A few people asked what the difference was between this and XUI.one, it's basically exactly the same software with a new theme.
Oh and this too:
XUI Admin:
- Rewritten entirely with security in mind, the entire interface sits behind an Access Code system which uses secure codes to ensure nobody can access the service without a valid URL.
- Every query has been rewritten to use PDO, completely removing any possibility of MySQL injection thanks to prepared queries.
- Every page has been rewritten, with all the POST functions being moved from the individual page into a dedicated post handler which accepts AJAX queries to ensure data you've input isn't lost if the query fails or there are validation issues with the data input.
- System uses JavaScript based navigation to quickly and smoothly transition between pages, the system is snappy and doesn't reload assets between pages, the page data is instead sideloaded and the content is replaced with a fading animation.
- New flat interface with customisable header themes, every table has been modified to better display content with emphasis on readability, ease of use and quality of life. Mobile compatibility is far improved and a topbar drop-down makes navigation between related pages easy and intuitive.
- Header statistics shows you important stats at all times, visible on any page.
- Revamped dashboard actively scans your system for any potential issues and displays them in an easy to read table so they can be individually addressed. New Server Information blocks show server stats in a user friendly way and the data can be filtered to an individual server using the drop-down menu.
- Process Monitor scans your live streams to show the amount of memory each is using in terms of actual filesize of segments, allowing you to identify troublesome streams that are eating your RAM.
- Each page has been benchmarked for speed, allowing your service to have a million lines without becoming slow and cumbersome, searching is much faster and filtering is more advanced. Items on the page are reloaded via AJAX to give you information updates while you navigate without affecting the user experience.
- Multiple categories have been integrated to allow streams, movies etc to be shown by the API in multiple places.
- Built in player is faster, and allows timeshift content to be viewed from the admin interface.
- EPG API browser built-in to search for whichever streams you desire.
- No line required to playback content in the admin interface, a secure token based system is used instead.
- Import & Review system allows M3U's to be imported for streams and movies, with the ability to check through each individual import and allocate bouquets, categories, EPG etc in an easy to use manner.
- WHOIS system built in, using GeoISP and GeoIP2 to show comprehensive data on any IP accessing your system.
- Mass Stream Review allows you to change the title, categories, bouquets and EPG of streams you already have in your system at the same time without individually editing them. EPG guessing takes the hard work out of it by matching your existing streams to the EPG API, including language guessing too.
- Import Series by M3U or folder, pushing all extracted items through the Watch Folder system and allowing them to be added to existing series or be created as new series at the same time.
- Channel ordering, bouquet ordering etc have been much improved to make it easier to manage your content.
- Caching and Redis services can be monitored and managed from the admin panel to ensure your service is running smoothly and without issues.
- New automated server installation shows you line by line progress, allowing installation of proxies too.
- New MAG and Enigma device creation pages, ability to clear or modify device lock, much cleaner and doesn't rely on lines page.
- Migration tool takes your existing XC or StreamCreed based service and migrates any compatible data over to XUI to get you online as quick as possible.
- Settings page is adorned with hundreds more security settings, giving you fine control of every new addition and allowing you to adjust your security and streaming settings to suit you. Automatic log deletion, mag settings and API preferences can be modified here too.
- Hundreds of features added to make managing your service easier, with Mass Edit expanded to MAG and Enigma devices, an ASN blocking system allowing you to turn off access to individual ISP's or server companies, a stream provider watching system that shows you your active connections to each of your stream providers and allows you to add them to your service with a click of a button, advanced transcoding profiles inclusive of multiple GPU transcoding (NVENC), quick tools that give you many options to quickly make mass changes to your service, restream detection and VOD theft detection logging, stream ranking to see which of your streams are viewed the most, automated backups to DropBox and much more.
- Export as CSV button allows you to export any data from any table that access the Table API.
XUI Reseller:
- Rewritten completely from scratch to use all the admin interface pages.
- Create subresellers of subresellers infinitely, no limit to how many layers deep you can go.
- Incompatible Package detection verifies current line package against the selected package to ensure resellers can't scam you by creating a line with 12 months and 1 connection then extending it by 1 month using a package that has 5 connections. The system will adjust the expiration date from today instead as the packages aren't compatible.
