Adding min/max threshold configuration

* Check for min/max values set for auto payouts * Display error messages to the user * Sanitize values just in case we fall through the validation * Updated template and class * New configuration option added! Update your local configs! Fixes #108
2013-06-05 09:11:25 +02:00 · 2013-06-05 09:11:25 +02:00 · 6c4fb84ee9
commit 6c4fb84ee9
parent 8bc7f6bf44
3 changed files with 24 additions and 3 deletions
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@ -241,10 +241,27 @@ class User {
  public function updateAccount($userID, $address, $threshold, $donate) {
    $this->debug->append("STA " . __METHOD__, 4);
    $bUser = false;
-    $threshold = min(250, max(0, floatval($threshold)));
-    if ($threshold < 1) $threshold = 0.0;
+
+    // number validation checks
+    if ($threshold < $this->config['ap_threshold']['min'] && $threshold != 0) {
+      $this->setErrorMessage('Threshold below configured minimum of ' . $this->config['ap_threshold']['min']);
+      return false;
+    } else if ($threshold > $this->config['ap_threshold']['max']) {
+      $this->setErrorMessage('Threshold above configured maximum of ' . $this->config['ap_threshold']['max']);
+      return false;
+    }
+    if ($donate < 0) {
+      $this->setErrorMessage('Donation below allowed 0% limit');
+      return false;
+    } else if ($donate > 100) {
+      $this->setErrorMessage('Donation above allowed 100% limit');
+      return false;
+    }
+    // Number sanitizer, just in case we fall through above
+    $threshold = min($this->config['ap_threshold']['max'], max(0, floatval($threshold)));
    $donate = min(100, max(0, floatval($donate)));

+    // We passed all validation checks so update the account
    $stmt = $this->mysqli->prepare("UPDATE $this->table SET coin_address = ?, ap_threshold = ?, donate_percent = ? WHERE id = ?");
    $stmt->bind_param('sddi', $address, $threshold, $donate, $userID);
    $stmt->execute();
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@ -25,6 +25,10 @@ $config = array(
    'url' =>     'https://btc-e.com/api/2',
    'target' =>  '/ltc_usd/ticker'
  ),
+  'ap_threshold' => array(
+    'min' => 1,
+    'max' => 250
+  ),
  'website' => array(
    'name' => 'The Pool',
    'slogan' => 'Resistance is futile',
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@ -49,7 +49,7 @@ if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST
    if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'])) {
      $_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success');
    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account', 'TYPE' => 'errormsg');
+      $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg');
    }
    break;