Merge pull request #2117 from MPOS/development

UPDATE : Development to Master

.gitignore

@@ -1,12 +1,12 @@
 # Local Config
-/public/include/config/global.inc.php
+/include/config/global.inc.php
-/public/include/config/security.inc.php
+/include/config/security.inc.php
 
 # Templates
-/public/templates/compile/*.php
+/templates/compile/*.php
-/public/templates/compile/**
+/templates/compile/**
-/public/templates/cache/*.php
+/templates/cache/*.php
-/public/templates/cache/**
+/templates/cache/**
 
 # Logs
 /cronjobs/logs
@@ -14,8 +14,8 @@
 /logs/*
 
 # Test configs
-public/include/config/global.inc.scrypt.php
+/include/config/global.inc.scrypt.php
-public/include/config/global.inc.sha.php
+/include/config/global.inc.sha.php
 
 # IDE Settings
 /.idea/*

.htaccess

@@ -1,3 +1,10 @@
 ErrorDocument 404 /public/index.php?page=error&action=404
 RedirectMatch 404 /logs(/|$)
-Options -Indexes
+RedirectMatch 404 /templates(/|$)
+RedirectMatch 404 /include(/|$)
+RedirectMatch 404 /scripts(/|$)
+RedirectMatch 404 /sql(/|$)
+RedirectMatch 404 /upgrade(/|$)
+RedirectMatch 404 /cronjobs(/|$)
+RedirectMatch 404 /tests(/|$)
+Options -Indexes

cronjobs/logs/README.md

@@ -1 +0,0 @@
-Logging directory for cronjobs.

cronjobs/payouts.php

@@ -69,9 +69,9 @@ if ($setting->getValue('disable_manual_payouts') != 1 && $aManualPayouts) {
   foreach ($aManualPayouts as $aUserData) $dMPTotalAmount += $aUserData['confirmed'];
   if ($dMPTotalAmount > $dWalletBalance) {
     $log->logError(" Wallet does not cover MP payouts - Payout: " . $dMPTotalAmount . " - Balance: " . $dWalletBalance);
-    $monitoring->endCronjob($cron_name, 'E0079', 0, true);
+    $monitoring->endCronjob($cron_name, 'E0079', 1, true);
   }
-  
+
   $log->logInfo("Manual Payout Sum: " . $dMPTotalAmount . " | Liquid Assets: " . $dWalletBalance . " | Wallet Balance: " . ($dWalletBalance + $dBlocksUnconfirmedBalance) . " | Unconfirmed: " . $dBlocksUnconfirmedBalance);
   $log->logInfo('  found ' . count($aManualPayouts) . ' queued manual payouts');
   $mask = '    | %-10.10s | %-25.25s | %-20.20s | %-40.40s | %-20.20s |';
@@ -156,9 +156,9 @@ if ($setting->getValue('disable_auto_payouts') != 1 && $aAutoPayouts) {
   foreach ($aAutoPayouts as $aUserData) $dAPTotalAmount += $aUserData['confirmed'];
   if ($dAPTotalAmount > $dWalletBalance) {
     $log->logError(" Wallet does not cover AP payouts - Payout: " . $dAPTotalAmount . " - Balance: " . $dWalletBalance);
-    $monitoring->endCronjob($cron_name, 'E0079', 0, true);
+    $monitoring->endCronjob($cron_name, 'E0079', 1, true);
   }
-  
+
   $log->logInfo("Auto Payout Sum: " . $dAPTotalAmount . " | Liquid Assets: " . $dWalletBalance . " | Wallet Balance: " . ($dWalletBalance + $dBlocksUnconfirmedBalance) . " | Unconfirmed: " . $dBlocksUnconfirmedBalance);
   $log->logInfo('  found ' . count($aAutoPayouts) . ' queued auto payouts');
   $mask = '    | %-10.10s | %-25.25s | %-20.20s | %-40.40s | %-20.20s |';

cronjobs/pplns_payout.php

@@ -115,16 +115,16 @@ foreach ($aAllBlocks as $iIndex => $aBlock) {
         // Add archived shares to users current shares, if we have any in archive
         if (is_array($aArchiveShares)) {
           $log->logDebug('Found shares in archive to match PPLNS target, calculating per-user shares');
-          $strLogMask = "| %-20.20s | %15.15s | %15.15s | %15.15s | %15.15s | %15.15s | %15.15s |";
+          $strLogMask = "| %5.5s | %-20.20s | %15.15s | %15.15s | %15.15s | %15.15s | %15.15s | %15.15s |";
-          $log->logDebug(sprintf($strLogMask, 'Username', 'Round Valid', 'Archive Valid', 'Total Valid', 'Round Invalid', 'Archive Invalid', 'Total Invalid'));
+          $log->logDebug(sprintf($strLogMask, 'ID', 'Username', 'Round Valid', 'Archive Valid', 'Total Valid', 'Round Invalid', 'Archive Invalid', 'Total Invalid'));
           foreach($aAccountShares as $key => $aData) {
-            if (array_key_exists($aData['username'], $aArchiveShares)) {
+            if (array_key_exists(strtolower($aData['username']), $aArchiveShares)) {
-              $log->logDebug(sprintf($strLogMask, $aData['username'],
+              $log->logDebug(sprintf($strLogMask, $aData['id'], $aData['username'],
-                $aAccountShares[$key]['valid'], $aArchiveShares[$aData['username']]['valid'], ($aAccountShares[$key]['valid'] + $aArchiveShares[$aData['username']]['valid']),
+                $aAccountShares[$key]['valid'], $aArchiveShares[strtolower($aData['username'])]['valid'], ($aAccountShares[$key]['valid'] + $aArchiveShares[strtolower($aData['username'])]['valid']),
-                $aAccountShares[$key]['invalid'], $aArchiveShares[$aData['username']]['invalid'], ($aAccountShares[$key]['invalid'] + $aArchiveShares[$aData['username']]['invalid']))
+                $aAccountShares[$key]['invalid'], $aArchiveShares[strtolower($aData['username'])]['invalid'], ($aAccountShares[$key]['invalid'] + $aArchiveShares[strtolower($aData['username'])]['invalid']))
               );
-              $aAccountShares[$key]['valid'] += $aArchiveShares[$aData['username']]['valid'];
+              $aAccountShares[$key]['valid'] += $aArchiveShares[strtolower($aData['username'])]['valid'];
-              $aAccountShares[$key]['invalid'] += $aArchiveShares[$aData['username']]['invalid'];
+              $aAccountShares[$key]['invalid'] += $aArchiveShares[strtolower($aData['username'])]['invalid'];
             }
           }
           // reverse payout
@@ -132,13 +132,13 @@ foreach ($aAllBlocks as $iIndex => $aBlock) {
             $log->logDebug('Reverse payout enabled, adding shelved shares for all users');
             $aSharesData = NULL;
             foreach($aAccountShares as $key => $aData) {
-              $aSharesData[$aData['username']] = $aData;
+              $aSharesData[strtolower($aData['username'])] = $aData;
             }
             // Add users from archive not in current round
             $strLogMask = "| %-20.20s | %15.15s | %15.15s |";
             $log->logDebug(sprintf($strLogMask, 'Username', 'Shelved Valid', 'Shelved Invalid'));
             foreach($aArchiveShares as $key => $aArchData) {
-              if (!array_key_exists($aArchData['account'], $aSharesData)) {
+              if (!array_key_exists(strtolower($aArchData['account']), $aSharesData)) {
                 $log->logDebug(sprintf($strLogMask, $aArchData['account'], $aArchData['valid'], $aArchData['invalid']));
                 $aArchData['username'] = $aArchData['account'];
                 $aSharesData[$aArchData['account']] = $aArchData;

