From 3efe979ae3d6fd5326990a82433520c85ada389b Mon Sep 17 00:00:00 2001 From: xisi Date: Tue, 28 Jan 2014 14:24:48 -0500 Subject: [PATCH] Switch config over to wiki, yay --- public/include/config/global.inc.dist.php | 533 ++++---------------- public/include/config/security.inc.dist.php | 104 +--- 2 files changed, 124 insertions(+), 513 deletions(-) diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php index 63c44b83..83c35b62 100644 --- a/public/include/config/global.inc.dist.php +++ b/public/include/config/global.inc.dist.php @@ -3,60 +3,42 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; /** * Do not edit this unless you have confirmed that your config has been updated! - * This is used in the version check to ensure you run the latest version of the configuration file. - * Once you upgraded your config, change the version here too. + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-config-version **/ $config['version'] = '0.0.7'; /** * Unless you disable this, we'll do a quick check on your config first. + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-config-check */ $config['skip_config_tests'] = false; -// Our include directory for additional features -define('INCLUDE_DIR', BASEPATH . 'include'); -// Our class directory -define('CLASS_DIR', INCLUDE_DIR . '/classes'); - -// Our pages directory which takes care of -define('PAGES_DIR', INCLUDE_DIR . '/pages'); - -// Our theme folder holding all themes -define('THEME_DIR', BASEPATH . 'templates'); - -// Set debugging level for our debug class -// Values valid from 0 (disabled) to 5 (most verbose) +/** + * Defines + * Debug setting and salts for hashing passwords + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-defines--salts + */ define('DEBUG', 0); - -// SALT used to hash passwords define('SALT', 'PLEASEMAKEMESOMETHINGRANDOM'); define('SALTY', 'THISSHOULDALSOBERRAANNDDOOM'); +define('INCLUDE_DIR', BASEPATH . 'include'); +define('CLASS_DIR', INCLUDE_DIR . '/classes'); +define('PAGES_DIR', INCLUDE_DIR . '/pages'); +define('THEME_DIR', BASEPATH . 'templates'); + /** - * Underlying coin algorithm that you are mining on. Set this to whatever your coin needs: - * - * Options: - * sha256d : SHA coins like Bitcoin - * scrypt : Scrypt based coins like Litecoin - * Default: - * scrypt : Scrypt is default + * Coin Algorithm + * Algorithm used by this coin, sha256d or scrypt + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-algorithm **/ $config['algorithm'] = 'scrypt'; /** * Database configuration - * - * A MySQL database backend is required for MPOS. - * Also ensure the database structure is imported! - * The SQL file should be included in this project under the `sql` directory - * - * Default: - * host = 'localhost' - * port = 3306 - * user = 'someuser' - * pass = 'somepass' - * name = 'mpos' + * MySQL database configuration + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-database-configuration **/ $config['db']['host'] = 'localhost'; $config['db']['user'] = 'someuser'; @@ -65,17 +47,9 @@ $config['db']['port'] = 3306; $config['db']['name'] = 'mpos'; /** - * Local wallet RPC configuration - * - * MPOS uses the RPC backend to fetch transactions, blocks - * and various other things. They need to match your coind RPC - * configuration. - * - * Default: - * type = 'http' - * host = 'localhost:19334' - * username = 'testnet' - * password = 'testnet' + * Local wallet RPC + * RPC configuration for your daemon/wallet + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-local-wallet-rpc **/ $config['wallet']['type'] = 'http'; $config['wallet']['host'] = 'localhost:19334'; @@ -83,23 +57,9 @@ $config['wallet']['username'] = 'testnet'; $config['wallet']['password'] = 'testnet'; /** - * Payout of liquid assets - * - * Explanation: - * Running pools, especially those with active fees, will build up a good - * amount of liquid assets that can be used by pool operators. If you wish - * to automatically send your assets to a offline wallet, set your account - * address, reserves and thresholds here. - * - * Options: - * address : The address of the wallet to the address you'd like to receive the coins in - * reserve : The amount you'd like to remain in the wallet. Recommended is at least 1 block value - * threshold : The amount of coins you'd like to send per batch minimum. Once exceeded, this is sent - * to the offline wallet address specified. - * Default: - * addresss : empty - * reserve : 50 - * threshold : 25 + * Cold Wallet / Liquid Assets + * Automatically send liquid assets to a cold wallet + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-liquid-assets--cold-wallet **/ $config['coldwallet']['address'] = ''; $config['coldwallet']['reserve'] = 50; @@ -107,11 +67,8 @@ $config['coldwallet']['threshold'] = 5; /** * Getting Started Config - * - * This is displayed on GettingStarted Page - * to make it