- Ability to allow resellers to adjust restrictions such as IP, useragent, ISP lock etc.
- Mobile friendly interface.
- View credit spend history, live connections and activity logs, with ability to kill connections of their lines.
- User friendly content view that only shows streams the reseller has package access to, ability to see how many of their clients are connected to any stream and kick their clients off a stream if they wish, full control as opposed to the limited nature of Xtream UI reseller system.
XUI Core:
- Rewritten core from the ground up, with XC source code as the reference to ensure compatibility and stability by improving on an already proven design. Any known vulnerabilities for XC were patched out during this long and painful process.
- Advanced multithreaded caching system stores all lines and streams in memory for instant access without using mysql, cache is updated via a Cron that checks changes between the files and database and also updated on request when a line or stream is edited and saved. The caching system allows every client facing PHP file to be significantly faster and perform all or most of its functionality without ever touching mysql.
- MySQL bruteforce prevention scans break in attempts in the background, if someone tries to access your mysql server more than 10 times with the wrong credentials they get IP banned. You are constantly being attacked by bots, the nature of the internet.
- Smart status and tools CLI scripts allow you to check your servers for issues, generate a rescue user or access code, restore database or clean a database back to default without accessing the user interface.
- Automatic SSL certificate generation for main and load balancers.
- Custom binaries built by myself, with the latest version of FFMPEG (4.4) supported, as well as v4.3 and v4.0 packaged for optional use. PHP 7.2.32 and 7.4.10 prepackaged as well as the latest NGINX 1.21.0 with security patches. You can customise the PHP and ffmpeg versions used by editing settings to suit your preference.
- Custom built PHP extension to handle database connection, so once your credentials are encrypted they are impossible to decrypt. This extension also handles EPG API requests, licensing, backups and restoring database.
- Refined custom sysctl.conf for optimal Linux settings.
- Automatic crash detection restarts PHP services if an unrecoverable error is detected.
- Ability to disable tmpfs to allow stream delivery from NVMe drives.
- Smart queuing system allows movies, episodes and created channels to be queued or processed multithreaded but limited to a set amount at one time, rather than the previous method which is all at once resulting in 100% CPU usage. VOD deletion is also queued to ensure thousands of threads can't be activated at once.
- Private IP communication built in to use the internal network to deliver streams between load balancers.
Connection Authentication System:
- Caching allows main server connections to not use MySQL at all, significantly reducing server load and increasing zap time especially when server is under load.
- AES encrypted tokens when redirecting to load balancers, cannot be bruteforced and fixes an exploit in XC where the streaming password can be determined from the XOR'd token and new tokens can then be generated bypassing authentication.
- Connection status is monitored to ensure a connection is properly closed when a user disconnects. Some connections would get stuck in limbo otherwise with the PID running in the background and not closing.
- Stream ID and Username / Password combination are checked against cache system before any XUI functions are loaded, so if the check fails the connection can be aborted much faster with much less CPU and memory used.
- Lines can attributed a hex token to access streams without username / password combo.
- HMAC system allows external services to access streams without requiring a username and password, by generating a token using hash_hmac you can control access per IP, limit connections and set expiration date.
- Ability to block streaming servers or proxies with a flick of a switch, built in database of CIDR's that the incoming IP is matched against for accurate results.
- Built-in restream detection, XUI to XUI connections are secured and will block connections if the incoming user is trying to restream from XUI but isn't a restreamer on the service. XC / SC to XUI is secured by verifying the IP against CIDR's to see if the incoming IP is a streaming server. Optional of course.
- Debug system generates useful HTML based errors that can be used to debug why things aren't working as you'd expect, such as line has been disabled, user-country isn't allowed, ISP lock failed.
- Video can be shown to clients when their line is due to expire, shown once a day until the line expires or renews.
- Advanced bruteforce protection, outside of flood protection, will ban users who try multiple username / password combinations that don't relate to eachother without successfully logging in. Massive improvement in security as IP's are banned so quickly an attacker will never bruteforce a valid line.
