Merge pull request #482 from TheSerapher/issue-467

Issue 467

public/include/autoloader.inc.php

@@ -22,6 +22,7 @@ require_once(INCLUDE_DIR . '/database.inc.php');
 require_once(INCLUDE_DIR . '/smarty.inc.php');
 // Load classes that need the above as dependencies
 require_once(CLASS_DIR . '/base.class.php');
+require_once(CLASS_DIR . '/api.class.php');
 require_once(CLASS_DIR . '/mail.class.php');
 require_once(CLASS_DIR . '/tokentype.class.php');
 require_once(CLASS_DIR . '/token.class.php');

public/include/classes/api.class.php

@@ -0,0 +1,23 @@
+<?php
+
+// Make sure we are called from index.php
+if (!defined('SECURITY')) die('Hacking attempt');
+
+/**
+ * Helper class for our API
+ **/
+class Api extends Base {
+  function isActive($error=true) {
+    if (!$this->config['website']['api']['disabled']) {
+      return true;
+    } else {
+      if ($error == true) {
+        header('HTTP/1.1 501 Not implemented');
+        die('501 Not implemented');
+      }
+    }
+  }
+}
+
+$api = new Api();
+$api->setConfig($config);

public/include/config/global.inc.dist.php

@@ -96,22 +96,24 @@ $config['ap_threshold']['max'] = 250;
  * Website specific configuration settings
  *
  * Explanation:
- *   title         :  Website title used in master template
- *   name          :  The pool name, displayed in the header and mails
- *   slogan        :  A special slogan, also displayed in the header below name
- *   email         :  `From` addresses used in notifications
- *   theme         :  Theme used for desktop browsers
- *   mobile        :  Enable/Disable mobile theme support
- *   mobile_theme  :  Theme used for mobile browsers
+ *   title          :  Website title used in master template
+ *   name           :  The pool name, displayed in the header and mails
+ *   slogan         :  A special slogan, also displayed in the header below name
+ *   email          :  `From` addresses used in notifications
+ *   theme          :  Theme used for desktop browsers
+ *   mobile         :  Enable/Disable mobile theme support
+ *   mobile_theme   :  Theme used for mobile browsers
+ *   api disabled   :  Disable the sites API functions
  *
  * Defaults:
- *   title         =  `The Pool - Mining Evolved`
- *   name          =  `The Pool`
- *   slogan        =  `Resistance is futile`
- *   email         =  `test@example.com`
- *   theme         =  `mmcFE`
- *   mobile        =  true
- *   mobile_theme  =  `mobile`
+ *   title          =  `The Pool - Mining Evolved`
+ *   name           =  `The Pool`
+ *   slogan         =  `Resistance is futile`
+ *   email          =  `test@example.com`
+ *   theme          =  `mmcFE`
+ *   mobile         =  true
+ *   mobile_theme   =  `mobile`
+ *   api disbabled  =  false
  **/
 $config['website']['title'] = 'The Pool - Mining Evolved';
 $config['website']['name'] = 'The Pool';
@@ -120,6 +122,7 @@ $config['website']['email'] = 'test@example.com';
 $config['website']['theme'] = 'mmcFE';
 $config['website']['mobile'] = true;
 $config['website']['mobile_theme'] = 'mobile';
+$config['website']['api']['disabled'] = false;
 
 /**
  * Account specific settings

public/include/pages/api.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-    die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check for valid API key
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getblockcount.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getblocksfound.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getcurrentworkers.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getdifficulty.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getestimatedtime.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getpoolhashrate.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getpoolsharerate.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getpoolstatus.inc.php

@@ -3,6 +3,9 @@
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 
+// Check if the API is activated
+$api->isActive();
+
 // Check user token
 $user_id = $user->checkApiKey($_REQUEST['api_key']);
 

public/include/pages/api/gettimesincelastblock.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getuserstatus.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $user_id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/getuserworkers.inc.php

@@ -1,8 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
 
 // Check user token
 $user_id = $user->checkApiKey($_REQUEST['api_key']);

public/include/pages/api/public.inc.php

@@ -1,10 +1,10 @@
 <?php
 
 // Make sure we are called from index.php
-if (!defined('SECURITY'))
-die('Hacking attempt');
+if (!defined('SECURITY')) die('Hacking attempt');
 
-// {"pool_name":"Pool-X.eu","hashrate":"511128.99","workers":"2104","shares_this_round":92450,"last_block":"365294","network_hashrate":17327056.06}
+// Check if the API is activated
+$api->isActive();
 