more dynamic - * - * + * Shown to users in the 'Getting Started' section + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-getting-started **/ $config['gettingstarted']['coinname'] = 'Litecoin'; $config['gettingstarted']['coinurl'] = 'http://www.litecoin.org'; @@ -119,355 +76,151 @@ $config['gettingstarted']['stratumurl'] = ''; $config['gettingstarted']['stratumport'] = '3333'; /** - * API configuration to fetch prices for set currency - * - * Explanation: - * MPOS will try to fetch the current exchange rates - * from this API URL/target. Currently btc-e and coinchoose - * are supported in MPOS. If you want to remove the trade - * header just set currency to an empty string. - * - * Default (btc-e.com): - * url = `https://btc-e.com` - * target = `/api/2/ltc_usd/ticker` - * currency = `USD` - * - * Optional (coinchoose.com): - * url = `http://www.coinchoose.com` - * target = `/api.php` - * currency = `BTC` - * - * Optional (cryptsy.com): - * url = `http://pubapi.cryptsy.com` - * currency = `BTC` - * target = `/api.php?method=marketdata` + * Ticker API + * Fetch exchange rates via an API + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-ticker-api **/ $config['price']['url'] = 'https://btc-e.com'; $config['price']['target'] = '/api/2/ltc_usd/ticker'; $config['price']['currency'] = 'USD'; /** - * Automatic payout thresholds - * - * These values define the min and max settings - * that can be entered by a user. - * Defaults: - * `min` = `1` - * `max` = `250` + * Automatic Payout Thresholds + * Minimum and Maximum auto payout amount + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-automatic-payout-thresholds **/ $config['ap_threshold']['min'] = 1; $config['ap_threshold']['max'] = 250; /** * Donation thresholds - * - * You can define a min and max values for you users - * donation settings here. - * - * Defaults: - * `min` = `1` + * Minimum donation amount in percent + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-donation-thresholds **/ $config['donate_threshold']['min'] = 1; /** - * Account specific settings - * - * Explanation - * Invitations will allow your users to invite new members to join the pool. - * After sending a mail to the invited user, they can register using the token - * created. Invitations can be enabled and disabled through the admin panel. - * Sent invitations are listed on the account invitations page. - * - * You can limit the number of registrations send per account via configuration - * variable. - * - * Options: - * count : Maximum invitations a user is able to send - * - * Defaults: - * count : 5 + * Account Specific Settings + * Settings for each user account + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-account-specific-settings **/ $config['accounts']['invitations']['count'] = 5; -// Currency system used in this pool, default: `LTC` +/** + * Currency + * Shorthand name for the currency + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-currency + */ $config['currency'] = 'LTC'; /** - * Coin Target in seconds - * - * Explanation - * Target time for coins to be generated - * - * Fastcoin: 12 seconds - * Litecoin: 2,5 minutes = 150 seconds - * Feathercoin: 2,5 minutes = 150 seconds - * Bitcoin: 10 minutes = 600 seconds - * + * Coin Target + * Target time for coins to be generated + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-coin-target **/ $config['cointarget'] = '150'; /** - * Diff change every X Blocks - * - * Explanation - * Amount of Blocks until Difficulty change - * - * Fastcoin: 300 Blocks - * Litecoin: 2016 Blocks - * Bitcoin: 2016 Blocks - * + * Coin Diff Change + * Amount of blocks between difficulty changes + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-coin-diff-change **/ $config['coindiffchangetarget'] = 2016; /** - * Default transaction fee to apply to user transactions - * - * Explanation - * The coin daemon applies transaction fees to young coins. - * Since we are unable to find out what the exact fee was we set - * a default value here which is applied to both manual and auto payouts. - * If this is not set, no fee is applied in the transactions history but - * the user might still see them when the coins arrive. - * You can set two different transaction fees for manual and auto payouts. - * - * Default: - * txfee_auto = 0.1 - * txfee_manual = 0.1 - * + * TX Fees + * Fees applied to transactions + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-tx-fees **/ $config['txfee_auto'] = 0.1; $config['txfee_manual'] = 0.1; -// Payout a block bonus to block finders, default: 0 (disabled) -// This bonus is paid by the pool operator, it is not deducted from the block payout! +/** + * Block Bonus + * Bonus in coins of block bonus + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-block-bonus + */ $config['block_bonus'] = 0; /** - * Payout system in use - * - * This will modify some templates