cronjobs/shared.inc.php

@@ -35,7 +35,7 @@ if (SECHASH_CHECK) {
 
 // MODIFY THIS
 // We need to find our include files so set this properly
-define("BASEPATH", "../public/");
+define("BASEPATH", dirname(__FILE__) . "/");
 
 /*****************************************************
  * No need to change beyond this point               *
@@ -48,14 +48,8 @@ $dStartTime = microtime(true);
 $cron_name = basename($_SERVER['PHP_SELF'], '.php');
 
 // Include our configuration (holding defines for the requires)
-require_once(BASEPATH . 'include/config/global.inc.dist.php');
+require_once(BASEPATH . '../include/bootstrap.php');
-require_once(BASEPATH . 'include/config/global.inc.php');
+require_once(BASEPATH . '../include/version.inc.php');
-
-require_once(BASEPATH . 'include/config/security.inc.dist.php');
-@include_once(BASEPATH . 'include/config/security.inc.php');
-
-require_once(BASEPATH . 'include/bootstrap.php');
-require_once(BASEPATH . 'include/version.inc.php');
 
 // Command line switches
 array_shift($argv);
@@ -69,7 +63,7 @@ foreach ($argv as $option) {
 }
 
 // Load 3rd party logging library for running crons
-$log = KLogger::instance( 'logs/' . $cron_name, KLogger::INFO );
+$log = KLogger::instance( BASEPATH . '../logs/' . $cron_name, KLogger::INFO );
 $log->LogDebug('Starting ' . $cron_name);
 
 // Load the start time for later runtime calculations for monitoring

include/admin_checks.php

@@ -53,10 +53,10 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
   }
 
   // check if we can write templates/cache and templates/compile -> error
-  if (!is_writable(THEME_DIR.'/cache')) {
+  if (!is_writable(TEMPLATE_DIR . '/cache')) {
     $error[] = "templates/cache folder is not writable for uid {$apache_user['name']}";
   }
-  if (!is_writable(THEME_DIR.'/compile')) {
+  if (!is_writable(TEMPLATE_DIR . '/compile')) {
     $error[] = "templates/compile folder is not writable for uid {$apache_user['name']}";
   }
 

include/autoloader.inc.php

@@ -17,6 +17,8 @@ require_once(INCLUDE_DIR . '/config/error_codes.inc.php');
 require_once(CLASS_DIR . '/base.class.php');
 require_once(CLASS_DIR . '/coins/coin_base.class.php');
 require_once(CLASS_DIR . '/setting.class.php');
+require_once(INCLUDE_DIR . '/version.inc.php');
+if (PHP_OS == 'WINNT') require_once(CLASS_DIR . '/memcached.class.php');
 
 // Now decide on which coin class to load and instantiate
 if (file_exists(CLASS_DIR . '/coins/coin_' . $config['algorithm'] . '.class.php')) {

include/bootstrap.php

@@ -3,20 +3,20 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Used for performance calculations
 $dStartTime = microtime(true);
 
-define('INCLUDE_DIR', BASEPATH . 'include');
+define('INCLUDE_DIR', BASEPATH . '../include');
 define('CLASS_DIR', INCLUDE_DIR . '/classes');
 define('PAGES_DIR', INCLUDE_DIR . '/pages');
-define('THEME_DIR', BASEPATH . 'templates');
+define('TEMPLATE_DIR', BASEPATH . '../templates');
 
 $quickstartlink = "<a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide' title='MPOS Quick Start Guide'>Quick Start Guide</a>";
 
 // Include our configuration (holding defines for the requires)
-if (!include_once(BASEPATH . 'include/config/global.inc.dist.php')) die('Unable to load base global config from ['.BASEPATH . 'include/config/global.inc.dist.php' . '] - '.$quickstartlink);
+if (!include_once(INCLUDE_DIR . '/config/global.inc.dist.php')) die('Unable to load base global config from ['.INCLUDE_DIR. '/config/global.inc.dist.php' . '] - '.$quickstartlink);
-if (!@include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load your global config from ['.BASEPATH . 'include/config/global.inc.php' . '] - '.$quickstartlink);
+if (!@include_once(INCLUDE_DIR . '/config/global.inc.php')) die('Unable to load your global config from ['.INCLUDE_DIR. '/config/global.inc.php' . '] - '.$quickstartlink);
 
 // load our security configs
-if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unable to load base security config from ['.BASEPATH . 'include/config/security.inc.dist.php' . '] - '.$quickstartlink);
+if (!include_once(INCLUDE_DIR . '/config/security.inc.dist.php')) die('Unable to load base security config from ['.INCLUDE_DIR. '/config/security.inc.dist.php' . '] - '.$quickstartlink);
-if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
+if (@file_exists(INCLUDE_DIR . '/config/security.inc.php')) include_once(INCLUDE_DIR . '/config/security.inc.php');
 
 // start our session, we need it for smarty caching
 session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
@@ -29,6 +29,14 @@ if (!$session_start) {
 }
 @setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
 
