diff --git a/public/include/autoloader.inc.php b/public/include/autoloader.inc.php index d86245fb..cd6b032c 100644 --- a/public/include/autoloader.inc.php +++ b/public/include/autoloader.inc.php @@ -29,7 +29,6 @@ define('THEME', $theme); require_once(INCLUDE_DIR . '/smarty.inc.php'); // Load everything else in proper order -require_once(CLASS_DIR . '/api.class.php'); require_once(CLASS_DIR . '/mail.class.php'); require_once(CLASS_DIR . '/tokentype.class.php'); require_once(CLASS_DIR . '/token.class.php'); @@ -45,6 +44,7 @@ require_once(CLASS_DIR . '/roundstats.class.php'); require_once(CLASS_DIR . '/transaction.class.php'); require_once(CLASS_DIR . '/notification.class.php'); require_once(CLASS_DIR . '/news.class.php'); +require_once(CLASS_DIR . '/api.class.php'); require_once(INCLUDE_DIR . '/lib/Michelf/Markdown.php'); require_once(INCLUDE_DIR . '/lib/scrypt.php'); diff --git a/public/include/classes/api.class.php b/public/include/classes/api.class.php index e1403ee5..26b2a95d 100644 --- a/public/include/classes/api.class.php +++ b/public/include/classes/api.class.php @@ -7,6 +7,11 @@ if (!defined('SECURITY')) die('Hacking attempt'); * Helper class for our API **/ class Api extends Base { + private $api_version = '1.0.0'; + + function setStartTime($dStartTime) { + $this->dStartTime = $dStartTime; + } function isActive($error=true) { if (!$this->setting->getValue('disable_api')) { return true; @@ -17,8 +22,45 @@ class Api extends Base { } } } + + /** + * Create API json object from input array + * @param data Array data to create JSON for + * @param force bool Enforce a JSON object + * @return string JSON object + **/ + function get_json($data, $force=false) { + return json_encode( + array( $_REQUEST['action'] => array( + 'version' => $this->api_version, + 'runtime' => (microtime(true) - $this->dStartTime) * 1000, + 'data' => $data + )), $force ? JSON_FORCE_OBJECT : 0 + ); + } + + /** + * Check user access level to the API call + **/ + function checkAccess($user_id, $get_id=NULL) { + if ( ! $this->user->isAdmin($user_id) && (!empty($get_id) && $get_id != $user_id)) { + // User is NOT admin and tries to access an ID that is not their own + header("HTTP/1.1 401 Unauthorized"); + die("Access denied"); + } else if ($this->user->isAdmin($user_id) && !empty($get_id)) { + // User is an admin and tries to fetch another users data + $id = $get_id; + // Is it a username or a user ID + ctype_digit($_REQUEST['id']) ? $id = $get_id : $id = $this->user->getUserId($get_id); + } else { + $id = $user_id; + } + return $id; + } } $api = new Api(); $api->setConfig($config); +$api->setUser($user); $api->setSetting($setting); +$api->setStartTime($dStartTime); diff --git a/public/include/pages/api/getblockcount.inc.php b/public/include/pages/api/getblockcount.inc.php index 6764f436..978a7142 100644 --- a/public/include/pages/api/getblockcount.inc.php +++ b/public/include/pages/api/getblockcount.inc.php @@ -7,19 +7,16 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); if ($bitcoin->can_connect() === true){ - if (!$iBlock = $memcache->get('iBlock')) { - $iBlock = $bitcoin->query('getblockcount'); - $memcache->set('iBlock', $iBlock); - } + $iBlock = $bitcoin->getblockcount(); } else { $iBlock = 0; } // Output JSON format -echo json_encode(array('getblockcount' => $iBlock)); +echo $api->get_json($iBlock); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getblocksfound.inc.php b/public/include/pages/api/getblocksfound.inc.php index b238bdc3..f4770278 100644 --- a/public/include/pages/api/getblocksfound.inc.php +++ b/public/include/pages/api/getblocksfound.inc.php @@ -7,15 +7,13 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); -// Set a sane limit, overwrite with URL parameter -$iLimit = 10; -if (@$_REQUEST['limit']) - $iLimit = $_REQUEST['limit']; +// Check how many blocks to fetch +$setting->getValue('statistics_block_count') ? $iLimit = $setting->getValue('statistics_block_count') : $iLimit = 20; // Output JSON format -echo json_encode(array('getblocksfound' => $statistics->getBlocksFound($iLimit))); +echo $api->get_json($statistics->getBlocksFound($iLimit)); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getcurrentworkers.inc.php b/public/include/pages/api/getcurrentworkers.inc.php index 48864316..837b75ef 100644 --- a/public/include/pages/api/getcurrentworkers.inc.php +++ b/public/include/pages/api/getcurrentworkers.inc.php @@ -7,10 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getcurrentworkers' => $worker->getCountAllActiveWorkers())); +echo $api->get_json($worker->getCountAllActiveWorkers()); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getdashboarddata.inc.php b/public/include/pages/api/getdashboarddata.inc.php index 850edbcd..e4c8e48c 100644 --- a/public/include/pages/api/getdashboarddata.inc.php +++ b/public/include/pages/api/getdashboarddata.inc.php @@ -6,34 +6,20 @@ if (!defined('SECURITY')) die('Hacking attempt'); // Check if the API is activated $api->isActive(); -// Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); +// Check user token and access level permissions +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); +// Fetch RPC information +if ($bitcoin->can_connect() === true) { + $dNetworkHashrate = $bitcoin->getnetworkhashps(); + $dDifficulty = $bitcoin->getdifficulty(); + $iBlock = $bitcoin->getblockcount(); } else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); + $dNetworkHashrate = 0; + $dDifficulty = 1; + $iBlock = 0; } -// Fetch raw RPC data -$bitcoin->can_connect() === true ? $dNetworkHashrate = $bitcoin->query('getnetworkhashps') : $dNetworkHashrate = 0; - // Some settings if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; if ( ! $dPoolHashrateModifier = $setting->getValue('statistics_pool_hashrate_modifier') ) $dPoolHashrateModifier = 1; @@ -44,12 +30,12 @@ if ( ! $dNetworkHashrateModifier = $setting->getValue('statistics_network_hashra $statistics->setGetCache(false); $dPoolHashrate = $statistics->getCurrentHashrate($interval); if ($dPoolHashrate > $dNetworkHashrate) $dNetworkHashrate = $dPoolHashrate; -$dPersonalHashrate = $statistics->getUserHashrate($id, $interval); -$dPersonalSharerate = $statistics->getUserSharerate($id, $interval); +$dPersonalHashrate = $statistics->getUserHashrate($user_id, $interval); +$dPersonalSharerate = $statistics->getUserSharerate($user_id, $interval); $statistics->setGetCache(true); // Use caches for this one -$aUserRoundShares = $statistics->getUserShares($id); +$aUserRoundShares = $statistics->getUserShares($user_id); $aRoundShares = $statistics->getRoundShares(); // Apply pool modifiers @@ -58,13 +44,13 @@ $dPoolHashrateAdjusted = $dPoolHashrate * $dPoolHashrateModifier; $dNetworkHashrateAdjusted = $dNetworkHashrate / 1000 * $dNetworkHashrateModifier; // Output JSON format -echo json_encode(array($_REQUEST['action'] => array( - 'runtime' => (microtime(true) - $dTimeStart) * 1000, +$data = array( 'raw' => array( 'personal' => array( 'hashrate' => $dPersonalHashrate ), 'pool' => array( 'hashrate' => $dPoolHashrate ), 'network' => array( 'hashrate' => $dNetworkHashrate / 1000 ) ), 'personal' => array ( 'hashrate' => $dPersonalHashrateAdjusted, 'sharerate' => $dPersonalSharerate, 'shares' => $aUserRoundShares), 'pool' => array( 'hashrate' => $dPoolHashrateAdjusted, 'shares' => $aRoundShares ), - 'network' => array( 'hashrate' => $dNetworkHashrateAdjusted ), -))); + 'network' => array( 'hashrate' => $dNetworkHashrateAdjusted, 'difficulty' => $dDifficulty, 'block' => $iBlock ), +); +echo $api->get_json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getdifficulty.inc.php b/public/include/pages/api/getdifficulty.inc.php index 54cc7ac9..95805548 100644 --- a/public/include/pages/api/getdifficulty.inc.php +++ b/public/include/pages/api/getdifficulty.inc.php @@ -7,17 +7,13 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch data from wallet -if ($bitcoin->can_connect() === true){ - $dDifficulty = $bitcoin->getdifficulty(); -} else { - $iDifficulty = 1; -} +$bitcoin->can_connect() === true ? $dDifficulty = $bitcoin->getdifficulty() : $iDifficulty = 1; // Output JSON format -echo json_encode(array('getdifficulty' => $dDifficulty)); +echo $api->get_json($dDifficulty); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getestimatedtime.inc.php b/public/include/pages/api/getestimatedtime.inc.php index f06e28f3..91ed811d 100644 --- a/public/include/pages/api/getestimatedtime.inc.php +++ b/public/include/pages/api/getestimatedtime.inc.php @@ -7,13 +7,14 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Estimated time to find the next block $iCurrentPoolHashrate = $statistics->getCurrentHashrate() * 1000; +$bitcoin->can_connect() === true ? $dEstimatedTime = $bitcoin->getestimatedtime($iCurrentPoolHashrate) : $dEstimatedTime = 0; // Output JSON format -echo json_encode(array('getestimatedtime' => $bitcoin->getestimatedtime($iCurrentPoolHashrate))); +echo $api->get_json($dEstimatedTime); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/gethourlyhashrates.inc.php b/public/include/pages/api/gethourlyhashrates.inc.php index 776df473..54112325 100644 --- a/public/include/pages/api/gethourlyhashrates.inc.php +++ b/public/include/pages/api/gethourlyhashrates.inc.php @@ -7,25 +7,15 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('gethourlyhashrates' => array( +$data = array( 'mine' => $statistics->getHourlyHashrateByAccount($id), 'pool' => $statistics->getHourlyHashrateByPool() -)), JSON_FORCE_OBJECT); +); + +echo $api->json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getpoolhashrate.inc.php b/public/include/pages/api/getpoolhashrate.inc.php index 3c80f426..a5985d44 100644 --- a/public/include/pages/api/getpoolhashrate.inc.php +++ b/public/include/pages/api/getpoolhashrate.inc.php @@ -7,19 +7,17 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); + +// Fetch settings +if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Output JSON format $statistics->setGetCache(false); -$start = microtime(true); -$dPoolHashrate = $statistics->getCurrentHashrate(300); -$end = microtime(true); -$runtime = ($end - $start) * 1000; +$dPoolHashrate = $statistics->getCurrentHashrate($interval); $statistics->setGetCache(true); -echo json_encode(array('getpoolhashrate' => array( - 'runtime' => $runtime, - 'hashrate' => $dPoolHashrate, -))); + +echo $api->get_json($dPoolHashrate); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getpoolsharerate.inc.php b/public/include/pages/api/getpoolsharerate.inc.php index a87859f6..a55654be 100644 --- a/public/include/pages/api/getpoolsharerate.inc.php +++ b/public/include/pages/api/getpoolsharerate.inc.php @@ -7,7 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); + +// Fetch settings +if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Output JSON format echo json_encode(array('getpoolsharerate' => $statistics->getCurrentShareRate())); diff --git a/public/include/pages/api/getpoolstatus.inc.php b/public/include/pages/api/getpoolstatus.inc.php index 55864e0b..00aab39c 100644 --- a/public/include/pages/api/getpoolstatus.inc.php +++ b/public/include/pages/api/getpoolstatus.inc.php @@ -7,7 +7,7 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch last block information $aLastBlock = $block->getLast(); @@ -20,7 +20,7 @@ $aShares['valid'] > 0 ? $dEfficiency = round((100 - (100 / $aShares['valid'] * $ if ($bitcoin->can_connect() === true){ $dDifficulty = $bitcoin->getdifficulty(); $iBlock = $bitcoin->getblockcount(); - $dNetworkHashrate = $bitcoin->query('getnetworkhashps'); + $dNetworkHashrate = $bitcoin->getnetworkhashps(); } else { $dDifficulty = 1; $iBlock = 0; @@ -46,21 +46,21 @@ if (!empty($aLastBlock)) { } // Output JSON format -echo json_encode( - array( - 'getpoolstatus' => array( - 'hashrate' => $iCurrentPoolHashrate, - 