and activate the - * appropriate crons. Only ONE payout system at a time - * is supported! - * - * Available options: - * prop: Proportional payout system - * pps : Pay Per Share payout system - * pplns : Pay Per Last N Shares payout system - * - * Default: - * prop -**/ + * Payout System + * Payout system chosen + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-payout-system + **/ $config['payout_system'] = 'prop'; /** - * Round purging - * - * Explanation: - * As soon as a round is finished, shares of that rate are archived (see below) - * and deleted from the `shares` table. Due to a large amount of shares in a - * single round, this can take a very long time. To reduce server load and allow - * other systems to access the DB during this high-load time, the DELETE - * calls are being limited to a number of rows. Then the process sleeps and - * continues to delete shares until all shares have been purged. - * - * You can adjust some purging settings here in order to improve your overall - * site performance during round ends. Keep in mind that decreasing shares/time - * will make the cron run longer but at least keeps your site active. Vice versa - * higher numbers allow for a faster deletion but might affect the live site. - * - * This system is also used when purging archived shares. - * - * Available Options: - * sleep : Time to sleep between delete calls - * shares : How many shares to delete at one time - * - * Default: - * sleep : 5 seconds - * shares : 500000 + * Round Purging + * Round share purging configuration + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-round-purging **/ $config['purge']['sleep'] = 1; $config['purge']['shares'] = 25000; /** - * Archiving configuration for debugging - * - * Explanation: - * By default, we don't need to archive for a long time. PPLNS and Hashrate - * calculations rely on this archive, but all shares past a certain point can - * safely be deleted. - * - * To ensure we have enough shares on stack for PPLNS, this - * is set to the past 10 rounds. Even with lucky ones in between those should - * fit the PPLNS target. On top of that, even if we have more than 10 rounds, - * we still keep the last maxage shares to ensure we can calculate hashrates. - * Both conditions need to be met in order for shares to be purged from archive. - * - * Proportional mode will only keep the past 24 hours. These are required for - * hashrate calculations to work past a round, hence 24 hours was selected as - * the default. You may want to increase the time for debugging, then add any - * integer reflecting minutes of shares to keep. - * - * Availabe Options: - * maxrounds : PPLNS, keep shares for maxrounds - * maxage : PROP and PPLNS, delete shares older than maxage minutes - * - * Default: - * maxrounds = 10 - * maxage = 60 * 24 (24h) + * Share Archiving + * Share archiving configuration details + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-archiving **/ $config['archive']['maxrounds'] = 10; $config['archive']['maxage'] = 60 * 24; -// Pool fees applied to users in percent, default: 0 (disabled) + +/** + * Pool Fees + * Fees applied to users + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pool-fees + */ $config['fees'] = 0; /** - * PPLNS requires some settings to run properly. First we need to define - * a default shares count that is applied if we don't have a proper type set. - * Different dynamic types can be applied, or you can run a fixed scheme. - * - * Explanation - * - * PPLNS can run on two different payouts: fixed and blockavg. Each one - * defines a different PPLNS target. - * - * Fixed means we will be looking at the shares setup in the default - * setting. There is no automatic adjustments to the PPLNS target, - * all users will be paid out proportionally to that target. - * - * Blockavg will look at the last blockcount blocks shares and take - * the average as the PPLNS target. This will be automatically adjusted - * when difficulty changes and more blocks are available. This keeps the - * target dynamic but still traceable. - * - * If you use the fixed type it will use $config['pplns']['shares']['default'] - * for target calculations, if you use blockavg type it will use - * $config['pplns']['blockavg']['blockcount'] blocks average for target - * calculations. - * - * default : Default target shares for PPLNS - * type : Payout type used in PPLNS - * blockcount : Amount of blocks to check for avg shares - * - * Available Options: - * default : amount of shares, integeger - * type : blockavg or fixed - * blockcount : amount of blocks, any integer - * - * Defaults: - * default = 4000000 - * type = `blockavg` - * blockcount = 10 - **/ -/** - * $config['pplns']['shares']['type'] = 'dynamic'; - * Dynamic target adjustment allows the blockavg target to adjust faster to share counts - * while still tracking round