+// Set the timezone if a user has it set, default UTC
+if (isset($_SESSION['USERDATA']['timezone'])) {
+  $aTimezones = DateTimeZone::listIdentifiers();
+  date_default_timezone_set($aTimezones[$_SESSION['USERDATA']['timezone']]);
+} else {
+  date_default_timezone_set('UTC');
+}
+
 // Our default template to load, pages can overwrite this later
 $master_template = 'master.tpl';
 
@@ -36,4 +44,4 @@ $master_template = 'master.tpl';
 // We include all needed files here, even though our templates could load them themself
 require_once(INCLUDE_DIR . '/autoloader.inc.php');
 
-?>
+?>

include/classes/coins/coin_scryptn.class.php

@@ -0,0 +1,16 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+/**
+ * We extend our CoinBase class
+ * No need to change anything, base class supports
+ * scrypt and sha256d
+ * 
+ * Note: This is exactly the same as Scrypt, but it's 
+ * here to let MPOS api report the correct coin algorithm.
+ **/
+class Coin extends CoinBase {
+  protected $target_bits = 16;
+}
+
+?>

include/classes/coins/coin_x11.class.php

@@ -0,0 +1,13 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+/**
+ * We extend our CoinBase class
+ * No need to change anything, base class supports
+ * scrypt and sha256d
+ **/
+class Coin extends CoinBase {
+  protected $target_bits = 24;
+}
+
+?>

include/classes/csrftoken.class.php

@@ -82,7 +82,7 @@ class CSRFToken Extends Base {
    * @return string HTML image with description
    */
   public static function getDescriptionImageHTML($dowhat="try") {
-    $string = "<img src='site_assets/mpos/images/questionmark.png' ";
+    $string = "<img src='site_assets/bootstrap/images/questionmark.png' ";
     $string.= "title='Tokens are used to help us mitigate attacks; Simply ";
     $string.= htmlentities(strip_tags($dowhat));
     $string.= " again to continue' width='20px' height='20px'>";
@@ -104,4 +104,4 @@ $csrftoken->setUser($user);
 $csrftoken->setToken($oToken);
 $csrftoken->setConfig($config);
 $csrftoken->setErrorCodes($aErrorCodes);
-?>
+?>

include/classes/logger.class.php

@@ -5,7 +5,7 @@ class Logger {
   private $logging = false;
   public function __construct($config) {
     if ($config['logging']['enabled'] && $config['logging']['level'] > 0) {
-      $this->KLogger = KLogger::instance($config['logging']['path'], $config['logging']['level']);
+      $this->KLogger = KLogger::instance($config['logging']['path'] . '/website', $config['logging']['level']);
       $this->logging = true;
       $this->floatStartTime = microtime(true);
     }

include/classes/mail.class.php

@@ -74,8 +74,8 @@ class Mail extends Base {
     }
 
     // Prepare the smarty templates used
-    $this->smarty->clearCache(BASEPATH . 'templates/mail/' . $template . '.tpl');
+    $this->smarty->clearCache(TEMPLATE_DIR . '/mail/' . $template . '.tpl');
-    $this->smarty->clearCache(BASEPATH . 'templates/mail/subject.tpl');
+    $this->smarty->clearCache(TEMPLATE_DIR . '/mail/subject.tpl');
     $this->smarty->assign('WEBSITENAME', $this->setting->getValue('website_name'));
     $this->smarty->assign('SUBJECT', $aData['subject']);
     $this->smarty->assign('DATA', $aData);
@@ -84,12 +84,12 @@ class Mail extends Base {
     $senderEmail = $this->setting->getValue('website_email', 'test@example.com');
     $senderName = $this->setting->getValue('website_name', 'test@example.com');
     $message = Swift_Message::newInstance()
-      ->setSubject($this->smarty->fetch(BASEPATH . 'templates/mail/subject.tpl'))
+      ->setSubject($this->smarty->fetch(TEMPLATE_DIR . '/mail/subject.tpl'))
       ->setFrom(array( $senderEmail => $senderName))
       ->setTo($aData['email'])
       ->setSender($senderEmail)
       ->setReturnPath($senderEmail)
-      ->setBody($this->smarty->fetch(BASEPATH . 'templates/mail/' . $template . '.tpl'), 'text/html');
+      ->setBody($this->smarty->fetch(TEMPLATE_DIR . '/mail/' . $template . '.tpl'), 'text/html');
     if (isset($aData['senderName']) &&
         isset($aData['senderEmail']) &&
         strlen($aData['senderName']) > 0 &&

include/classes/share.class.php

@@ -146,7 +146,7 @@ class Share Extends Base {
     if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $iMinId, $iMaxId) && $stmt->execute() && $result = $stmt->get_result()) {
       $aData = NULL;
       while ($row = $result->fetch_assoc()) {
-        $aData[$row['account']] = $row;
+        $aData[strtolower($row['account'])] = $row;
       }
       if (is_array($aData)) return $aData;
     }

include/classes/statistics.class.php

@@ -815,21 +815,23 @@ class Statistics extends Base {
    * Get the Expected Time per Block in the whole Network in seconde
    * @return seconds double Seconds per Block
    */
-  public function getNetworkExpectedTimePerBlock(){
+  public function getExpectedTimePerBlock($type='network',$hashrate = 0){
     if ($data = $this->memcache->get(__FUNCTION__)) return $data;
 
     if ($this->bitcoin->can_connect() === true) {
-      $dNetworkHashrate = $this->bitcoin->getnetworkhashps();
+      if ($type == 'network') {
+        $hashrate = $this->bitcoin->getnetworkhashps();
+      } else {
+        // We need hashes/second and expect khash as input
+        $hashrate = $hashrate * 1000;
+      }
       $dDifficulty = $this->bitcoin->getdifficulty();
     } else {
-      $dNetworkHashrate = 1;
+      $hashrate = 1;
       $dDifficulty = 1;
     }
-    if($dNetworkHashrate <= 0){
+    if ($hashrate <= 0) $hashrate = 1;
-      return $this->memcache->setCache(__FUNCTION__, $this->config['cointarget']);
+    return $this->memcache->setCache(__FUNCTION__ . '_' . $type, $this->coin->calcNetworkExpectedTimePerBlock($dDifficulty, $hashrate));
-    }
-
-    return $this->memcache->setCache(__FUNCTION__, $this->coin->calcNetworkExpectedTimePerBlock($dDifficulty, $dNetworkHashrate));
   }
 
