From 42b6d4b3b29751d91f56e4debf3519c1d26c7122 Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Wed, 12 Jun 2013 12:57:18 +0200 Subject: [PATCH 1/2] Adding support for user locking * Currently no GUI, use DB access to change the row entry * Upgraded Database table `accounts` with upgrade SQL * Updated `admin` field to `is_admin` as boolean * Modified pages, classes, templates to support is_admin and is_locked Addresses #147 --- public/include/classes/statistics.class.php | 3 +- public/include/classes/user.class.php | 45 +++++-- public/include/pages/account.inc.php | 11 +- public/include/pages/account/edit.inc.php | 122 +++++++++--------- .../pages/account/notifications.inc.php | 36 +++--- .../pages/account/transactions.inc.php | 13 +- public/include/pages/account/workers.inc.php | 57 ++++---- public/include/pages/admin.inc.php | 7 +- public/include/pages/admin/user.inc.php | 7 +- public/include/pages/admin/wallet.inc.php | 7 +- public/include/pages/login.inc.php | 2 +- .../include/pages/statistics/blocks.inc.php | 11 +- public/include/pages/statistics/pool.inc.php | 2 +- public/include/pages/statistics/user.inc.php | 10 +- public/templates/mmcFE/admin/user/default.tpl | 6 +- public/templates/mmcFE/global/navigation.tpl | 2 +- sql/issue_147_accounts_upgrade.sql | 2 + 17 files changed, 181 insertions(+), 162 deletions(-) create mode 100644 sql/issue_147_accounts_upgrade.sql diff --git a/public/include/classes/statistics.class.php b/public/include/classes/statistics.class.php index a63416dd..3bcebcfb 100644 --- a/public/include/classes/statistics.class.php +++ b/public/include/classes/statistics.class.php @@ -185,7 +185,8 @@ class Statistics { $stmt = $this->mysqli->prepare(" SELECT a.id AS id, - a.admin as admin, + a.is_admin as is_admin, + a.is_locked as is_locked, a.username AS username, a.donate_percent AS donate_percent, a.email AS email, diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php index feb0466f..76cfd1a4 100644 --- a/public/include/classes/user.class.php +++ b/public/include/classes/user.class.php @@ -36,7 +36,10 @@ class User { return $this->getSingle($username, 'email', 'username', 's'); } public function getUserAdmin($id) { - return $this->getSingle($id, 'admin', 'id'); + return $this->getSingle($id, 'is_admin', 'id'); + } + public function getUserLocked($id) { + return $this->getSingle($id, 'is_locked', 'id'); } public function getUserToken($id) { return $this->getSingle($id, 'token', 'id'); @@ -44,9 +47,11 @@ class User { public function getIdFromToken($token) { return $this->getSingle($token, 'id', 'token', 's'); } + public function isLocked($id) { + return $this->getUserLocked($id); + } public function isAdmin($id) { - if ($this->getUserAdmin($id) == 1) return true; - return false; + return $this->getUserAdmin($id); } public function setUserToken($id) { @@ -79,10 +84,15 @@ class User { public function checkLogin($username, $password) { $this->debug->append("STA " . __METHOD__, 4); $this->debug->append("Checking login for $username with password $password", 2); - if ( $this->checkUserPassword($username, $password) ) { + if ($this->isLocked($this->getUserId($username))) { + $this->setErrorMessage("Account is locked. Please contact site support."); + return false; + } + if ( $this->checkUserPassword($username, $password)) { $this->createSession($username); return true; } + $this->setErrorMessage("Invalid username or password"); return false; } @@ -300,7 +310,7 @@ class User { private function checkUserPassword($username, $password) { $this->debug->append("STA " . __METHOD__, 4); $user = array(); - $stmt = $this->mysqli->prepare("SELECT username, id, admin FROM $this->table WHERE username=? AND pass=? LIMIT 1"); + $stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE username=? AND pass=? LIMIT 1"); if ($this->checkStmt($stmt)) { $stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt)); $stmt->execute(); @@ -308,7 +318,7 @@ class User { $stmt->fetch(); $stmt->close(); // Store the basic login information - $this->user = array('username' => $row_username, 'id' => $row_id, 'admin' => $row_admin); + $this->user = array('username' => $row_username, 'id' => $row_id, 'is_admin' => $row_admin); return $username === $row_username; } return false; @@ -337,7 +347,8 @@ class User { $this->debug->append("STA " . __METHOD__, 4); session_destroy(); session_regenerate_id(true); - return true; + // Enforce a page reload + header("Location: index.php"); } /** @@ -359,7 +370,7 @@ class User { $this->debug->append("Fetching user information for user id: $userID"); $stmt = $this->mysqli->prepare(" SELECT - id, username, pin, api_key, admin, email, + id, username, pin, api_key, is_admin, email, IFNULL(donate_percent, '0') as donate_percent, coin_address, ap_threshold FROM $this->table WHERE id = ? LIMIT 0,1"); @@ -417,7 +428,7 @@ class User { "); } else { $stmt = $this->mysqli->prepare(" - INSERT INTO $this->table (username, pass, email, pin, api_key, admin) + INSERT INTO $this->table (username, pass, email, pin, api_key, is_admin) VALUES (?, ?, ?, ?, ?, 1) "); } @@ -505,6 +516,22 @@ class User { } return false; } + + /** + * Check if a user is authenticated and allowed to login + * Checks the $_SESSION for existing data + * Destroys the session if account is now locked + * @param none + * @return bool + **/ + public function isAuthenticated() { + $this->debug->append("STA " . __METHOD__, 4); + if ($_SESSION['AUTHENTICATED'] == true && ! $this->isLocked($_SESSION['USERDATA']['id'])) + return true; + // Catchall + $this->logoutUser(); + return false; + } } // Make our class available automatically diff --git a/public/include/pages/account.inc.php b/public/include/pages/account.inc.php index 859575d9..9e43518e 100644 --- a/public/include/pages/account.inc.php +++ b/public/include/pages/account.inc.php @@ -1,13 +1,10 @@ isAuthenticated()) { + // Tempalte specifics + $smarty->assign("CONTENT", "default.tpl"); } - -// Tempalte specifics -$smarty->assign("CONTENT", "default.tpl"); ?> diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php index 6726b7d9..a4859c8f 100644 --- a/public/include/pages/account/edit.inc.php +++ b/public/include/pages/account/edit.inc.php @@ -4,79 +4,77 @@ if (!defined('SECURITY')) die('Hacking attempt'); -if (!$_SESSION['AUTHENTICATED']) { - header('Location: index.php?page=home'); -} - -if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST['do']) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN','TYPE' => 'errormsg'); -} else { - switch ($_POST['do']) { - case 'cashOut': - if ($setting->getValue('manual_payout_active') == 1) { - $_SESSION['POPUP'][] = array('CONTENT' => 'A manual payout is in progress. Please try again later.', 'TYPE' => 'errormsg'); - } else { - $setting->setValue('manual_payout_active', 1); - $continue = true; - $aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']); - $dBalance = $aBalance['confirmed']; - $sCoinAddress = $user->getCoinAddress($_SESSION['USERDATA']['id']); - // Ensure we can cover the potential transaction fee - if ($dBalance > $config['txfee']) { - if ($bitcoin->can_connect() === true) { - try { - $bitcoin->validateaddress($sCoinAddress); - } catch (BitcoinClientException $e) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid payment address: ' . $sUserSendAddress, 'TYPE' => 'errormsg'); - $continue = false; - } - if ($continue == true) { - // Send balance to address, mind fee for transaction! +if ($user->isAuthenticated()) { + if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST['do']) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN','TYPE' => 'errormsg'); + } else { + switch ($_POST['do']) { + case 'cashOut': + if ($setting->getValue('manual_payout_active') == 1) { + $_SESSION['POPUP'][] = array('CONTENT' => 'A manual payout is in progress. Please try again later.', 'TYPE' => 'errormsg'); + } else { + $setting->setValue('manual_payout_active', 1); + $continue = true; + $aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']); + $dBalance = $aBalance['confirmed']; + $sCoinAddress = $user->getCoinAddress($_SESSION['USERDATA']['id']); + // Ensure we can cover the potential transaction fee + if ($dBalance > $config['txfee']) { + if ($bitcoin->can_connect() === true) { try { - if ($setting->getValue('auto_payout_active') == 0) { - $bitcoin->sendtoaddress($sCoinAddress, $dBalance); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => 'Auto-payout active, please contact site support immidiately to revoke invalid transactions.', 'TYPE' => 'errormsg'); - $continue = false; - } + $bitcoin->validateaddress($sCoinAddress); } catch (BitcoinClientException $e) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to send ' . $config['currency'] . ', please contact site support immidiately', 'TYPE' => 'errormsg'); + $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid payment address: ' . $sUserSendAddress, 'TYPE' => 'errormsg'); $continue = false; } - } - // Set balance to 0, add to paid out, insert to ledger - if ($continue == true && $transaction->addTransaction($_SESSION['USERDATA']['id'], $dBalance, 'Debit_MP', NULL, $sCoinAddress)) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Transaction completed', 'TYPE' => 'success'); - $aMailData['email'] = $user->getUserEmail($user->getUserName($_SESSION['USERDATA']['id'])); - $aMailData['amount'] = $dBalance; - $aMailData['subject'] = 'Manual Payout Completed'; - $notification->sendNotification($_SESSION['USERDATA']['id'], 'manual_payout', $aMailData); + if ($continue == true) { + // Send balance to address, mind fee for transaction! + try { + if ($setting->getValue('auto_payout_active') == 0) { + $bitcoin->sendtoaddress($sCoinAddress, $dBalance); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => 'Auto-payout active, please contact site support immidiately to revoke invalid transactions.', 'TYPE' => 'errormsg'); + $continue = false; + } + } catch (BitcoinClientException $e) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to