookies that are sent back.

Simply load up HTTP Debugger or your HTTP header catcher of choice, and then login to FileFactory in your browser. Make sure you are on the login page, or can see a login form where you can enter your user and pass, and then clear your cookies. We do this to make sure no session cookies were already set when we initially loaded the login page. Input your login and pass, and click on Login. In your HTTP debugger you should see the postdata:


As you can see the postdata got urlencoded before it was posted (sent) to the server, that’s why you can see the %40 instead of an @ symbol.

Analysing the Header Response Code

The server’s response to this post is a 302 Found, and a cookie is set:

HTTP/1.1 302 Found
Date: Tue, 31 Mar 2009 16:09:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Set-Cookie: ff_membership=xLjW0ueLtA4IdfYHy%2F7imBhYGl0eV%2FwUNE4bw5FPzoGYgPVERneUMr6TSVSvMLWc%2v9ZVXQwBr%2BLI7ZIp1CiUSJB9VJSb3h%2FeE1gSvigoNfs4m92WxfhruNqoQuAKbpc5pb9AxYSRYRE%3D; expires=Thu, 30-Apr-2009 16:09:17 GMT; path=/; domain=.filefactory.com
Location: /?login=1
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/html

As you can see, it tells us the new location is /?login=1 so that’s where we basically point Rapidleech. You can see it easier if you look at the filefactory.com_member.php file in the uploads/ folder.

Logging In with Rapidleech

Log In to Filefactory

First, login to filefactory with RL:

$post = array();
$post['email'] = trim($_REQUEST['my_login']);
$post['password'] = trim($_REQUEST['my_pass']);
$post['redirect'] = '/';
$page = geturl("www.filefactory.com", 80, "/", 0, 0, $post, 0, $_GET["proxy"], $pauth);
is_notpresent($page, 'HTTP/1.1 302 Found', 'Error logging in - are your logins correct?');

Storing the Login Cookies

Next, grab all the cookies the server sent us. We preg_match the ff_membership cookie to see if it was sent, and if it is missing we know there was an error so we return our own custom html error with the html_error() function.

$cook = GetCookies($page,true);
$cookie = @implode("; ",$cook);
if (!preg_match('%(ff_membership=.+); expires%', $cookie, $lcook)) html_error('Error getting login-cookie');

Log in again (with login cookies)

Now we can login to the site using the cookie we just got, and the upload form is on the page we’re getting:

$page = geturl("www.filefactory.com", 80, "/?login=1", 0, $lcook[1], 0, 0, $_GET["proxy"], $pauth);
is_notpresent($page, 'You have been logged in as', 'Error logging in - are your logins correct?');

Retrieving the Upload Url

Analysing the upload form

As is the case with downloading, for uploading you basically send some content to the server at some pre-defined address. If you look at the upload form on a website, you will see a form:

<form accept-charset="UTF-8" id="uploader" action="http://ul016.filefactory.com/upload.php" method="post" enctype="multipart/form-data">
<div id="uploaderHeader">
<input type="hidden" name="redirect" value="1" />
<input type="hidden" name="enabled" value="1" />
<!-- Add Files -->
<div id="addFiles" class="selector">
	<h1>Upload, download and share any file for free!</h1>
		<div class="flashUpload">
		<input type="text" id="uploadInput" disabled="" />
		<button id="uploadAdd" type="button" disabled="">Browse...</button>
		<div id="flashContainer">
			<p id="uploadBlurb">Upload up to 25 files of any type, under 300MB each.</p>
	<div class="httpUpload">
		<input type="file" name="file" id="fileOne" />
		<p>Upload a single file in basic mode. Up to 300MB of any file type.</p>
			<!-- Files -->
<div id="fileQueue">
	<div id="uploadContainer"></div>
<div id="uploadFooter">		
<!-- Folder -->
<div id="uploadOptions" class="selector">
<p>Upload files to</p>
	<select class="tree new" name="folderID" id="folderTree">
	<option style="padding-left: 26px; background-position: 5px 50%;" class="level-0" value="0">Default</option>
        <option style="padding-left: 26px; background-position: 5px 50%;" class="level-0" value="d476e2581ca80dea">100 in 1 portables (JS)</option>
        <option style="padding-left: 26px; background-position: 5px 50%;" class="level-0" value="b183535d453b725f">2007 songs</option>
	<option style="padding-left: 26px; background-position: 5px 50%;" class="level-0" value="a1b99b65e2e8f911">2008 Tamil all Songs</option>
	<option style="padding-left: 26px; background-position: 5px 50%;" class="level-0" value="163961a1477e888f">2008 Tamil Single Link Songs</option>
	<option style="padding-left: 26px; background-position: 5px 50%;" class="level-0" value="8ce0f8404af022c9">All Documentaries (JS)</option>
	<option style="padding-left: 26px; background-position: 5px 50%;" class="level-0" value="51caa465435076c5">All English Movies (JS)</option>
....more options....</select></div></div>				
			<!-- Buttons -->
			<div id="uploadControls">
				<div class="flashUpload">
					<a href="#" id="switchHTTP">Switch to basic uploader</a>
					<button id="uploadStart" type="button" disabled="disabled">Upload Files</button>
					<button id="uploadCancel" type="button" disabled="disabled">Cancel All</button>
				<div class="httpUpload">
					<a href="#" id="switchFlash">Switch to advanced uploader</a>	
					<button id="uploadOne" type="submit">Upload File</button>