- Incoming probe from XUI based services will be directed to the Probe API which delivers cached stream information in a JSON array instead of requiring the service to probe the actual stream itself, which would use a connection for the period of time the stream is being probed. It's also a lot faster and improves the start time of streams.
Live Streaming:
- On-Demand time is significantly faster than XC, using low-latency on-demand with MPEGTS and a better delivery system with HLS.
- On-Demand Instant-Off allows for On-Demand streams to immediately turn off when the last watching client disconnects, flicking between multiple On-Demand streams will therefore use less of your provider connections as they'll be switched off immediately.
- Adaptive Link allows streams to be chained together, for example chaining Sky News FHD, HD and SD together to deliver adaptive HLS to a client, where their internet speed will be the deciding factor in which stream is played back.
- Down, Banned, Expired videos etc are load balanced and not just delivered from main server.
- Redis integration allows communication with main server without using MySQL at all, when combined with very large streaming services it can significantly reduce CPU usage by removing the MySQL reliance.
- AES encryption allows HLS to be delivered to the client fully encrypted without requiring SSL.
- Significant improvements in connection handling to avoid leaked lines, also employing a smarter connection closing system that prioritises similar connections so when a client decides to flick between several channels, it doesn't close the line of other devices also watching on the same line (as the default would be oldest connection closes first).
- Delivery of prebuffer to restreamers on request allowing their streams to connect much faster while maintaining the global prebuffer value for better latency-to-live.
- Fingerprint verified codec of stream and matches it, allowing it to work with HEVC and MPEG2 for example. Also works with HLS, which was never implemented in XC.
- HLS segments don't connect to MySQL or load any XUI functions, improving connection time and reducing CPU usage.
- Thumbnails can be enabled per stream, allowing clients to download a screenshot of the stream live (generated every 5 seconds).
Timeshift:
- HLS segments don't connect to MySQL or load any XUI functions, improving connection time and reducing CPU usage.
- Theft prevention is enabled by default so your timeshift content will start limiting speed delivery after a set percentage similar to VOD.
VOD:
- Unique ID is generated for each connection so it can be tracked, when seeking the UUID is used to reconnect the new PID to the existing line so the live connection time is accurate and not reset to zero.
- Rewritten VOD protection system that limits download speed once a percentage of the file has been delivered to the client, protecting your VOD from leeching while also providing enough buffer to the client to avoid buffering.
- Embedded subtitles are automatically extracted from each file and can then be requested via the player API, also works with the XUI Web Player (the only web player that can use subtitles).
RTMP:
- Secured RTMP with user-generated passwords to avoid IP address spoofing that's possible with XC / SC.
- Included RTMP monitor to audit incoming and outgoing RTMP connections.
EPG:
- Existing XMLTV based platform rewritten to allow for XML streaming of large files, significantly reducing CPU usage while generating the EPG database, as well as a smart caching system that uses bouquets to determine which channels should be delivered in the XMLTV output file and pre-generating it so it's available for clients on-demand rather than generating a compatible file on every request.
- Integrated EPG API delivered directly by
XUI.one, inclusive of nearly 50,000 channels from all over the world with 14 day full EPG updated daily. 38,000 of these channels have logos that can be used by your service.
- Automatic EPG matching in the XUI Admin Interface, inclusive if language extraction and guessing, as well a full and quick search system.
- XMLTV download restriction per line to ensure a single line can't DDOS your service by downloading the EPG over and over at full speed.
Playlists:
- Playlist streaming allows the playlist file to be delivered as it is being generated, removing the long delay before a playlist starts downloading for the client as well as saving a significant amount of RAM as only a single stream line is stored in memory before being delivered to the client.
- Caching allows for a generated playlist to be stored on the system for a pre-determined amount of time then delivered to the client if requested again, saving the CPU usage that would be used regenerating a playlist that already exists.
- Playlists can be encrypted with AES so if all streams or a single stream is leaked, the username and password for the line are safe.
- Key output allows playlists to be generated with only the requested type, such as Live TV, Movies or just Radio Stations. Keys can be chained to output multiple types.
Player API:
- Fully rewritten, however backwards compatible with XC apps with all output compared 1:1 with XC to ensure output is compatible.
- Caching allows the entire API to only require MySQL connection when EPG is requested, meaning 99% of requests will be use caching only and execute much faster.