'efficiency' => $dEfficiency, - 'workers' => $worker->getCountAllActiveWorkers(), - 'currentnetworkblock' => $iBlock, - 'nextnetworkblock' => $iBlock + 1, - 'lastblock' => $aLastBlock['height'], - 'networkdiff' => $dDifficulty, - 'esttime' => $iEstTime, - 'estshares' => $iEstShares, - 'timesincelast' => $dTimeSinceLast, - 'nethashrate' => $dNetworkHashrate - ))); +$data = array( + 'hashrate' => $iCurrentPoolHashrate, + 'efficiency' => $dEfficiency, + 'workers' => $worker->getCountAllActiveWorkers(), + 'currentnetworkblock' => $iBlock, + 'nextnetworkblock' => $iBlock + 1, + 'lastblock' => $aLastBlock['height'], + 'networkdiff' => $dDifficulty, + 'esttime' => $iEstTime, + 'estshares' => $iEstShares, + 'timesincelast' => $dTimeSinceLast, + 'nethashrate' => $dNetworkHashrate +); + +echo $api->get_json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/gettimesincelastblock.inc.php b/public/include/pages/api/gettimesincelastblock.inc.php index 14575364..c0de01f8 100644 --- a/public/include/pages/api/gettimesincelastblock.inc.php +++ b/public/include/pages/api/gettimesincelastblock.inc.php @@ -7,21 +7,17 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch our last block found $aBlocksFoundData = $statistics->getBlocksFound(1); // Time since last block $now = new DateTime( "now" ); -if (!empty($aBlocksFoundData)) { - $dTimeSinceLast = ($now->getTimestamp() - $aBlocksFoundData[0]['time']); -} else { - $dTimeSinceLast = 0; -} +! empty($aBlocksFoundData) ? $dTimeSinceLast = ($now->getTimestamp() - $aBlocksFoundData[0]['time']) : $dTimeSinceLast = 0; // Output JSON format -echo json_encode(array('gettimesincelastblock' => $dTimeSinceLast)); +echo $api->get_json($dTimeSinceLast); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserbalance.inc.php b/public/include/pages/api/getuserbalance.inc.php index 76462c00..d91c6865 100644 --- a/public/include/pages/api/getuserbalance.inc.php +++ b/public/include/pages/api/getuserbalance.inc.php @@ -7,23 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -echo $user_id; - -// We have to check if that user is admin too -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id) && !empty($_REQUEST['id'])) { - $id = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - $id = $user_id; -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getuserbalance' => $transaction->getBalance($id))); +echo $api->get_json($transaction->getBalance($user_id)); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserhashrate.inc.php b/public/include/pages/api/getuserhashrate.inc.php index c9cf6b09..2edee628 100644 --- a/public/include/pages/api/getuserhashrate.inc.php +++ b/public/include/pages/api/getuserhashrate.inc.php @@ -7,48 +7,19 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch some settings if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Gather un-cached data $statistics->setGetCache(false); -$start = microtime(true); -$hashrate = $statistics->getUserHashrate($id, $interval); -$end = microtime(true); -$runtime = ($end - $start)* 1000; - -// Output JSON format -echo json_encode(array('getuserhashrate' => array( - 'username' => $username, - 'runtime' => $runtime, - 'hashrate' => $hashrate -))); +$hashrate = $statistics->getUserHashrate($user_id, $interval); $statistics->setGetCache(true); +// Output JSON +echo $api->get_json($hashrate); + // Supress master template $supress_master = 1; ?