Ok, so that form is pretty big..but it doesn’t matter, depending on what folders you set up in Filefactory, you’ll only see them in the options dropdown (the <select> tag).

The action url ‘http://ul016….’ is dynamically generated, because filefactory has more than one upload server, that’s why we have to cut it out and use the one they give at upload-time, rather than use the same one all the time! – you can be sure that if we did use the same one all the time, that server would become very loaded and probably fail eventually.

Storing the upload url

The good thing is, all you usually need to realise is the

<form accept-charset="UTF-8" id="uploader" action="http://ul016.filefactory.com/upload.php" method="post" enctype="multipart/form-data">

part, because the action url is where the filedata is posted to. In php, we can use the cut_str() function in Rapidleech to get the action value into a string:

$upload_form = cut_str($page, '<form accept-charset="UTF-8" id="uploader" action="', '"');
//Check if the url was found otherwise return an error to let us know
if (!$url = parse_url($upload_form)) html_error('Error getting upload url');

Analysing the upload headers

Before you do anything else, you should grab HTTP Debugger Pro (or whatever you prefer using), then try uploading a file to the site in question so we can see what headers were sent along. You’ll be glad to know that in most cases, all you ever need is what’s posted via the upload form when you look at it via http debugger, because most of the other ‘stuff’ you see in the upload forms of a site is not necessary to be sent along with the file data. only some very basic stuff is needed.

So here we go – load up HTTP Debugger or whatever http header catcher you like, and upload a file to the server in your browser. You’ll see it send a POST request to the url http://ul016.filefactory.com/upload.php, plus it will send some cookies along too (take a look at the ‘Request Content’ tab in HTTP debugger).

A sample upload postdata stream would look like this:

POST /upload.php HTTP/1.1
Accept: text/*
Content-Type: multipart/form-data; boundary=----------ae0GI3cH2KM7gL6ae0cH2KM7KM7Ij5
User-Agent: Shockwave Flash
Host: ul020.filefactory.com
Content-Length: 285429
Connection: Keep-Alive
Cache-Control: no-cache

Content-Disposition: form-data; name="Filename"

Content-Disposition: form-data; name="cookie"

Content-Disposition: form-data; name="folderViewhash"

Content-Disposition: form-data; name="Filedata"; filename="36.zip"
Content-Type: application/octet-stream

Content-Disposition: form-data; name="Upload"

Submit Query

The ‘funny symbols’ you see above are just the raw binary data of the file that is posted above and what I posted is a very small amount of what would be there normally. From this postdata stream, you can build your post array in the Rapidleech plugin script.

$fpost = array();
$fpost['Filename'] = $lname;
//Filefactory needs the ff_membership cookie it sent you when you logged in, so it knows who owns the files you are posting with Rapidleech! :)
$fpost['cookie'] = urldecode(str_replace('ff_membership=', '', $lcook[1]));
//this is the folder we want to put the files in, just leaving it as 0 is ok as the files will be uploaded to the 'Default' filefactory account folder)
$fpost['folderViewhash'] = '0';
$fpost['Upload'] = 'Submit+Query';


Uploading the file

Now, we have all the necessary data so we can upload the file. You will need to find the fieldname in the request content that is sent and set that as the fieldname in the upload function, upfile(). It’s usually the one that contains the filename, followed by “Content-Type: application/octet-stream” – in this case, ‘Filedata’:

Content-Disposition: form-data; name="Filedata"; filename="36.zip"
Content-Type: application/octet-stream

Now upload the file:

$upfiles = upfile($url["host"],$url["port"] ? $url["port"] : 80, $url["path"].($url["query"] ? "?".$url["query"] : ""), $upload_form, 0, $fpost, $lfile, $lname, "Filedata");

NOTE: You do have to be careful with how you pass cookies and post arrays along to servers, as you can see above we had to urldecode() the ff_membership cookie, because if you pass it already urlencoded (where is has all %21%22%23 for special characters and so on) then the upload will fail; you can see it ‘not urlencoded’ if you look at the post request in your http debugger, so that’s how we know to urldecode it.

