RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch config over to wiki, yay

Browse Source
This commit is contained in:
xisi 2014-01-28 14:24:48 -05:00
parent 181ef0c6d2
commit 3efe979ae3
2 changed files with 124 additions and 513 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

533
public/include/config/global.inc.dist.php
View File

@ -3,60 +3,42 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
/**
* Do not edit this unless you have confirmed that your config has been updated!
* This is used in the version check to ensure you run the latest version of the configuration file.
* Once you upgraded your config, change the version here too.
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-config-version
**/
$config['version'] = '0.0.7';
/**
* Unless you disable this, we'll do a quick check on your config first.
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-config-check
*/
$config['skip_config_tests'] = false;
// Our include directory for additional features
define('INCLUDE_DIR', BASEPATH . 'include');
// Our class directory
define('CLASS_DIR', INCLUDE_DIR . '/classes');
// Our pages directory which takes care of
define('PAGES_DIR', INCLUDE_DIR . '/pages');
// Our theme folder holding all themes
define('THEME_DIR', BASEPATH . 'templates');
// Set debugging level for our debug class
// Values valid from 0 (disabled) to 5 (most verbose)
/**
* Defines
* Debug setting and salts for hashing passwords
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-defines--salts
*/
define('DEBUG', 0);
// SALT used to hash passwords
define('SALT', 'PLEASEMAKEMESOMETHINGRANDOM');
define('SALTY', 'THISSHOULDALSOBERRAANNDDOOM');
define('INCLUDE_DIR', BASEPATH . 'include');
define('CLASS_DIR', INCLUDE_DIR . '/classes');
define('PAGES_DIR', INCLUDE_DIR . '/pages');
define('THEME_DIR', BASEPATH . 'templates');
/**
* Underlying coin algorithm that you are mining on. Set this to whatever your coin needs:
*
* Options:
* sha256d : SHA coins like Bitcoin
* scrypt : Scrypt based coins like Litecoin
* Default:
* scrypt : Scrypt is default
* Coin Algorithm
* Algorithm used by this coin, sha256d or scrypt
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-algorithm
**/
$config['algorithm'] = 'scrypt';
/**
* Database configuration
*
* A MySQL database backend is required for MPOS.
* Also ensure the database structure is imported!
* The SQL file should be included in this project under the `sql` directory
*
* Default:
* host = 'localhost'
* port = 3306
* user = 'someuser'
* pass = 'somepass'
* name = 'mpos'
* MySQL database configuration
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-database-configuration
**/
$config['db']['host'] = 'localhost';
$config['db']['user'] = 'someuser';
@ -65,17 +47,9 @@ $config['db']['port'] = 3306;
$config['db']['name'] = 'mpos';
/**
* Local wallet RPC configuration
*
* MPOS uses the RPC backend to fetch transactions, blocks
* and various other things. They need to match your coind RPC
* configuration.
*
* Default:
* type = 'http'
* host = 'localhost:19334'
* username = 'testnet'
* password = 'testnet'
* Local wallet RPC
* RPC configuration for your daemon/wallet
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-local-wallet-rpc
**/
$config['wallet']['type'] = 'http';
$config['wallet']['host'] = 'localhost:19334';
@ -83,23 +57,9 @@ $config['wallet']['username'] = 'testnet';
$config['wallet']['password'] = 'testnet';
/**
* Payout of liquid assets
*
* Explanation:
* Running pools, especially those with active fees, will build up a good
* amount of liquid assets that can be used by pool operators. If you wish
* to automatically send your assets to a offline wallet, set your account
* address, reserves and thresholds here.
*
* Options:
* address : The address of the wallet to the address you'd like to receive the coins in
* reserve : The amount you'd like to remain in the wallet. Recommended is at least 1 block value
* threshold : The amount of coins you'd like to send per batch minimum. Once exceeded, this is sent
* to the offline wallet address specified.