> diff --git a/public/include/pages/api/getusersharerate.inc.php b/public/include/pages/api/getusersharerate.inc.php index f64572bf..23a4562d 100644 --- a/public/include/pages/api/getusersharerate.inc.php +++ b/public/include/pages/api/getusersharerate.inc.php @@ -7,44 +7,18 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); -} +// Fetch settings +if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Gather un-cached data $statistics->setGetCache(false); -$start = microtime(true); -$sharerate = $statistics->getUserSharerate($id, 60); -$end = microtime(true); -$runtime = ($end - $start)* 1000; +$sharerate = $statistics->getUserSharerate($user_id, $interval); +$statistics->setGetCache(true); // Output JSON format -echo json_encode(array('getusersharerate' => array( - 'username' => $username, - 'runtime' => $runtime, - 'sharerate' => $sharerate -))); -$statistics->setGetCache(true); +echo $api->get_json($sharerate); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserstatus.inc.php b/public/include/pages/api/getuserstatus.inc.php index 219be390..e7abf7c5 100644 --- a/public/include/pages/api/getuserstatus.inc.php +++ b/public/include/pages/api/getuserstatus.inc.php @@ -7,37 +7,15 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getuserstatus' => array( - 'username' => $username, - 'shares' => $statistics->getUserShares($id), - 'hashrate' => $statistics->getUserHashrate($id), - 'sharerate' => $statistics->getUserSharerate($id) -))); +$data = array( + 'shares' => $statistics->getUserShares($user_id), + 'hashrate' => $statistics->getUserHashrate($user_id), + 'sharerate' => $statistics->getUserSharerate($user_id) +); +echo $api->get_json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserworkers.inc.php b/public/include/pages/api/getuserworkers.inc.php index 06eb3411..a1f19605 100644 --- a/public/include/pages/api/getuserworkers.inc.php +++ b/public/include/pages/api/getuserworkers.inc.php @@ -7,21 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -// We have to check if that user is admin too -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - $id = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - $id = $user_id; -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getuserworkers' => $worker->getWorkers($id))); +echo $api->get_json($worker->getWorkers($user_id)); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/public.inc.php b/public/include/pages/api/public.inc.php index e8be4181..f465d1a8 100644 --- a/public/include/pages/api/public.inc.php +++ b/public/include/pages/api/public.inc.php @@ -13,6 +13,7 @@ $aShares = $statistics->getRoundShares(); // RPC Calls $bitcoin->can_connect() === true ? $dNetworkHashrate = $bitcoin->getnetworkhashps() : $dNetworkHashrate = 0; +// Backwards compatible with the existing services echo json_encode( array( 'pool_name' => $setting->getValue('website_name'), diff --git a/public/index.php b/public/index.php index 1933bf8d..a5a3fd72 100644 --- a/public/index.php +++ b/public/index.php @@ -19,7 +19,7 @@ limitations under the License. */ // Used for performance calculations -$dTimeStart = microtime(true); +$dStartTime = microtime(true); // This should be okay define("BASEPATH", "./"); @@ -84,7 +84,7 @@ require_once(INCLUDE_DIR . '/smarty_globals.inc.php'); // Load debug information into template $debug->append("Loading debug information into template", 4); $smarty->assign('DebuggerInfo', $debug->getDebugInfo()); -$smarty->assign('RUNTIME', (microtime(true) - $dTimeStart) * 1000); +$smarty->assign('RUNTIME', (microtime(true) - $dStartTime) * 1000); // Display our page if (!@$supress_master) $smarty->display("master.tpl", $smarty_cache_key); diff --git a/public/templates/test/dashboard/js.tpl b/public/templates/test/dashboard/js.tpl index f53c944b..b4270759 100644 --- a/public/templates/test/dashboard/js.tpl +++ b/public/templates/test/dashboard/js.tpl @@ -88,30 +88,30 @@ $(document).ready(function(){ // Helper to initilize gauges function initGauges(data) { - g1 = new JustGage({id: "nethashrate", value: parseFloat(data.getdashboarddata.network.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.network.hashrate * 2), title: "Net Hashrate", label: "{/literal}{$GLOBAL.hashunits.network}{literal}"}); - g2 = new JustGage({id: "poolhashrate", value: parseFloat(data.getdashboarddata.pool.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.pool.hashrate * 2), title: "Pool Hashrate", label: "{/literal}{$GLOBAL.hashunits.pool}{literal}"}); - g3 = new JustGage({id: "hashrate", value: parseFloat(data.getdashboarddata.personal.