Analysing The Upload Response

Ok, so now we have uploaded the file successfully, the server will return a response into the $upfiles variable. In most sites cases it could be a page returned that gives a download and/or delete link, or it could be a new location: where we have to pass some parameters. You would know this if you use your HTTP catcher to see what the exact case is, because once you know, making Rapidleech do it is the easy part.

We look for the upload response with this code. In filefactory’s case, the usual response is a 7-character string, such as ‘af81ce3’. We check for that string with preg_match(), but if we can’t find it maybe the file wasn’t uploaded.

if (!preg_match('%\r\n\r\n([a-z0-9]{7})$%', $upfiles, $curi)) html_error('Couldn\'t get the download link, but the file might have been uploaded to your account ok');
$completeurl = 'http://www.filefactory.com/file/complete.php/' . $curi[1] . '/';

Retrieving the completion URL

We then tell Rapidleech to request the completed url with the id string attached (the $completeurl). So parse out the completed url, and download it with Rapidleech using the login cookie we got earlier ($lcook[1]) into the $page variable:

$Url = parse_url($completeurl);
$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : ""), 0, $lcook[1], 0, 0, $_GET["proxy"], $pauth);
is_notpresent($page, 'Upload Complete', 'Error getting download link - The upload probably failed');

Storing the download / delete links

From there, we can get the download link that is returned on the $page. We also have to trim() it because there was space around the download link we want to get rid of after we cut it out. We call the download link $download_link as that’s what is written in the upload php to be added to some html files to record our links for uploads (done automatically).

$download_link = trim(cut_str($page, '<div class="metadata">', '</div>'));

Upload Template

Here’s a nice template you can use to start from, when creating upload plugins. It has most of the necessary html and php, you can be inventive and swap/create new functions yourself if needed, and there’s some descriptions of how and when you’d normally use each function.