   /**

include/classes/template.class.php

@@ -17,13 +17,13 @@ class Template extends Base {
 
   /**
    * Get all available themes
-   * Read theme folders from THEME_DIR
+   * Read theme folders from TEMPLATE_DIR
    *
    * @return array - list of available themes
    */
   public function getThemes() {
     $this->debug->append("STA " . __METHOD__, 4);
-    $aTmpThemes = glob(THEME_DIR . '/*');
+    $aTmpThemes = glob(TEMPLATE_DIR . '/*');
     $aThemes = array();
     foreach ($aTmpThemes as $dir) {
       if (basename($dir) != 'cache' && basename($dir) != 'compile' && basename($dir) != 'mail') $aThemes[basename($dir)] = basename($dir);
@@ -86,12 +86,12 @@ class Template extends Base {
   /**
    * Return the content of specific template file
    *
-   * @param $file - file of template related to THEME_DIR
+   * @param $file - file of template related to TEMPLATE_DIR
    * @return string - content of the template file
    */
   public function getTemplateContent($file) {
     $this->debug->append("STA " . __METHOD__, 4);
-    $filepath = THEME_DIR . '/' . $file;
+    $filepath = TEMPLATE_DIR . '/' . $file;
     return file_get_contents($filepath);
   }
 
@@ -103,7 +103,7 @@ class Template extends Base {
    */
   public function getTemplateFiles($theme) {
     $this->debug->append("STA " . __METHOD__, 4);
-    $folder = THEME_DIR . '/' . $theme;
+    $folder = TEMPLATE_DIR . '/' . $theme;
 
     $dir = new RecursiveDirectoryIterator($folder);
     $ite = new RecursiveIteratorIterator($dir);
@@ -130,7 +130,7 @@ class Template extends Base {
 
     $templates = array();
     foreach($themes as $theme) {
-      $templates[$theme] = $this->_getTemplatesTreeRecursive(THEME_DIR . '/' . $theme);
+      $templates[$theme] = $this->_getTemplatesTreeRecursive(TEMPLATE_DIR . '/' . $theme);
     }
 
     return $templates;

include/classes/tools.class.php

@@ -7,6 +7,28 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
  * the scope of our web application
  **/
 class Tools extends Base {
+  public function getOnlineVersions() {
+    // Fetch version online, cache for a bit
+    $key = $this->config['memcache']['keyprefix'] . 'ONLINE_VERSIONS';
+    if (! $mpos_versions = $this->memcache->get($key)) {
+      $url = $this->config['version_url'];
+      $curl = curl_init();
+      curl_setopt($curl, CURLOPT_URL, $url);
+      curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+      curl_setopt($curl, CURLOPT_HEADER, false);
+      $data = curl_exec($curl);
+      preg_match('/define\(\'MPOS_VERSION\', \'(.*)\'\);/', $data, $match);
+      $mpos_versions['MPOS_VERSION'] = $match[1];
+      preg_match('/define\(\'DB_VERSION\', \'(.*)\'\);/', $data, $match);
+      $mpos_versions['DB_VERSION'] = $match[1];
+      preg_match('/define\(\'CONFIG_VERSION\', \'(.*)\'\);/', $data, $match);
+      $mpos_versions['CONFIG_VERSION'] = $match[1];
+      curl_close($curl);
+      return $this->memcache->setCache($key, $mpos_versions, 30);
+    } else {
+      return $mpos_versions;
+    }
+  }
   /**
    * Fetch JSON data from an API
    * @param url string API URL
@@ -108,3 +130,4 @@ class Tools extends Base {
 $tools = new Tools();
 $tools->setDebug($debug);
 $tools->setConfig($config);
+$tools->setMemcache($memcache);

include/classes/transaction.class.php

@@ -53,9 +53,10 @@ class Transaction extends Base {
       WHERE t.archived = 0
       AND (
            ( t.account_id = ? AND t.id <= ? AND b.confirmations >= ? )
+        OR ( t.account_id = ? AND t.id <= ? AND b.confirmations = -1 )
         OR ( t.account_id = ? AND t.id <= ? AND t.type IN ( 'Credit_PPS', 'Donation_PPS', 'Fee_PPS', 'TXFee', 'Debit_MP', 'Debit_AP' ) )
       )");
-     if ($this->checkStmt($stmt) && $stmt->bind_param('iiiii', $account_id, $txid, $this->config['confirmations'], $account_id, $txid) && $stmt->execute())
+     if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiiii', $account_id, $txid, $this->config['confirmations'], $account_id, $txid, $account_id, $txid) && $stmt->execute())
       return true;
     return $this->sqlError();
   }

include/classes/user.class.php

@@ -7,8 +7,15 @@ class User extends Base {
   private $user = array();
 