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.personal.hashrate * 2), title: "Hashrate", label: "{/literal}{$GLOBAL.hashunits.personal}{literal}"}); - g4 = new JustGage({id: "sharerate", value: parseFloat(data.getdashboarddata.personal.sharerate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.personal.sharerate * 2), title: "Sharerate", label: "shares/s"}); + g1 = new JustGage({id: "nethashrate", value: parseFloat(data.getdashboarddata.data.network.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.network.hashrate * 2), title: "Net Hashrate", label: "{/literal}{$GLOBAL.hashunits.network}{literal}"}); + g2 = new JustGage({id: "poolhashrate", value: parseFloat(data.getdashboarddata.data.pool.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.pool.hashrate * 2), title: "Pool Hashrate", label: "{/literal}{$GLOBAL.hashunits.pool}{literal}"}); + g3 = new JustGage({id: "hashrate", value: parseFloat(data.getdashboarddata.data.personal.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.personal.hashrate * 2), title: "Hashrate", label: "{/literal}{$GLOBAL.hashunits.personal}{literal}"}); + g4 = new JustGage({id: "sharerate", value: parseFloat(data.getdashboarddata.data.personal.sharerate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.personal.sharerate * 2), title: "Sharerate", label: "shares/s"}); g5 = new JustGage({id: "querytime", value: parseFloat(data.getdashboarddata.runtime).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.runtime * 3), title: "Querytime", label: "ms"}); } // Helper to refresh graphs function refreshInformation(data) { - g1.refresh(parseFloat(data.getdashboarddata.network.hashrate).toFixed(2)); - g2.refresh(parseFloat(data.getdashboarddata.pool.hashrate).toFixed(2)); - g3.refresh(parseFloat(data.getdashboarddata.personal.hashrate).toFixed(2)); - g4.refresh(parseFloat(data.getdashboarddata.personal.sharerate).toFixed(2)); + g1.refresh(parseFloat(data.getdashboarddata.data.network.hashrate).toFixed(2)); + g2.refresh(parseFloat(data.getdashboarddata.data.pool.hashrate).toFixed(2)); + g3.refresh(parseFloat(data.getdashboarddata.data.personal.hashrate).toFixed(2)); + g4.refresh(parseFloat(data.getdashboarddata.data.personal.sharerate).toFixed(2)); g5.refresh(parseFloat(data.getdashboarddata.runtime).toFixed(2)); if (storedPersonalHashrate.length > 20) { storedPersonalHashrate.shift(); } if (storedPoolHashrate.length > 20) { storedPoolHashrate.shift(); } if (storedPersonalSharerate.length > 20) { storedPersonalSharerate.shift(); } timeNow = new Date().getTime(); - storedPersonalHashrate[storedPersonalHashrate.length] = [timeNow, data.getdashboarddata.raw.personal.hashrate]; - storedPersonalSharerate[storedPersonalSharerate.length] = [timeNow, parseFloat(data.getdashboarddata.personal.sharerate)]; - storedPoolHashrate[storedPoolHashrate.length] = [timeNow, data.getdashboarddata.raw.pool.hashrate]; + storedPersonalHashrate[storedPersonalHashrate.length] = [timeNow, data.getdashboarddata.data.raw.personal.hashrate]; + storedPersonalSharerate[storedPersonalSharerate.length] = [timeNow, parseFloat(data.getdashboarddata.data.personal.sharerate)]; + storedPoolHashrate[storedPoolHashrate.length] = [timeNow, data.getdashboarddata.data.raw.pool.hashrate]; tempShareinfoData = [ - [parseInt(data.getdashboarddata.personal.shares.valid), parseInt(data.getdashboarddata.personal.shares.invalid)], - [parseInt(data.getdashboarddata.pool.shares.valid), parseInt(data.getdashboarddata.pool.shares.invalid)] + [parseInt(data.getdashboarddata.data.personal.shares.valid), parseInt(data.getdashboarddata.data.personal.shares.invalid)], + [parseInt(data.getdashboarddata.data.pool.shares.valid), parseInt(data.getdashboarddata.data.pool.shares.invalid)] ]; replotOverviewOptions = { data: [storedPersonalHashrate, storedPoolHashrate, storedPersonalSharerate],