* Default:
* addresss : empty
* reserve : 50
* threshold : 25
* Cold Wallet / Liquid Assets
* Automatically send liquid assets to a cold wallet
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-liquid-assets--cold-wallet
**/
$config['coldwallet']['address'] = '';
$config['coldwallet']['reserve'] = 50;
@ -107,11 +67,8 @@ $config['coldwallet']['threshold'] = 5;
/**
* Getting Started Config
*
* This is displayed on GettingStarted Page
* to make it more dynamic
*
*
* Shown to users in the 'Getting Started' section
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-getting-started
**/
$config['gettingstarted']['coinname'] = 'Litecoin';
$config['gettingstarted']['coinurl'] = 'http://www.litecoin.org';
@ -119,355 +76,151 @@ $config['gettingstarted']['stratumurl'] = '';
$config['gettingstarted']['stratumport'] = '3333';
/**
* API configuration to fetch prices for set currency
*
* Explanation:
* MPOS will try to fetch the current exchange rates
* from this API URL/target. Currently btc-e and coinchoose
* are supported in MPOS. If you want to remove the trade
* header just set currency to an empty string.
*
* Default (btc-e.com):
* url = `https://btc-e.com`
* target = `/api/2/ltc_usd/ticker`
* currency = `USD`
*
* Optional (coinchoose.com):
* url = `http://www.coinchoose.com`
* target = `/api.php`
* currency = `BTC`
*
* Optional (cryptsy.com):
* url = `http://pubapi.cryptsy.com`
* currency = `BTC`
* target = `/api.php?method=marketdata`
* Ticker API
* Fetch exchange rates via an API
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-ticker-api
**/
$config['price']['url'] = 'https://btc-e.com';
$config['price']['target'] = '/api/2/ltc_usd/ticker';
$config['price']['currency'] = 'USD';
/**
* Automatic payout thresholds
*
* These values define the min and max settings
* that can be entered by a user.
* Defaults:
* `min` = `1`
* `max` = `250`
* Automatic Payout Thresholds
* Minimum and Maximum auto payout amount
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-automatic-payout-thresholds
**/
$config['ap_threshold']['min'] = 1;
$config['ap_threshold']['max'] = 250;
/**
* Donation thresholds
*
* You can define a min and max values for you users
* donation settings here.
*
* Defaults:
* `min` = `1`
* Minimum donation amount in percent
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-donation-thresholds
**/
$config['donate_threshold']['min'] = 1;
/**
* Account specific settings
*
* Explanation
* Invitations will allow your users to invite new members to join the pool.
* After sending a mail to the invited user, they can register using the token
* created. Invitations can be enabled and disabled through the admin panel.
* Sent invitations are listed on the account invitations page.
*
* You can limit the number of registrations send per account via configuration
* variable.
*
* Options:
* count : Maximum invitations a user is able to send
*
* Defaults:
* count : 5
* Account Specific Settings
* Settings for each user account
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-account-specific-settings
**/
$config['accounts']['invitations']['count'] = 5;
// Currency system used in this pool, default: `LTC`
/**
* Currency
* Shorthand name for the currency
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-currency
*/
$config['currency'] = 'LTC';
/**
* Coin Target in seconds
*
* Explanation
* Target time for coins to be generated
*
* Fastcoin: 12 seconds
* Litecoin: 2,5 minutes = 150 seconds
* Feathercoin: 2,5 minutes = 150 seconds
* Bitcoin: 10 minutes = 600 seconds
*
* Coin Target
* Target time for coins to be generated
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-coin-target
**/
$config['cointarget'] = '150';
/**
* Diff change every X Blocks
*
* Explanation
* Amount of Blocks until Difficulty change
*
* Fastcoin: 300 Blocks
* Litecoin: 2016 Blocks
* Bitcoin: 2016 Blocks
*
* Coin Diff Change
* Amount of blocks between difficulty changes
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-coin-diff-change
**/
$config['coindiffchangetarget'] = 2016;
/**
* Default transaction fee to apply to user transactions
*
* Explanation
* The coin daemon applies transaction fees to young coins.
* Since we are unable to find out what the exact fee was we set
* a default value here which is applied to both manual and auto payouts.
* If this is not set, no fee is applied in the transactions history but
* the user might still see them when the coins arrive.
* You can set two different transaction fees for manual and auto payouts.
*
* Default:
* txfee_auto = 0.1
* txfee_manual = 0.1
*
* TX Fees
* Fees applied to transactions
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-tx-fees
**/
$config['txfee_auto'] = 0.1;
$config['txfee_manual'] = 0.1;
// Payout a block bonus to block finders, default: 0 (disabled)
// This bonus is paid by the pool operator, it is not deducted from the block payout!