   // get and set methods
-  private function getHash($string) {
+  private function getHash($string, $version=0, $pepper='') {
-    return hash('sha256', $string.$this->salt);
+    switch($version) {
+    case 0:
+      return hash('sha256', $string.$this->salt);
+      break;
+    case 1:
+      return '$' . $version . '$' . $pepper . '$' . hash('sha256', $string.$this->salt.$pepper);
+      break;
+    }
   }
   public function getUserName($id) {
     return $this->getSingle($id, 'username', 'id');
@@ -28,6 +35,12 @@ class User extends Base {
   public function getUserEmailById($id) {
     return $this->getSingle($id, 'email', 'id', 'i');
   }
+  public function getUserPasswordHashById($id) {
+    return $this->getSingle($id, 'pass', 'id', 'i');
+  }
+  public function getUserPinHashById($id) {
+    return $this->getSingle($id, 'pin', 'id', 'i');
+  }
   public function getUserNoFee($id) {
     return $this->getSingle($id, 'no_fees', 'id');
   }
@@ -257,11 +270,13 @@ class User extends Base {
    * @param pin int PIN to check
    * @return bool
    **/
-  public function checkPin($userId, $pin=false) {
+  public function checkPin($userId, $pin='') {
     $this->debug->append("STA " . __METHOD__, 4);
     $this->debug->append("Confirming PIN for $userId and pin $pin", 2);
-    $stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id=? AND pin=? LIMIT 1");
+    $strPinHash = $this->getUserPinHashById($userId);
-    $pin_hash = $this->getHash($pin);
+    $aPin = explode('$', $strPinHash);
+    count($aPin) == 1 ? $pin_hash = $this->getHash($pin, 0) : $pin_hash = $this->getHash($pin, $aPin[1], $aPin[2]);
+    $stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id = ? AND pin = ? LIMIT 1");
     if ($stmt->bind_param('is', $userId, $pin_hash) && $stmt->execute() && $stmt->bind_result($row_pin) && $stmt->fetch()) {
       $this->setUserPinFailed($userId, 0);
       return ($pin_hash === $row_pin);
@@ -289,15 +304,17 @@ class User extends Base {
     $this->debug->append("STA " . __METHOD__, 4);
     $username = $this->getUserName($userID);
     $email = $this->getUserEmail($username);
-    $current = $this->getHash($current);
+    $strPasswordHash = $this->getUserPasswordHashById($userID);
+    $aPassword = explode('$', $strPasswordHash);
+    count($aPassword) == 1 ? $password_hash = $this->getHash($current, 0) : $password_hash = $this->getHash($current, $aPassword[1], $aPassword[2]);
     $newpin = intval( '0' . rand(1,9) . rand(0,9) . rand(0,9) . rand(0,9) );
     $aData['username'] = $username;
     $aData['email'] = $email;
     $aData['pin'] = $newpin;
-    $newpin = $this->getHash($newpin);
+    $newpin = $this->getHash($newpin, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32)));
     $aData['subject'] = 'PIN Reset Request';
     $stmt = $this->mysqli->prepare("UPDATE $this->table SET pin = ? WHERE ( id = ? AND pass = ? )");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $newpin, $userID, $current) && $stmt->execute()) {
+    if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $newpin, $userID, $password_hash) && $stmt->execute()) {
       if ($stmt->errno == 0 && $stmt->affected_rows === 1) {
         if ($this->mail->sendMail('pin/reset', $aData)) {
           $this->log->log("info", "$username was sent a pin reset e-mail");
@@ -407,7 +424,7 @@ class User extends Base {
     $this->setErrorMessage('A request has already been sent to your e-mail address. Please wait an hour for it to expire.');
     return false;
   }
-  
+
   /**
    * Update the accounts password
    * @param userID int User ID
@@ -427,8 +444,10 @@ class User extends Base {
       $this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
       return false;
     }
-    $current = $this->getHash($current);
+    $strPasswordHash = $this->getUserPasswordHashById($userID);
-    $new = $this->getHash($new1);
+    $aPassword = explode('$', $strPasswordHash);
+    count($aPassword) == 1 ? $password_hash = $this->getHash($current, 0) : $password_hash = $this->getHash($current, $aPassword[1], $aPassword[2]);
+    $new = $this->getHash($new1, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32)));
     if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['changepw']) {
       $tValid = $this->token->isTokenValid($userID, $strToken, 6);
       if ($tValid) {
@@ -448,7 +467,7 @@ class User extends Base {
     }
     $stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ? WHERE ( id = ? AND pass = ? )");
     if ($this->checkStmt($stmt)) {
-      $stmt->bind_param('sis', $new, $userID, $current);
+      $stmt->bind_param('sis', $new, $userID, $password_hash);
       $stmt->execute();
       if ($stmt->errno == 0 && $stmt->affected_rows === 1) {
         $this->log->log("info", $this->getUserName($userID)." updated password");
@@ -460,7 +479,7 @@ class User extends Base {
     $this->setErrorMessage( 'Unable to update password, current password wrong?' );
     return false;
   }
-  
+
   /**
    * Update account information from the edit account page
    * @param userID int User ID
@@ -470,7 +489,7 @@ class User extends Base {
    * @param strToken string Token for confirmation
    * @return bool
    **/
-  public function updateAccount($userID, $address, $threshold, $donate, $email, $is_anonymous, $strToken) {
+  public function updateAccount($userID, $address, $threshold, $donate, $email, $timezone, $is_anonymous, $strToken) {
     $this->debug->append("STA " . __METHOD__, 4);
     $bUser = false;
     $donate = round($donate, 2);
@@ -538,10 +557,10 @@ class User extends Base {
         return false;
       }
     }
-    
+
     // We passed all validation checks so update the account
-    $stmt = $this->mysqli->prepare("UPDATE $this->table SET coin_address = ?, ap_threshold = ?, donate_percent = ?, email = ?, is_anonymous = ? WHERE id = ?");
+    $stmt = $this->mysqli->prepare("UPDATE $this->table SET coin_address = ?, ap_threshold = ?, donate_percent = ?, email = ?, timezone = ?, is_anonymous = ? WHERE id = ?");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('sddsii', $address, $threshold, $donate, $email, $is_anonymous, $userID) && $stmt->execute()) {
+    if ($this->checkStmt($stmt) && $stmt->bind_param('sddssii', $address, $threshold, $donate, $email, $timezone, $is_anonymous, $userID) && $stmt->execute()) {
       $this->log->log("info", $this->getUserName($userID)." updated their account details");
       return true;
     }
@@ -577,14 +596,15 @@ class User extends Base {
   private function checkUserPassword($username, $password) {
     $this->debug->append("STA " . __METHOD__, 4);
     $user = array();
-    $password_hash = $this->getHash($password);
+    $stmt = $this->mysqli->prepare("SELECT username, pass, id, timezone, is_admin FROM $this->table WHERE LOWER(username) = LOWER(?) LIMIT 1");
-    $stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE LOWER(username) = LOWER(?) AND pass = ? LIMIT 1");
+    if ($this->checkStmt($stmt) && $stmt->bind_param('s', $username) && $stmt->execute() && $stmt->bind_result($row_username, $row_password, $row_id, $row_timezone, $row_admin)) {
-    if ($this->checkStmt($stmt) && $stmt->bind_param('ss', $username, $password_hash) && $stmt->execute() && $stmt->bind_result($row_username, $row_id, $row_admin)) {
       $stmt->fetch();
       $stmt->close();
+      $aPassword = explode('$', $row_password);
+      count($aPassword) == 1 ? $password_hash = $this->getHash($password, 0) : $password_hash = $this->getHash($password, $aPassword[1], $aPassword[2]);
       // Store the basic login information
-      $this->user = array('username' => $row_username, 'id' => $row_id, 'is_admin' => $row_admin);
+      $this->user = array('username' => $row_username, 'id' => $row_id, 'timezone' => $row_timezone, 'is_admin' => $row_admin);
-      return strtolower($username) === strtolower($row_username);
+      return $password_hash === $row_password && strtolower($username) === strtolower($row_username);
     }
     return $this->sqlError();
   }
@@ -683,7 +703,7 @@ class User extends Base {
     $this->debug->append("Fetching user information for user id: $userID");
     $stmt = $this->mysqli->prepare("
       SELECT
-      id, username, pin, api_key, is_admin, is_anonymous, email, no_fees,
+      id, username, pin, api_key, is_admin, is_anonymous, email, timezone, no_fees,
       IFNULL(donate_percent, '0') as donate_percent, coin_address, ap_threshold
       FROM $this->table
       WHERE id = ? LIMIT 0,1");
@@ -711,7 +731,7 @@ class User extends Base {
    * @param email2 string Email confirmation
    * @return bool
    **/
-  public function register($username, $password1, $password2, $pin, $email1='', $email2='', $tac='', $strToken='') {
+  public function register($username, $coinaddress, $password1, $password2, $pin, $email1='', $email2='', $tac='', $strToken='') {
     $this->debug->append("STA " . __METHOD__, 4);
     if ($tac != 1) {
       $this->setErrorMessage('You need to accept our <a href="'.$_SERVER['SCRIPT_NAME'].'?page=tac" target="_blank">Terms and Conditions</a>');
@@ -721,6 +741,10 @@ class User extends Base {
       $this->setErrorMessage('Username exceeding character limit');
       return false;
     }
+    if (!$this->bitcoin->validateaddress($coinaddress)) {
+      $this->setErrorMessage('Coin address is not valid');
+      return false;
+    }
     if (preg_match('/[^a-z_\-0-9]/i', $username)) {
       $this->setErrorMessage('Username may only contain alphanumeric characters');
       return false;
@@ -775,26 +799,26 @@ class User extends Base {
       ! $this->setting->getValue('accounts_confirm_email_disabled') ? $is_locked = 1 : $is_locked = 0;
       $is_admin = 0;
       $stmt = $this->mysqli->prepare("
-        INSERT INTO $this->table (username, pass, email, signup_timestamp, pin, api_key, is_locked)
+        INSERT INTO $this->table (username, pass, email, signup_timestamp, pin, api_key, is_locked, coin_address)
-        VALUES (?, ?, ?, ?, ?, ?, ?)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
         ");
     } else {
       $is_locked = 0;
       $is_admin = 1;
       $stmt = $this->mysqli->prepare("
-        INSERT INTO $this->table (username, pass, email, signup_timestamp, pin, api_key, is_admin, is_locked)
+        INSERT INTO $this->table (username, pass, email, signup_timestamp, pin, api_key, is_admin, is_locked, coin_address)
-        VALUES (?, ?, ?, ?, ?, ?, 1, ?)
+        VALUES (?, ?, ?, ?, ?, ?, 1, ?, ?)
         ");
     }
 