- Legacy Panel API built in to allow old apps to function.
- Newer XUI functionality incorporated with the legacy API commands, such as multiple categories, thumbnails, subtitles etc.
- Order of streams can be changed via Settings, including sorting movies and episodes by date added descending.
- Due to caching, can handle 100x more requests than XC API without crippling server.
- Includes the same bruteforce prevention that is used on live connections.
Proxy System:
- Built in proxy system allows servers to be installed from the Admin Panel that then attach to your load balancers, allowing streams to be delivered to clients from the proxies themselves, fully load balanced and trackable via Live Connections and Activity Logs.
MAG Portal:
- Completely rewritten from the ground up, every function is new. XC portal was poorly written, used far too much CPU and when requesting a list of streams loaded EVERY stream into an array and sliced 14 results from it. XUI portal just gets the 14 results it needs without loading everything.
- New authentication system which will block invalid connections and scripts attempting to bruteforce MAC's. Caching allows the MAG data to synced to an ongoing connection so two cannot be used at the same time and MySQL is only needed for authentication on the first connection made.
- Bruteforce prevention system blocks bruteforce attempts by detecting MAC address changes on a single IP. It basically can't be bruteforced.
- All stream URL's are AES encrypted and the username and password cannot be determined. Securing the line if bruteforce magically succeeds.
- MAG users cannot generated M3U playlists, securing them if bruteforce magically succeeds.
- Brand new Modern Theme exclusive to XUI, created by myself, much cleaner and faster design with searching on Streams too.
- Client can switch between Modern and Legacy theme from within the portal itself.
- SSL can be disabled for MAG's only, allowing old devices that don't support SSL protocols to work.
Watch Folder:
- Rewritten for speed, now roughly 100x faster than the original if you decide to let it have full access to your CPU as it’s multithreaded. You can tune the settings for the best balance of speed and performance.
- Distributed load means watch folder runs on the load balancer the files exist on, allowing multiple servers to be running watch folder at the same time without affecting the main server.
- Improved title detection algorithm, more settings and better error logging.
- Adds to multiple categories.
- Ability to probe files with ffmpeg to ensure they are complete and able to be played.
- Rclone integration for cloud mounts.
- Metadata extraction from files to better determine title and year.
- Advanced duplicate detection.
- Upgrade detection, will monitor bitrate of existing files and will prioritise higher quality if it finds new files that match the TMDb ID of the old ones.
- TMDb Language override.
- UTF-8 support for foreign titles.
Plex Sync:
- Brand new alternative to Watch Folder, synchronise your VOD with one or more Plex servers, connect up, select a library, map your categories and your library will sync to your service with all metadata extracted directly from Plex.
- Incredibly fast and accurate due to using Plex's own scanners, maps files using their original filename and integrates upgrade detection as with watch folder.
XUI Web Player (sold separately):
- Fully responsive web based player that integrates directly into XUI, but also allows backwards compatibility with both Xtream Codes and StreamCreed, can be used on the server hosting the streaming software or hosted externally.
- Integrated with TMDb to deliver posters, backdrops and information from TMDb directly, as well as use the information provided to find similar movies to what is being watched.
- Full EPG system shows what is airing currently, with full lookahead and timeshift options integrated. Similar to what you'd see in an Android App as opposed to the currently available web players which feel antiquated in comparison.
- Paginated to deliver content quickly, search system scans all movies, series, live TV and even currently airing programmes to find what is required.
- Works with MP4 and MKV streams, H264 with AAC (codecs limited by the web browser itself), subtitles are automatically extracted from movies and episodes when used with XUI, and are then sideloaded when watching a movie with the built in player.
- User Profile allows playlists to be exported, as well as modifying the order that bouquets are in, allowing channel ordering to be changed.
Admin API:
- 180+ API functions that allow you to do almost anything that the admin interface can do, documentation is in progress but basic information is available, enough to work out what you need to.
Reseller API:
- Similar to the admin API, however aimed at resellers assuming they have permission to use it. This API is used by billing panel add-ons such as those made by MikkM and Smarters.
- All functions are available and limited to the lines and packages attributed to the reseller the API key is linked to.