 // Fetch last block information
 $aLastBlock = $block->getLast();

public/include/smarty_globals.inc.php

@@ -47,7 +47,7 @@ $aGlobal = array(
   'blockexplorer' => $config['blockexplorer'],
   'chaininfo' => $config['chaininfo'],
   'config' => array(
-    'website' => array( 'title' => $config['website']['title'], 'acl' => $config['website']['acl'] ),
+    'website' => $config['website'],
     'accounts' => $config['accounts'],
     'disable_invitations' => $setting->getValue('disable_invitations'),
     'price' => array( 'currency' => $config['price']['currency'] ),

public/templates/mmcFE/account/edit/default.tpl

@@ -6,7 +6,7 @@
       <table>
         <tbody><tr><td>Username: </td><td>{$GLOBAL.userdata.username|escape}</td></tr>
         <tr><td>User Id: </td><td>{$GLOBAL.userdata.id}</td></tr>
-        <tr><td>API Key: </td><td><a href="{$smarty.server.PHP_SELF}?page=api&action=getuserstatus&api_key={$GLOBAL.userdata.api_key}&id={$GLOBAL.userdata.id}">{$GLOBAL.userdata.api_key}</a></td></tr>
+        {if !$GLOBAL.config.website.api.disabled}<tr><td>API Key: </td><td><a href="{$smarty.server.PHP_SELF}?page=api&action=getuserstatus&api_key={$GLOBAL.userdata.api_key}&id={$GLOBAL.userdata.id}">{$GLOBAL.userdata.api_key}</a></td></tr>{/if}
         <tr><td>E-Mail: </td><td><input type="text" name="email" value="{nocache}{$GLOBAL.userdata.email|escape}{/nocache}" size="20"></td></tr>
         <tr><td>Payment Address: </td><td><input type="text" name="paymentAddress" value="{nocache}{$smarty.request.paymentAddress|default:$GLOBAL.userdata.coin_address|escape}{nocache}" size="40"></td></tr>
         <tr><td>Donation %: </td><td><input type="text" name="donatePercent" value="{nocache}{$smarty.request.donatePercent|default:$GLOBAL.userdata.donate_percent|escape}{nocache}" size="4"><font size="1"> [donation amount in percent (example: 0.5)]</font></td></tr>

public/templates/mmcFE/global/navigation.tpl

@@ -47,7 +47,7 @@
             <li><a href="{$smarty.server.PHP_SELF}?page=about&action=pool">About</a>
               <ul>
                 <li><a href="{$smarty.server.PHP_SELF}?page=about&action=pool">This Pool</a></li>
-                <li><a href="{$smarty.server.PHP_SELF}?page=about&action=api">API Reference</a></li>
+                {if !$GLOBAL.config.website.api.disabled}<li><a href="{$smarty.server.PHP_SELF}?page=about&action=api">API Reference</a></li>{/if}
                 <li><a href="{$smarty.server.PHP_SELF}?page=about&action=donors">Pool Donors</a></li>
               </ul>
             </li>

public/templates/mmcFE/statistics/default.tpl

@@ -19,5 +19,5 @@
   </tr>
   </tbody>
 </table>
-<li>These stats are also available in JSON format <a href="{$smarty.server.PHP_SELF}?page=api&action=public" target="_api">HERE</a></li>
+{if !$GLOBAL.config.website.api.disabled}<li>These stats are also available in JSON format <a href="{$smarty.server.PHP_SELF}?page=api&action=public" target="_api">HERE</a></li>{/if}
 {include file="global/block_footer.tpl"}

public/templates/mmcFE/statistics/pool/authenticated.tpl

@@ -56,7 +56,7 @@
     </tr>
   </tbody>
 </table>
-<li>These stats are also available in JSON format <a href="{$smarty.server.PHP_SELF}?page=api&action=getpoolstatus&api_key={$GLOBAL.userdata.api_key}">HERE</a></li>
+{if !$GLOBAL.config.website.api.disabled}<li>These stats are also available in JSON format <a href="{$smarty.server.PHP_SELF}?page=api&action=getpoolstatus&api_key={$GLOBAL.userdata.api_key}">HERE</a></li>{/if}
 {include file="global/block_footer.tpl"}
 
 

public/templates/mobile/statistics/default.tpl

@@ -18,4 +18,4 @@
   </tr>
   </tbody>
 </table>
-<li>These stats are also available in JSON format <a href="{$smarty.server.PHP_SELF}?page=api&action=public" target="_api">HERE</a></li>
+{if !$GLOBAL.config.website.api.disabled}<li>These stats are also available in JSON format <a href="{$smarty.server.PHP_SELF}?page=api&action=public" target="_api">HERE</a></li>{/if}