     // Create hashed strings using original string and salt
-    $password_hash = $this->getHash($password1);
+    $password_hash = $this->getHash($password1, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32)));
-    $pin_hash = $this->getHash($pin);
+    $pin_hash = $this->getHash($pin, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32)));
-    $apikey_hash = $this->getHash($username);
+    $apikey_hash = $this->getHash($username, 0);
     $username_clean = strip_tags($username);
     $signup_time = time();
 
-    if ($this->checkStmt($stmt) && $stmt->bind_param('sssissi', $username_clean, $password_hash, $email1, $signup_time, $pin_hash, $apikey_hash, $is_locked) && $stmt->execute()) {
+    if ($this->checkStmt($stmt) && $stmt->bind_param('sssissis', $username_clean, $password_hash, $email1, $signup_time, $pin_hash, $apikey_hash, $is_locked, $coinaddress) && $stmt->execute()) {
       if (! $this->setting->getValue('accounts_confirm_email_disabled') && $is_admin != 1) {
         if ($token = $this->token->createToken('confirm_email', $stmt->insert_id)) {
           $aData['username'] = $username_clean;
@@ -841,7 +865,7 @@ class User extends Base {
         $this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
         return false;
       }
-      $new_hash = $this->getHash($new1);
+      $new_hash = $this->getHash($new1, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32)));
       $stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ? WHERE id = ?");
       if ($this->checkStmt($stmt) && $stmt->bind_param('si', $new_hash, $aToken['account_id']) && $stmt->execute() && $stmt->affected_rows === 1) {
         if ($this->token->deleteToken($aToken['token'])) {