/**
* Block Bonus
* Bonus in coins of block bonus
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-block-bonus
*/
$config['block_bonus'] = 0;
/**
* Payout system in use
*
* This will modify some templates and activate the
* appropriate crons. Only ONE payout system at a time
* is supported!
*
* Available options:
* prop: Proportional payout system
* pps : Pay Per Share payout system
* pplns : Pay Per Last N Shares payout system
*
* Default:
* prop
**/
* Payout System
* Payout system chosen
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-payout-system
**/
$config['payout_system'] = 'prop';
/**
* Round purging
*
* Explanation:
* As soon as a round is finished, shares of that rate are archived (see below)
* and deleted from the `shares` table. Due to a large amount of shares in a
* single round, this can take a very long time. To reduce server load and allow
* other systems to access the DB during this high-load time, the DELETE
* calls are being limited to a number of rows. Then the process sleeps and
* continues to delete shares until all shares have been purged.
*
* You can adjust some purging settings here in order to improve your overall
* site performance during round ends. Keep in mind that decreasing shares/time
* will make the cron run longer but at least keeps your site active. Vice versa
* higher numbers allow for a faster deletion but might affect the live site.
*
* This system is also used when purging archived shares.
*
* Available Options:
* sleep : Time to sleep between delete calls
* shares : How many shares to delete at one time
*
* Default:
* sleep : 5 seconds
* shares : 500000
* Round Purging
* Round share purging configuration
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-round-purging
**/
$config['purge']['sleep'] = 1;
$config['purge']['shares'] = 25000;
/**
* Archiving configuration for debugging
*
* Explanation:
* By default, we don't need to archive for a long time. PPLNS and Hashrate
* calculations rely on this archive, but all shares past a certain point can
* safely be deleted.
*
* To ensure we have enough shares on stack for PPLNS, this
* is set to the past 10 rounds. Even with lucky ones in between those should
* fit the PPLNS target. On top of that, even if we have more than 10 rounds,
* we still keep the last maxage shares to ensure we can calculate hashrates.
* Both conditions need to be met in order for shares to be purged from archive.
*
* Proportional mode will only keep the past 24 hours. These are required for
* hashrate calculations to work past a round, hence 24 hours was selected as
* the default. You may want to increase the time for debugging, then add any
* integer reflecting minutes of shares to keep.
*
* Availabe Options:
* maxrounds : PPLNS, keep shares for maxrounds
* maxage : PROP and PPLNS, delete shares older than maxage minutes
*
* Default:
* maxrounds = 10
* maxage = 60 * 24 (24h)
* Share Archiving
* Share archiving configuration details
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-archiving
**/
$config['archive']['maxrounds'] = 10;
$config['archive']['maxage'] = 60 * 24;
// Pool fees applied to users in percent, default: 0 (disabled)
/**
* Pool Fees
* Fees applied to users
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pool-fees
*/
$config['fees'] = 0;
/**
* PPLNS requires some settings to run properly. First we need to define
* a default shares count that is applied if we don't have a proper type set.
* Different dynamic types can be applied, or you can run a fixed scheme.
*
* Explanation
*
* PPLNS can run on two different payouts: fixed and blockavg. Each one
* defines a different PPLNS target.
*
* Fixed means we will be looking at the shares setup in the default
* setting. There is no automatic adjustments to the PPLNS target,
* all users will be paid out proportionally to that target.
*
* Blockavg will look at the last blockcount blocks shares and take
* the average as the PPLNS target. This will be automatically adjusted
* when difficulty changes and more blocks are available. This keeps the
* target dynamic but still traceable.
*
* If you use the fixed type it will use $config['pplns']['shares']['default']
* for target calculations, if you use blockavg type it will use
* $config['pplns']['blockavg']['blockcount'] blocks average for target
* calculations.