//Input your <site> username and password
$site_login = 'username';
$site_pass = 'password';
if ($site_login & $site_pass)
	$_REQUEST['my_login'] = $site_login;
	$_REQUEST['my_pass'] = $site_pass;
	$_REQUEST['action'] = "FORM";
	echo "<center><b>Use Default login/pass...</b></center>\n";
if ($_REQUEST['action'] == "FORM")
	echo <<<EOF
<div id=login width=100% align=center>Login to Site</div>
<table border=0 style="width:350px;" cellspacing=0 align=center>
	<form method=post>
		<input type=hidden name=action value='FORM' />
		<tr><td nowrap>&nbsp;Username*</td><td>&nbsp;<input type=text name=my_login value='' style="width:160px;" />&nbsp;</td></tr>
		<tr><td nowrap>&nbsp;Password*</td><td>&nbsp;<input type=password name=my_pass value='' style="width:160px;" />&nbsp;</td></tr>
		<tr><td colspan=2 align=center><input type=submit value='Upload'></td></tr>
if ($continue_up)
	$not_done = false;
	if ( empty($_REQUEST['my_login']) || empty($_REQUEST['my_pass']) ) html_error('No user and pass given', 0);
	echo "<script>document.getElementById('login').style.display='none';</script>";
//////////////////////////		EDIT FROM HERE DOWN		///////////////////////////////////////
	//Other post values Rapidleech might need to login to the site, such as submit-button values and so on
	$post['submit.x'] = rand(0, 100);
	$post['submit.y'] = rand(0, 50);
	$post['submit'] = 'submit';
	//The login page that the postdata above is posted to when we click the login submission button 
	$Url = parse_url('http://www.site.tld/login');
	//Login to the site and return the result into $page (the result will be what we'd see if we logged in via our browser!)
	//It's important to use this particular line in full when requesting a resource, as it will support using a proxy if that data is passed, even a proxy login/password can be sent
	$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : ""), 0, 0, $post, 0, $_GET["proxy"], $pauth);
	//checks for global errors
	//check if any text should/shouldn't exist after login, otherwise quit with an error (might need one or more of these)
	is_present($page, 'Wrong user/pass', 'Error logging into the website');
	is_notpresent($page, 'You are logged in!', 'Error logging into the website');
	//since $page returns the header as well as the page content, we search for any 'Set-Cookie' headers and load them into $cookies with the GetCookies function
	$cookies = GetCookies($page);
	//we might need to cut out different session cookie strings depending on how the site uses the values in future requests, you'll understand if you look at the uploading stages. the preg_matches below are just examples, they might not apply to all sites, so don't expect them to work with every site!
	//once we know if a particular cookie should exist, it's a good idea to do some basic error checking; instead of just preg_matching we can do an if (preg_match) and die with a custom error if it wasn't found
	//do some various manipulation of the cookies depending on what's required
	<!-- now get rid of the login div -->
	echo <<<EOF
	<div id=info width=100% align=center>Retrieve upload ID</div>
	//set the page wherever the actual upload form is, it's usually the index page when logged in or not, or it could be [url="http://<span%20style="]http://site.tld/upload[/url] etc. You will know where if you use a http debugger and upload a file to the site
	$Url = parse_url('http://site.tld/upload/');
	//obviously we need to request (download) the upload page into $page and see some values that we will need for the upload. We will generally need to pass along a cookie string which we grabbed earlier when we logged in! ($cookie_string)
	$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : ""), 0, $cookie_string, 0, 0, $_GET["proxy"], $pauth);
	//ok let's look at the $page and get the variables we need, again how do I know what they are? Simply, I saw them passed to the upload script on the site when I used http debugger!, e.g.:
	if (!preg_match('/UPLOAD_IDENTIFIER = \"(.*)\";/i', $page, $upload_identifier_array)) html_error('The upload identifier was not found!', 0);
	//Generally speaking any upload host doesn't like everyone using the one server for uploading, they usually provide a mirror e.g. ul078.site.tld which can be found in the upload form, e.g.:
	if (!preg_match('/upload_mirror_path = \"(.*)\";/i', $page, $upload_mirror_path_array)) html_error('The upload url was not found!', 0);
	//again, manipulate the found values however needed depending on what is required for the upload. This is just an example for if the site uses a particular port - you can probably find how to do this a quicker way!
	$upload_identifier = $upload_identifier_array[1];
	$upload_mirror_path = $upload_mirror_path_array[1];
	$upload_url_parse = parse_url($upload_mirror_path);
	$main_upload_url = 'http://'.$upload_url_parse['host'].':'.$upload_url_parse['port'].'/';
	$Url = parse_url($main_upload_url);
	//it may be necessary to download the target upload url first to get some extra ids and so on. If you don't need it, then don't use it!, e.g.:
	$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : ""), 0, $upload_cookie, 0, 0, $_GET["proxy"], $pauth);
	if (!preg_match('/startUpload\(\"([a-z0-9]{32})\"/i', $page, $upload_ids)) html_error('No upload ids found');
	$upload_id = $upload_ids[1];
	//ok so let's say we needed an id in this case so we append it how the upload site likes it appended! our $action_url will be our final upload page where we send the file to
	$action_url = $main_upload_url.'?upload_id='.$upload_id;
	$url = parse_url($action_url);
	//of course we can't just post the file alone, the site might want some juicy postdata so it knows who we are (e.g. what account we're uploading to). in fact, the site might want either a cookie, or a postdata value, or both!!
	$post = array();
	$post['desc'] = '';
	$post['TOS'] = '1';
	//let's get the file upload, and return the result (what the site sends back after we send the file) into the var $upfiles. Don't forget to send the $cookie_string and/or $post! Last but not least we need a form value, here we use 'file' for the fileform. It's a value you will see sent along with the file in your http debugger.
	$upfiles = upfile($url["host"],$url["port"] ? $url["port"] : 80, $url["path"].($url["query"] ? "?".$url["query"] : ""), $uploadpage, $cookie_string, $post, $lfile, $lname, "file");
	//global error check of $upfiles
	//check if some stuff we expected to was returned
	is_present($page, 'upload failed', 'File upload failed!');
	is_notpresent($page, 'upload done etc etc etc', 'File upload failed!');
	//now we usually get returned a value of where the site gets the download/delete links and so on. you can see where in HTTP debugger of course, so you'll generally know how and where to look - here's an example:
	$info_url = $main_upload_url.'/index2.php?upload_id='.$upload_id.'&f_id='.$lname.'&descr=';
	$Url = parse_url($info_url);
	//note here that even when getting the completion page we might need to send our login cookie also, be careful
	$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : ""), 0, $cookie_string, 0, 0, $_GET["proxy"], $pauth);
	//see if the site sends us elsewhere, depends how the site works, so you might not need to bother!
	preg_match('/ocation: (.+)\r\n/', $page, $infos);
	$info_page = $infos[1];
	$Url = parse_url($info_page);
	//download the final upload information page and preg_match() or cut_str() the desired values from it - again, this is just an example!
	$page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"].($Url["query"] ? "?".$Url["query"] : ""), 0, $cookie_string, 0, 0, $_GET["proxy"], $pauth);
	if (!preg_match('/value=\"(http:\/\/www.zshare.net\/download\/.*\/)\" size=/i', $page, $glink)) html_error('No download link found!', 0);
	if (!preg_match('/value=\"(http:\/\/www.zshare.net\/delete.html\?.*)\" size=/i', $page, $dlink)); html_error('No delete link found!', 0);
	//the upload.php needs to know a few variables so it can write them to html files or myuploads.txt, obviously you can only use ones if the upload site returns them, e.g.:
	$download_link = $glink[1];
	$delete_link = $dlink[1];
	//others which you might need are:
	$stat_link, $adm_link, $user_id, $ftp_uplink, $access_pass;
Leave a Replay
Page Navigation
Sign up for our Newsletter

Your privacy is 100% protected