include/classes/worker.class.php

@@ -48,15 +48,34 @@ class Worker extends Base {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("
       SELECT w.account_id AS account_id, w.id AS id, w.username AS username
-      FROM " . $this->share->getTableName() . " AS s
+      FROM
+      (
+        SELECT username AS s_username, MAX(shares_id) AS shares_id, MAX(shares_archive_id) AS shares_archive_id
+        FROM
+        (
+          SELECT
+          s.username AS username, MAX(s.id) AS shares_id, NULL AS shares_archive_id
+          FROM . " . $this->share->getTableName() . " AS s
+          WHERE s.time > DATE_SUB(now(), INTERVAL ? SECOND)
+          AND s.our_result = 'Y'
+          GROUP BY s.username
+          UNION
+          SELECT
+          sa.username AS username, NULL AS shares_id, MAX(sa.id) AS shares_archive_id
+          FROM " . $this->share->getArchiveTableName() . " AS sa
+          WHERE sa.time > DATE_SUB(now(), INTERVAL ? SECOND)
+          AND sa.our_result = 'Y'
+          GROUP BY sa.username
+        ) AS derived0
+        GROUP BY s_username
+      ) AS derived1
       RIGHT JOIN " . $this->getTableName() . " AS w
-      ON w.username = s.username
+      ON s_username = w.username
-      AND s.time > DATE_SUB(now(), INTERVAL ? SECOND)
-      AND our_result = 'Y'
       WHERE w.monitor = 1
-      AND s.id IS NULL
+      AND shares_id IS NULL
+      AND shares_archive_id IS NULL
     ");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $interval) && $stmt->execute() && $result = $stmt->get_result())
+    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $interval, $interval) && $stmt->execute() && $result = $stmt->get_result())
       return $result->fetch_all(MYSQLI_ASSOC);
     return $this->sqlError('E0054');
   }
@@ -69,38 +88,41 @@ class Worker extends Base {
   public function getWorker($id, $interval=600) {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("
-       SELECT id, username, password, monitor,
+      SELECT id, username, password, monitor,
-       ( SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)) AS count_all,
+        (
-       ( SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)) AS count_all_archive,
+          SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-       (
+        ) + (
-         SELECT
+          SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-          IFNULL(IF(our_result='Y', ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * POW(2, " . $this->coin->getTargetBits() . ") / ? / 1000), 0), 0) AS hashrate
+        ) AS count_all,
+        (
+          SELECT
+          IFNULL(SUM(difficulty), 0)
           FROM " . $this->share->getTableName() . "
           WHERE
             username = w.username
-          AND time > DATE_SUB(now(), INTERVAL ? SECOND)
+            AND our_result = 'Y'
+            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
         ) + (
-         SELECT
+          SELECT
-          IFNULL(IF(our_result='Y', ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * POW(2, " . $this->coin->getTargetBits() . ") / ? / 1000), 0), 0) AS hashrate
+          IFNULL(SUM(difficulty), 0)
           FROM " . $this->share->getArchiveTableName() . "
           WHERE
             username = w.username
-          AND time > DATE_SUB(now(), INTERVAL ? SECOND)
+            AND our_result = 'Y'
-       ) AS hashrate,
+            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-       (
+         ) AS shares
-         SELECT IFNULL(ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) / count_all, 2), 0)
-         FROM " . $this->share->getTableName() . "
-         WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-       ) + (
-         SELECT IFNULL(ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) / count_all_archive, 2), 0)
-         FROM " . $this->share->getArchiveTableName() . "
-         WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-       ) AS difficulty
        FROM $this->table AS w
-       WHERE id = ?
+       WHERE id = ?");
-       ");
+    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiii', $interval, $interval, $interval, $interval, $id) && $stmt->execute() && $result = $stmt->get_result()) {
-    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiiiiii',$interval, $interval, $interval, $interval, $interval, $interval, $interval, $interval, $id) && $stmt->execute() && $result = $stmt->get_result())
+      $row = $result->fetch_assoc();
-      return $result->fetch_assoc();
+      $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
+      if ($row['count_all'] > 0) {
+        $row['difficulty'] = round($row['shares'] / $row['count_all'], 2);
+      } else {
+        $row['difficulty'] = 0.00;
+      }
+      return $row;
+    }
     return $this->sqlError('E0055');
   }
 
@@ -113,85 +135,93 @@ class Worker extends Base {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("
       SELECT id, username, password, monitor,
-       ( SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)) AS count_all,
+        (
-       ( SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)) AS count_all_archive,
+          SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-       (
+        ) + (
-         SELECT
+          SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-          IFNULL(IF(our_result='Y', ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * POW(2, " . $this->coin->getTargetBits() . ") / ? / 1000), 0), 0) AS hashrate
+        ) AS count_all,
+        (
+          SELECT
+          IFNULL(SUM(difficulty), 0)
           FROM " . $this->share->getTableName() . "
           WHERE
             username = w.username
-          AND time > DATE_SUB(now(), INTERVAL ? SECOND)
+            AND our_result = 'Y'
-      ) + (
+            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-        SELECT
+        ) + (
-          IFNULL(IF(our_result='Y', ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * POW(2, " . $this->coin->getTargetBits() . ") / ? / 1000), 0), 0) AS hashrate
+          SELECT
+          IFNULL(SUM(difficulty), 0)
           FROM " . $this->share->getArchiveTableName() . "
           WHERE
             username = w.username
-          AND time > DATE_SUB(now(), INTERVAL ? SECOND)
+            AND our_result = 'Y'
-      ) AS hashrate,
+            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      (
+        ) AS shares
-        SELECT IFNULL(ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) / count_all, 2), 0)
-        FROM " . $this->share->getTableName() . "
-        WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      ) + (
-        SELECT IFNULL(ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) / count_all_archive, 2), 0)
-        FROM " . $this->share->getArchiveTableName() . "
-        WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      ) AS difficulty
       FROM $this->table AS w
       WHERE account_id = ?");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiiiiii', $interval, $interval, $interval, $interval, $interval, $interval, $interval, $interval, $account_id) && $stmt->execute() && $result = $stmt->get_result())
+    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiii', $interval, $interval, $interval, $interval, $account_id) && $stmt->execute() && $result = $stmt->get_result()) {
-      return $result->fetch_all(MYSQLI_ASSOC);
+      $aData = array();
+      while ($row = $result->fetch_assoc()) {
+        $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
+        if ($row['count_all'] > 0) {
+          $row['difficulty'] = round($row['shares'] / $row['count_all'], 2);
+        } else {
+          $row['difficulty'] = 0.00;
+        }
+        $aData[] = $row;
+      }
+      return $aData;
+    }
     return $this->sqlError('E0056');
   }
 