*
* default : Default target shares for PPLNS
* type : Payout type used in PPLNS
* blockcount : Amount of blocks to check for avg shares
*
* Available Options:
* default : amount of shares, integeger
* type : blockavg or fixed
* blockcount : amount of blocks, any integer
*
* Defaults:
* default = 4000000
* type = `blockavg`
* blockcount = 10
**/
/**
* $config['pplns']['shares']['type'] = 'dynamic';
* Dynamic target adjustment allows the blockavg target to adjust faster to share counts
* while still tracking round share averages by using a percentage of the current round shares
* to alter the pplns blockavg target this is useful with the nature of many alt coins low and fast
* adjusting difficulties and quick round times
* reverse_payout is useful to even out payouts for fast round times when even steady miners
* are missing share submissions for the current round
**/
* PPLNS
* Pay Per Last N Shares
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pplns-settings
*/
$config['pplns']['shares']['default'] = 4000000;
$config['pplns']['shares']['type'] = 'blockavg';
$config['pplns']['blockavg']['blockcount'] = 10;
$config['pplns']['reverse_payout'] = false; // add user shares from archive even if user not in current round
$config['pplns']['dynamic']['percent'] = 30; // percentage of round shares factored into block average when using dynamic type
// Pool target difficulty as set in pushpoold configuration file
// Please also read this for stratum: https://github.com/TheSerapher/php-mpos/wiki/FAQ
$config['difficulty'] = 20;
$config['pplns']['reverse_payout'] = false;
$config['pplns']['dynamic']['percent'] = 30;
/**
* This defines how rewards are paid to users.
*
* Explanation:
*
* Proportional + PPLNS Payout System
* When running a pool on fixed mode, each block will be paid
* out as defined in `reward`. If you wish to pass transaction
* fees inside discovered blocks on to user, set this to `block`.
* This is really helpful for altcoins with dynamic block values!
*
* PPS Payout System
* If set to `fixed`, all PPS values are based on the `reward` setting.
* If you set it to `block` you will calculate the current round based
* on the previous block value. The idea is to pass the block of the
* last round on to the users. If no previous block is found, PPS value
* will fall back to the fixed value set in `reward`. Ensure you don't
* overpay users in the first round!
*
* Available options:
* reward_type:
* fixed : Fixed value according to `reward` setting
* block : Dynamic value based on block amount
* reward:
* float value : Any value of your choice but should reflect base block values
*
* Default:
* reward_type = `fixed`
* reward = 50
*
* Difficulty
* Difficulty setting for stratum/pushpool
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pool-target-difficulty
*/
$config['difficulty'] = 20;
/**
* Block Reward
* Block reward configuration details
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-reward-settings
**/
$config['reward_type'] = 'block';
$config['reward'] = 50;
// Confirmations per block required to credit transactions, default: 120
// Do NOT touch this unless you know what you are doing! Please check your coin for the
// appropriate value here, but most should work with this.
/**
* Confirmations
* Credit and Network confirmation settings
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-confirmations
*/
$config['confirmations'] = 120;
// Confirmations per block required in network to confirm its transactions, default: 120
// Do NOT touch this unless you know what you are doing! Please check your coin for the
// appropriate value here, but most should work with this.
$config['network_confirmations'] = 120;
/**
* Available pps options:
* reward_type:
* fixed : Fixed value according to `reward` setting
* blockavg : Dynamic value based on average of x number of block rewards
* block : Dynamic value based on LAST block amount
* reward:
* float value : Any value of your choice but should reflect base block values
* blockcount : amount of blocks to average, any integer
* Default:
* pps_reward_type = `fixed` default $config['pps']['reward']['default']
* reward = 50
*
/**
* PPS
* Pay Per Share configuration details
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pps-settings
**/
$config['pps']['reward']['default'] = 50;
$config['pps']['reward']['type'] = 'blockavg';
$config['pps']['blockavg']['blockcount'] = 10;
/**
* Memcache configuration
*
* To disable memcache set option $config['memcache']['enabled'] = false
* After disable memcache installation of memcache is not required.
*
* Please note that a memcache is greatly increasing performance
* when combined with the `statistics.php` cronjob. Disabling this
* is not recommended in a live environment!
*
* Explanations
* enabled : Disable (false) memcache for debugging or enable (true) it
* host : Host IP or hostname
* port : memcache port
* keyprefix : Must be changed for multiple MPOS instances on one host
* expiration : Default expiration time in seconds of all cached keys.
* Increase if caches expire too fast.
* splay : Default randomizer for expiration times.
* This will spread expired keys across `splay` seconds.