send ' . $config['currency'] . ', please contact site support immidiately', 'TYPE' => 'errormsg'); + $continue = false; + } + } + // Set balance to 0, add to paid out, insert to ledger + if ($continue == true && $transaction->addTransaction($_SESSION['USERDATA']['id'], $dBalance, 'Debit_MP', NULL, $sCoinAddress)) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Transaction completed', 'TYPE' => 'success'); + $aMailData['email'] = $user->getUserEmail($user->getUserName($_SESSION['USERDATA']['id'])); + $aMailData['amount'] = $dBalance; + $aMailData['subject'] = 'Manual Payout Completed'; + $notification->sendNotification($_SESSION['USERDATA']['id'], 'manual_payout', $aMailData); + } + } else { + $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to connect to litecoind RPC service', 'TYPE' => 'errormsg'); } } else { - $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to connect to litecoind RPC service', 'TYPE' => 'errormsg'); + $_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee'] . ' ' . $conifg['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg'); } - } else { - $_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee'] . ' ' . $conifg['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg'); + $setting->setValue('manual_payout_active', 0); } - $setting->setValue('manual_payout_active', 0); - } - break; + break; - case 'updateAccount': - if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success'); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg'); - } - break; + case 'updateAccount': + if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg'); + } + break; - case 'updatePassword': - if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success'); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg'); + case 'updatePassword': + if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg'); + } + break; } - break; } } diff --git a/public/include/pages/account/notifications.inc.php b/public/include/pages/account/notifications.inc.php index 2ab9c0d0..87fd6217 100644 --- a/public/include/pages/account/notifications.inc.php +++ b/public/include/pages/account/notifications.inc.php @@ -2,24 +2,24 @@ // Make sure we are called from index.php if (!defined('SECURITY')) die('Hacking attempt'); -if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home'); - -if ($_REQUEST['do'] == 'save') { - if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings'); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update settings', 'TYPE' => 'errormsg'); +if ($user->isAuthenticated()) { + if ($_REQUEST['do'] == 'save') { + if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update settings', 'TYPE' => 'errormsg'); + } } + + // Fetch notifications + $aNotifications = $notification->getNofifications($_SESSION['USERDATA']['id']); + if (!$aNotifications) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any notifications', 'TYPE' => 'errormsg'); + + // Fetch user notification settings + $aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']); + + $smarty->assign('NOTIFICATIONS', $aNotifications); + $smarty->assign('SETTINGS', $aSettings); + $smarty->assign('CONTENT', 'default.tpl'); } - -// Fetch notifications -$aNotifications = $notification->getNofifications($_SESSION['USERDATA']['id']); -if (!$aNotifications) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any notifications', 'TYPE' => 'errormsg'); - -// Fetch user notification settings -$aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']); - -$smarty->assign('NOTIFICATIONS', $aNotifications); -$smarty->assign('SETTINGS', $aSettings); -$smarty->assign('CONTENT', 'default.tpl'); ?> diff --git a/public/include/pages/account/transactions.inc.php b/public/include/pages/account/transactions.inc.php index 6e83e292..f6bdbfb2 100644 --- a/public/include/pages/account/transactions.inc.php +++ b/public/include/pages/account/transactions.inc.php @@ -2,11 +2,10 @@ // Make sure we are called from index.php if (!defined('SECURITY')) die('Hacking attempt'); -if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home'); - -$aTransactions = $transaction->getTransactions($_SESSION['USERDATA']['id']); -if (!$aTransactions) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any transaction', 'TYPE' => 'errormsg'); - -$smarty->assign('TRANSACTIONS', $aTransactions); -$smarty->assign('CONTENT', 'default.tpl'); +if (!$user->isAuthenticated()) { + $aTransactions = $transaction->getTransactions($_SESSION['USERDATA']['id']); + if (!$aTransactions) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any transaction', 'TYPE' => 'errormsg'); + $smarty->assign('TRANSACTIONS', $aTransactions); + $smarty->assign('CONTENT', 'default.tpl'); +} ?