share averages by using a percentage of the current round shares - * to alter the pplns blockavg target this is useful with the nature of many alt coins low and fast - * adjusting difficulties and quick round times - * reverse_payout is useful to even out payouts for fast round times when even steady miners - * are missing share submissions for the current round -**/ + * PPLNS + * Pay Per Last N Shares + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pplns-settings + */ $config['pplns']['shares']['default'] = 4000000; $config['pplns']['shares']['type'] = 'blockavg'; $config['pplns']['blockavg']['blockcount'] = 10; -$config['pplns']['reverse_payout'] = false; // add user shares from archive even if user not in current round -$config['pplns']['dynamic']['percent'] = 30; // percentage of round shares factored into block average when using dynamic type - -// Pool target difficulty as set in pushpoold configuration file -// Please also read this for stratum: https://github.com/TheSerapher/php-mpos/wiki/FAQ -$config['difficulty'] = 20; - +$config['pplns']['reverse_payout'] = false; +$config['pplns']['dynamic']['percent'] = 30; /** - * This defines how rewards are paid to users. - * - * Explanation: - * - * Proportional + PPLNS Payout System - * When running a pool on fixed mode, each block will be paid - * out as defined in `reward`. If you wish to pass transaction - * fees inside discovered blocks on to user, set this to `block`. - * This is really helpful for altcoins with dynamic block values! - * - * PPS Payout System - * If set to `fixed`, all PPS values are based on the `reward` setting. - * If you set it to `block` you will calculate the current round based - * on the previous block value. The idea is to pass the block of the - * last round on to the users. If no previous block is found, PPS value - * will fall back to the fixed value set in `reward`. Ensure you don't - * overpay users in the first round! - * - * Available options: - * reward_type: - * fixed : Fixed value according to `reward` setting - * block : Dynamic value based on block amount - * reward: - * float value : Any value of your choice but should reflect base block values - * - * Default: - * reward_type = `fixed` - * reward = 50 - * + * Difficulty + * Difficulty setting for stratum/pushpool + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pool-target-difficulty + */ +$config['difficulty'] = 20; + +/** + * Block Reward + * Block reward configuration details + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-reward-settings **/ $config['reward_type'] = 'block'; $config['reward'] = 50; -// Confirmations per block required to credit transactions, default: 120 -// Do NOT touch this unless you know what you are doing! Please check your coin for the -// appropriate value here, but most should work with this. +/** + * Confirmations + * Credit and Network confirmation settings + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-confirmations + */ $config['confirmations'] = 120; -// Confirmations per block required in network to confirm its transactions, default: 120 -// Do NOT touch this unless you know what you are doing! Please check your coin for the -// appropriate value here, but most should work with this. $config['network_confirmations'] = 120; - /** - * Available pps options: - * reward_type: - * fixed : Fixed value according to `reward` setting - * blockavg : Dynamic value based on average of x number of block rewards - * block : Dynamic value based on LAST block amount - * reward: - * float value : Any value of your choice but should reflect base block values - * blockcount : amount of blocks to average, any integer - * Default: - * pps_reward_type = `fixed` default $config['pps']['reward']['default'] - * reward = 50 - * +/** + * PPS + * Pay Per Share configuration details + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pps-settings **/ $config['pps']['reward']['default'] = 50; $config['pps']['reward']['type'] = 'blockavg'; $config['pps']['blockavg']['blockcount'] = 10; /** - * Memcache configuration - * - * To disable memcache set option $config['memcache']['enabled'] = false - * After disable memcache installation of memcache is not required. - * - * Please note that a memcache is greatly increasing performance - * when combined with the `statistics.php` cronjob. Disabling this - * is not recommended in a live environment! - * - * Explanations - * enabled : Disable (false) memcache for debugging or enable (true) it - * host : Host IP or hostname - * port : memcache port - * keyprefix : Must be changed for multiple MPOS instances on one host - * expiration : Default expiration time in seconds of all cached keys. - * Increase if caches expire too fast. - * splay : Default randomizer for expiration times. - * This will spread expired keys across `splay` seconds. - * - * Default: - * enabled = `true` - * host = `localhost` - * port = 11211 - * keyprefix = `mpos_` - * expiration = 90 - * splay = 15 + * Memcache + * Memcache configuration details + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache **/ $config['memcache']['enabled'] = true; $config['memcache']['host'] = 'localhost'; @@ -476,44 +229,10 @@ $config['memcache']['keyprefix'] = 'mpos_'; $config['memcache']['expiration'] = 90; $config['memcache']['splay'] = 15; - /** - * Cookie configuration - * - * You can configure the cookie behaviour to secure your cookies more than the PHP defaults - * - * For multiple installations of MPOS on the same domain you must change the cookie path. - * - * Explanation: - * duration: - * the amount of time, in seconds, that a cookie should persist in the users browser. - * 0 = until closed; 1440 = 24 minutes. Check your php.ini 'session.gc_maxlifetime' value - * and ensure that it is at least the duration specified here. - * - * domain: - * the only domain name that may access this cookie in the browser - * - * path: - * the highest path on the domain that can access this cookie; i.e. if running two pools - * from a single domain you might set the path /ltc/ and /ftc/ to separate user session - * cookies between the two. - * - * httponly: - * marks the cookie as accessible only through the HTTP protocol. The cookie can't be - * accessed by scripting languages, such as JavaScript. This can help to reduce identity - * theft through XSS attacks in most browsers. - * - * secure: - * marks the cookie as accessible only through the HTTPS protocol. If you have a SSL - * certificate installed on your domain name then this will stop a user accidentally - * accessing the site over a HTTP connection, without SSL, exposing their session cookie. - * - * Default: - * duration = '1440' - * domain = '' - * path = '/' - * httponly = true - * secure = false + * Cookies + * Cookie configuration details + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-cookies **/ $config['cookie']['duration'] = '1440'; $config['cookie']['domain'] = ''; @@ -522,50 +241,18 @@ $config['cookie']['httponly'] = true; $config['cookie']['secure'] = false; /** - * Enable or disable the Smarty cache - * - * Explanation: - * Smarty implements a file based cache for all HTML output generated - * from dynamic scripts. It can be enabled to cache the HTML data on disk, - * future request are served from those cache files. - * - * This may or may not work as expected, in general Memcache is used to cache - * all data so rendering the page should not take too long anyway. - * - * You can test this out and enable (1) this setting but it's not guaranteed to - * work with MPOS. - * - * Ensure that the folder `templates/cache` is writeable by the web server! - * - * cache = Enable/Disable the cache - * cache_lifetime = Time to keep files in seconds before updating them - * - * Options: - * cache: - * 0 = disabled - * 1 = enabled - * cache_lifetime: - * time in seconds - * - * Defaults: - * cache = 0, disabled - * cache_lifetime = 30 seconds + * Smarty Cache + * Enable smarty cache and cache length + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-smarty-cache **/ $config['smarty']['cache'] = 0; $config['smarty']['cache_lifetime'] = 30; /** - * System load setting - * - * This will disable loading of some API calls in case the system - * loads exceeds the defined max setting. Useful to temporarily suspend - * live statistics on a server that is too busy to deal with requests. - * - * Options - * max = float, maximum system load - * - * Defaults: - * max = 10.0 + * System load + * Disable some calls when high system load + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-system-load **/ $config['system']['load']['max'] = 10.0; -?> + +?> \ No newline at end of file diff --git a/public/include/config/security.inc.dist.php b/public/include/config/security.inc.dist.php index 88d43df0..6856e601 100644 --- a/public/include/config/security.inc.dist.php +++ b/public/include/config/security.inc.dist.php @@ -2,28 +2,9 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; /** - * Strict is a set of extra security options can use that when enabled can help protect against - * a few different types of attacks. - * - * You must have Memcache enabled and configured & Memcache anti-dos configured to use this! - * - * Check -> Memcache configuration - * Check -> Memcache anti resource-dos - * - * Options Default Explanation - * ------- + ------- + ----------- - * strict : true : Whether or not to use strict mode - * __https_only : false : Requires/pushes to https - * __mysql_filter : true : Uses a mysqli shim to use php filters on all incoming data - * __verify_client : true : Verifies the client using specified settings - * __verify_client_ip : true : If the client request suddenly switches IP, trigger a failure - * __verify_client_useragent : true : If the client request suddenly switches Useragent, trigger a failure - * __verify_client_sessionid : true : If the client request suddenly switches SessionID, trigger a failure - * __verify_client_fails : 0 : Maximum number of client-side inconsistencies to accept before revoking sessions - * __verify_server : false : Verifies the server is valid for this request - * __bind_protocol : https : Server validate protocol; http or https - * __bind_host : '' : Server validate host; ie. your domain or subdomain - * __bind_port : 443 : Server validate port; 80 / 443 / something else + * Strict Mode + * Extra security options that can help protect against a few different types of attacks + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-strict-mode **/ $config['strict'] = true; $config['strict__https_only'] = false; @@ -39,33 +20,9 @@ $config['strict__bind_host'] = ''; $config['strict__bind_port'] = 443; /** - * Memcache anti resource-dos protection / request rate limiting - * - * Explanation: - * Because bots/angry users can just fire away at pages or f5 us to death, we can attempt to rate limit requests - * using memcache - now shares data with session manager. - * - * Options: - * enabled = Whether or not we will try to rate limit requests - * protect_ajax = If enabled, we will also watch the ajax calls for rate limiting and kill bad requests - * ajax_hits_additive = If enabled, ajax hits will count towards the site counter as well as the ajax counter - * flush_seconds_api = Number of seconds between each flush of user/ajax counter - * rate_limit_api = Number of api requests allowed per flush_seconds_api - * flush_seconds_site = Number of seconds between each flush of user/site counter - * rate_limit_site = Number of site requests allowed per flush_seconds_site - * ignore_admins = Ignores the rate limit for admins - * error_push_page = Page/action array to push users to a specific page, look in the URL! - * Empty = 'You are sending too many requests too fast!' on a blank page - * Default: - * enabled = true - * protect_ajax = true - * ajax_hits_additive = false - * flush_seconds_api = 60 - * rate_limit_api = 20 - * flush_seconds_site = 60 - * rate_limit_site = 30 - * ignore_admins = true - * error_push_page = array('page' => 'error', 'action' => 'ratelimit'); + * Memcache Rate Limiting + * Rate limit requests using Memcache + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache-rate-limiting */ $config['mc_antidos']['enabled'] = true; $config['mc_antidos']['protect_ajax'] = true; @@ -78,38 +35,16 @@ $config['mc_antidos']['ignore_admins'] = true; $config['mc_antidos']['error_push_page'] = array('page' => 'error', 'action' => 'ratelimit'); /** - * CSRF protection config - * - * Explanation: - * To help protect against CSRF, we can generate a hash that changes every minute - * and is unique for each user/IP and page or use, and check against that when a - * form is submitted. - * - * Options: - * enabled = Whether or not we will generate/check for valid CSRF tokens - * Default: - * enabled = true + * CSRF Protection + * Enable or disable CSRF protection + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-csrf-protection */ $config['csrf']['enabled'] = true; /** * E-mail confirmations for user actions - * - * Explanation: - * To increase security for users, account detail changes can require - * an e-mail confirmation prior to performing certain actions. - * - * Options: - * enabled : Whether or not to require e-mail confirmations - * details : Require confirmation to change account details - * withdraw : Require confirmation to manually withdraw/payout - * changepw : Require confirmation to change password - * - * Default: - * enabled = true - * details = true - * withdraw = true - * changepw = true + * Two-factor confirmation for user actions + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-e-mail-confirmations */ $config['twofactor']['enabled'] = true; $config['twofactor']['options']['details'] = true; @@ -117,20 +52,9 @@ $config['twofactor']['options']['withdraw'] = true; $config['twofactor']['options']['changepw'] = true; /** - * Lock account after maximum failed logins - * - * Explanation: - * To avoid accounts being hacked by brute force attacks, - * set a maximum amount of failed login or pin entry attempts before locking - * the account. They will need to contact site support to re-enable the account. - * - * This also applies for invalid PIN entries, which is covered by the pin option. - * - * Workers are not affected by this lockout, mining will continue as usual. - * - * Default: - * login = 3 - * pin = 3 + * Lock account after X + * Lock accounts after X attempts + * https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-lock-accounts-after-failed-logins **/ $config['maxfailed']['login'] = 3; $config['maxfailed']['pin'] = 3;