*
* Default:
* enabled = `true`
* host = `localhost`
* port = 11211
* keyprefix = `mpos_`
* expiration = 90
* splay = 15
* Memcache
* Memcache configuration details
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache
**/
$config['memcache']['enabled'] = true;
$config['memcache']['host'] = 'localhost';
@ -476,44 +229,10 @@ $config['memcache']['keyprefix'] = 'mpos_';
$config['memcache']['expiration'] = 90;
$config['memcache']['splay'] = 15;
/**
* Cookie configuration
*
* You can configure the cookie behaviour to secure your cookies more than the PHP defaults
*
* For multiple installations of MPOS on the same domain you must change the cookie path.
*
* Explanation:
* duration:
* the amount of time, in seconds, that a cookie should persist in the users browser.
* 0 = until closed; 1440 = 24 minutes. Check your php.ini 'session.gc_maxlifetime' value
* and ensure that it is at least the duration specified here.
*
* domain:
* the only domain name that may access this cookie in the browser
*
* path:
* the highest path on the domain that can access this cookie; i.e. if running two pools
* from a single domain you might set the path /ltc/ and /ftc/ to separate user session
* cookies between the two.
*
* httponly:
* marks the cookie as accessible only through the HTTP protocol. The cookie can't be
* accessed by scripting languages, such as JavaScript. This can help to reduce identity
* theft through XSS attacks in most browsers.
*
* secure:
* marks the cookie as accessible only through the HTTPS protocol. If you have a SSL
* certificate installed on your domain name then this will stop a user accidentally
* accessing the site over a HTTP connection, without SSL, exposing their session cookie.
*
* Default:
* duration = '1440'
* domain = ''
* path = '/'
* httponly = true
* secure = false
* Cookies
* Cookie configuration details
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-cookies
**/
$config['cookie']['duration'] = '1440';
$config['cookie']['domain'] = '';
@ -522,50 +241,18 @@ $config['cookie']['httponly'] = true;
$config['cookie']['secure'] = false;
/**
* Enable or disable the Smarty cache
*
* Explanation:
* Smarty implements a file based cache for all HTML output generated
* from dynamic scripts. It can be enabled to cache the HTML data on disk,
* future request are served from those cache files.
*
* This may or may not work as expected, in general Memcache is used to cache
* all data so rendering the page should not take too long anyway.
*
* You can test this out and enable (1) this setting but it's not guaranteed to
* work with MPOS.
*
* Ensure that the folder `templates/cache` is writeable by the web server!
*
* cache = Enable/Disable the cache
* cache_lifetime = Time to keep files in seconds before updating them
*
* Options:
* cache:
* 0 = disabled
* 1 = enabled
* cache_lifetime:
* time in seconds
*
* Defaults:
* cache = 0, disabled
* cache_lifetime = 30 seconds
* Smarty Cache
* Enable smarty cache and cache length
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-smarty-cache
**/
$config['smarty']['cache'] = 0;
$config['smarty']['cache_lifetime'] = 30;
/**
* System load setting
*
* This will disable loading of some API calls in case the system
* loads exceeds the defined max setting. Useful to temporarily suspend
* live statistics on a server that is too busy to deal with requests.
*
* Options
* max = float, maximum system load
*
* Defaults:
* max = 10.0
* System load
* Disable some calls when high system load
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-system-load
**/
$config['system']['load']['max'] = 10.0;
?>
?>

104
public/include/config/security.inc.dist.php
View File

@ -2,28 +2,9 @@
$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
/**
* Strict is a set of extra security options can use that when enabled can help protect against
* a few different types of attacks.
*
* You must have Memcache enabled and configured & Memcache anti-dos configured to use this!