   /**
    * Fetch all workers for admin panel
-   * @param limit int 
+   * @param limit int max amount of workers
    * @return mixed array Workers and their settings or false
    **/
   public function getAllWorkers($iLimit=0, $interval=600, $start=0) {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("
       SELECT id, username, password, monitor,
-      IFNULL(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty), 0) AS difficulty,
+        (
-       (
+          SELECT COUNT(id) FROM " . $this->share->getTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-         SELECT
+        ) + (
-          IFNULL(IF(our_result='Y', ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * POW(2, " . $this->coin->getTargetBits() . ") / ? / 1000), 0), 0) AS hashrate
+          SELECT COUNT(id) FROM " . $this->share->getArchiveTableName() . " WHERE our_result = 'Y' AND username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
+        ) AS count_all,
+        IFNULL(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty), 0) AS difficulty,
+        (
+          SELECT
+          IFNULL(SUM(difficulty), 0)
           FROM " . $this->share->getTableName() . "
           WHERE
             username = w.username
-          AND time > DATE_SUB(now(), INTERVAL ? SECOND)
+            AND our_result = 'Y'
-      ) + (
+            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-        SELECT
+        ) + (
-          IFNULL(IF(our_result='Y', ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * POW(2, " . $this->coin->getTargetBits() . ") / ? / 1000), 0), 0) AS hashrate
+          SELECT
+          IFNULL(SUM(difficulty), 0)
           FROM " . $this->share->getArchiveTableName() . "
           WHERE
             username = w.username
-          AND time > DATE_SUB(now(), INTERVAL ? SECOND)
+            AND our_result = 'Y'
-      ) AS hashrate,
+            AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      ((
+        ) AS shares
-        SELECT IFNULL(ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)), 2), 0)
-        FROM " . $this->share->getTableName() . "
-        WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      ) + (
-        SELECT IFNULL(ROUND(SUM(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)), 2), 0)
-        FROM " . $this->share->getArchiveTableName() . "
-        WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      )) / ((
-        SELECT COUNT(id) 
-        FROM " . $this->share->getTableName() . " 
-        WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      ) + ( 
-        SELECT COUNT(id) 
-        FROM " . $this->share->getArchiveTableName() . " 
-        WHERE username = w.username AND time > DATE_SUB(now(), INTERVAL ? SECOND)
-      )) AS avg_difficulty
       FROM $this->table AS w
-      ORDER BY hashrate DESC LIMIT ?,?");
+      ORDER BY shares DESC LIMIT ?,?");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiiiiiii', $interval, $interval, $interval, $interval, $interval, $interval, $interval, $interval, $start, $iLimit) && $stmt->execute() && $result = $stmt->get_result())
+    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiii', $interval, $interval, $interval, $interval, $start, $iLimit) && $stmt->execute() && $result = $stmt->get_result()) {
-      return $result->fetch_all(MYSQLI_ASSOC);
+      $aData = array();
+      while ($row = $result->fetch_assoc()) {
+        $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
+        if ($row['count_all'] > 0) {
+          $row['avg_difficulty'] = round($row['shares'] / $row['count_all'], 2);
+        } else {
+          $row['avg_difficulty'] = 0.00;
+        }
+        $aData[] = $row;
+      }
+      return $aData;
+    }
     return $this->sqlError('E0057');
   }
 

include/config/admin_settings.inc.php

@@ -13,12 +13,27 @@ $aSettings['website'][] = array(
   'tooltip' => 'Enable or Disable maintenance mode. Only admins can still login.'
 );
 $aSettings['website'][] = array(
-  'display' => 'Message of the Day', 'type' => 'text',
+  'display' => 'Message of the Day', 'type' => 'textarea',
-  'size' => 25,
+  'size' => 20,
+  'height' => 3,
   'default' => '',
   'name' => 'system_motd', 'value' => $setting->getValue('system_motd'),
   'tooltip' => 'Display a message of the day as information popup if set.'
 );
+$aSettings['website'][] = array(
+  'display' => 'MOTD Style', 'type' => 'select',
+  'options' => array( 0 => 'Success', 1 => 'Information', 2 => 'Warning', 3 => 'Danger' ),
+  'default' => 0,
+  'name' => 'system_motd_style', 'value' => $setting->getValue('system_motd_style'),
+  'tooltip' => 'Set the Style what MOTD looks like.'
+);
+$aSettings['website'][] = array(
+  'display' => 'MOTD Dismiss', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes' ),
+  'default' => 0,
+  'name' => 'system_motd_dismiss', 'value' => $setting->getValue('system_motd_dismiss'),
+  'tooltip' => 'Set if users can hide MOTD.'
+);
 $aSettings['website'][] = array(
   'display' => 'Website Name', 'type' => 'text',
   'size' => 25,
@@ -293,6 +308,13 @@ $aSettings['system'][] = array(
   'name' => 'system_error_email', 'value' => $setting->getValue('system_error_email'),
   'tooltip' => 'The email address for system errors notifications, like cronjobs failures.'
 );
+$aSettings['system'][] = array(
+  'display' => 'Date format string', 'type' => 'text',
+  'site' => 25,
+  'default' => '%m/%d/%Y %H:%M:%S',
+  'name' => 'system_date_format', 'value' => $setting->getValue('system_date_format'),
+  'tooltip' => 'Date format to be used throughout the site. Please check PHP strftime for details.'
+);
 $aSettings['system'][] = array(
   'display' => 'Disable e-mail confirmations', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes' ),
@@ -356,20 +378,6 @@ $aSettings['system'][] = array(
   'name' => 'disable_dashboard_api', 'value' => $setting->getValue('disable_dashboard_api'),
   'tooltip' => 'Disable dashboard API entirely to reduce server load.'
 );
-$aSettings['system'][] = array(
-  'display' => 'Disable Live Navbar', 'type' => 'select',
-  'options' => array( 0 => 'No', 1 => 'Yes'),
-  'default' => 0,
-  'name' => 'disable_navbar', 'value' => $setting->getValue('disable_navbar'),
-  'tooltip' => 'Disable live updates on the navbar to reduce server load.'
-);
-$aSettings['system'][] = array(
-  'display' => 'Disable Navbar API', 'type' => 'select',
-  'options' => array( 0 => 'No', 1 => 'Yes'),
-  'default' => 0,
-  'name' => 'disable_navbar_api', 'value' => $setting->getValue('disable_navbar_api'),
-  'tooltip' => 'Disable navbar API entirely to reduce server load. Used in pool stats and navbar mini stats.'
-);
 $aSettings['system'][] = array(
   'display' => 'Disable TX Summaries', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes'),
@@ -377,6 +385,13 @@ $aSettings['system'][] = array(
   'name' => 'disable_transactionsummary', 'value' => $setting->getValue('disable_transactionsummary'),
   'tooltip' => 'Disable transaction summaries. Helpful with large transaction tables.'
 );
+$aSettings['system'][] = array(
+  'display' => 'Disable Worker Edit without valid Coin Address', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes'),
+  'default' => 0,
+  'name' => 'disable_worker_edit', 'value' => $setting->getValue('disable_worker_edit'),
+  'tooltip' => 'No worker editing without valid Payout Address set in Account Settings.'
+);
 $aSettings['system'][] = array(
   'display' => 'IRC Chat Channel', 'type' => 'text',
   'size' => 25,

include/config/global.inc.dist.php

@@ -3,9 +3,11 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 /**
  * Do not edit this unless you have confirmed that your config has been updated!
+ * Also the URL to check for the most recent upstream versions available
  *  https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-config-version
  **/
 $config['version'] = '0.0.8';
+$config['version_url'] = 'https://raw.githubusercontent.com/MPOS/php-mpos/master/public/include/version.inc.php';
 
 /**
  * Unless you disable this, we'll do a quick check on your config first.