*
* Check -> Memcache configuration
* Check -> Memcache anti resource-dos
*
* Options Default Explanation
* ------- + ------- + -----------
* strict : true : Whether or not to use strict mode
* __https_only : false : Requires/pushes to https
* __mysql_filter : true : Uses a mysqli shim to use php filters on all incoming data
* __verify_client : true : Verifies the client using specified settings
* __verify_client_ip : true : If the client request suddenly switches IP, trigger a failure
* __verify_client_useragent : true : If the client request suddenly switches Useragent, trigger a failure
* __verify_client_sessionid : true : If the client request suddenly switches SessionID, trigger a failure
* __verify_client_fails : 0 : Maximum number of client-side inconsistencies to accept before revoking sessions
* __verify_server : false : Verifies the server is valid for this request
* __bind_protocol : https : Server validate protocol; http or https
* __bind_host : '' : Server validate host; ie. your domain or subdomain
* __bind_port : 443 : Server validate port; 80 / 443 / something else
* Strict Mode
* Extra security options that can help protect against a few different types of attacks
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-strict-mode
**/
$config['strict'] = true;
$config['strict__https_only'] = false;
@ -39,33 +20,9 @@ $config['strict__bind_host'] = '';
$config['strict__bind_port'] = 443;
/**
* Memcache anti resource-dos protection / request rate limiting
*
* Explanation:
* Because bots/angry users can just fire away at pages or f5 us to death, we can attempt to rate limit requests
* using memcache - now shares data with session manager.
*
* Options:
* enabled = Whether or not we will try to rate limit requests
* protect_ajax = If enabled, we will also watch the ajax calls for rate limiting and kill bad requests
* ajax_hits_additive = If enabled, ajax hits will count towards the site counter as well as the ajax counter
* flush_seconds_api = Number of seconds between each flush of user/ajax counter
* rate_limit_api = Number of api requests allowed per flush_seconds_api
* flush_seconds_site = Number of seconds between each flush of user/site counter
* rate_limit_site = Number of site requests allowed per flush_seconds_site
* ignore_admins = Ignores the rate limit for admins
* error_push_page = Page/action array to push users to a specific page, look in the URL!
* Empty = 'You are sending too many requests too fast!' on a blank page
* Default:
* enabled = true
* protect_ajax = true
* ajax_hits_additive = false
* flush_seconds_api = 60
* rate_limit_api = 20
* flush_seconds_site = 60
* rate_limit_site = 30
* ignore_admins = true
* error_push_page = array('page' => 'error', 'action' => 'ratelimit');
* Memcache Rate Limiting
* Rate limit requests using Memcache
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache-rate-limiting
*/
$config['mc_antidos']['enabled'] = true;
$config['mc_antidos']['protect_ajax'] = true;
@ -78,38 +35,16 @@ $config['mc_antidos']['ignore_admins'] = true;
$config['mc_antidos']['error_push_page'] = array('page' => 'error', 'action' => 'ratelimit');
/**
* CSRF protection config
*
* Explanation:
* To help protect against CSRF, we can generate a hash that changes every minute
* and is unique for each user/IP and page or use, and check against that when a
* form is submitted.
*
* Options:
* enabled = Whether or not we will generate/check for valid CSRF tokens
* Default:
* enabled = true
* CSRF Protection
* Enable or disable CSRF protection
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-csrf-protection
*/
$config['csrf']['enabled'] = true;
/**
* E-mail confirmations for user actions
*
* Explanation:
* To increase security for users, account detail changes can require
* an e-mail confirmation prior to performing certain actions.
*
* Options:
* enabled : Whether or not to require e-mail confirmations
* details : Require confirmation to change account details
* withdraw : Require confirmation to manually withdraw/payout
* changepw : Require confirmation to change password
*
* Default:
* enabled = true
* details = true
* withdraw = true
* changepw = true
* Two-factor confirmation for user actions
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-e-mail-confirmations
*/
$config['twofactor']['enabled'] = true;
$config['twofactor']['options']['details'] = true;
@ -117,20 +52,9 @@ $config['twofactor']['options']['withdraw'] = true;
$config['twofactor']['options']['changepw'] = true;
/**
* Lock account after maximum failed logins
*
* Explanation:
* To avoid accounts being hacked by brute force attacks,
* set a maximum amount of failed login or pin entry attempts before locking
* the account. They will need to contact site support to re-enable the account.
*
* This also applies for invalid PIN entries, which is covered by the pin option.
*
* Workers are not affected by this lockout, mining will continue as usual.
*
* Default:
* login = 3
* pin = 3
* Lock account after X
* Lock accounts after X attempts
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-lock-accounts-after-failed-logins
**/
$config['maxfailed']['login'] = 3;
$config['maxfailed']['pin'] = 3;