> diff --git a/public/include/pages/account/workers.inc.php b/public/include/pages/account/workers.inc.php index 67bd0e19..78556424 100644 --- a/public/include/pages/account/workers.inc.php +++ b/public/include/pages/account/workers.inc.php @@ -2,35 +2,36 @@ // Make sure we are called from index.php if (!defined('SECURITY')) die('Hacking attempt'); -if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home'); -switch ($_REQUEST['do']) { -case 'delete': - if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed'); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); +if ($user->isAuthenticated()) { + switch ($_REQUEST['do']) { + case 'delete': + if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); + } + break; + case 'add': + if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Worker added'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); + } + break; + case 'update': + if ($worker->updateWorkers($_SESSION['USERDATA']['id'], $_POST['data'])) { + $_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated'); + } else { + $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); + } + break; } - break; -case 'add': - if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Worker added'); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); - } - break; -case 'update': - if ($worker->updateWorkers($_SESSION['USERDATA']['id'], $_POST['data'])) { - $_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated'); - } else { - $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); - } - break; + + $aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']); + if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'errormsg'); + + $smarty->assign('CONTENT', 'default.tpl'); + $smarty->assign('WORKERS', $aWorkers); } - -$aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']); -if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'errormsg'); - -$smarty->assign('CONTENT', 'default.tpl'); -$smarty->assign('WORKERS', $aWorkers); ?> diff --git a/public/include/pages/admin.inc.php b/public/include/pages/admin.inc.php index 4409a769..5305b030 100644 --- a/public/include/pages/admin.inc.php +++ b/public/include/pages/admin.inc.php @@ -1,13 +1,12 @@ isAdmin($_SESSION['USERDATA']['id'])) { +if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) { header("HTTP/1.1 404 Page not found"); - die(); + die("404 Page not found"); } // Tempalte specifics diff --git a/public/include/pages/admin/user.inc.php b/public/include/pages/admin/user.inc.php index 8b40ab21..548cdf3a 100644 --- a/public/include/pages/admin/user.inc.php +++ b/public/include/pages/admin/user.inc.php @@ -1,13 +1,12 @@ isAdmin($_SESSION['USERDATA']['id'])) { +if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) { header("HTTP/1.1 404 Page not found"); - die(); + die("404 Page not found"); } $aRoundShares = $statistics->getRoundShares(); diff --git a/public/include/pages/admin/wallet.inc.php b/public/include/pages/admin/wallet.inc.php index cb094fe9..45ff5af4 100644 --- a/public/include/pages/admin/wallet.inc.php +++ b/public/include/pages/admin/wallet.inc.php @@ -1,13 +1,12 @@ isAdmin($_SESSION['USERDATA']['id'])) { +if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) { header("HTTP/1.1 404 Page not found"); - die(); + die("404 Page not found"); } if ($bitcoin->can_connect() === true){ diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php index 6600a872..c157d720 100644 --- a/public/include/pages/login.inc.php +++ b/public/include/pages/login.inc.php @@ -7,7 +7,7 @@ if (!defined('SECURITY')) if ( $user->checkLogin($_POST['username'],$_POST['password']) ) { header('Location: index.php?page=home'); } else { - $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid username or password', 'TYPE' => 'errormsg'); + $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg'); } $smarty->assign('CONTENT', 'default.tpl'); ?> diff --git a/public/include/pages/statistics/blocks.inc.php b/public/include/pages/statistics/blocks.inc.php index 7ba0bfdd..69bbade7 100644 --- a/public/include/pages/statistics/blocks.inc.php +++ b/public/include/pages/statistics/blocks.inc.php @@ -1,9 +1,8 @@ isAuthenticated()) header("Location: index.php?page=home"); // Grab the last blocks found $iLimit = 30; @@ -14,9 +13,5 @@ $aBlockData = $aBlocksFoundData[0]; $smarty->assign("BLOCKSFOUND", $aBlocksFoundData); $smarty->assign("BLOCKLIMIT", $iLimit); -if ($_SESSION['AUTHENTICATED']) { - $smarty->assign("CONTENT", "blocks_found.tpl"); -} else { - $smarty->assign("CONTENT", "default.tpl"); -} +$smarty->assign("CONTENT", "blocks_found.tpl"); ?> diff --git a/public/include/pages/statistics/pool.inc.php b/public/include/pages/statistics/pool.inc.php index 76014fe4..fc546e72 100644 --- a/public/include/pages/statistics/pool.inc.php +++ b/public/include/pages/statistics/pool.inc.php @@ -50,7 +50,7 @@ $smarty->assign("LASTBLOCK", $aBlockData['height']); $smarty->assign("DIFFICULTY", $dDifficulty); $smarty->assign("REWARD", $config['reward']); -if ($_SESSION['AUTHENTICATED']) { +if ($user->isAuthenticated()) { $smarty->assign("CONTENT", "authenticated.tpl"); } else { $smarty->assign("CONTENT", "../default.tpl"); diff --git a/public/include/pages/statistics/user.inc.php b/public/include/pages/statistics/user.inc.php index 2b0b0ed9..13b3ba5b 100644 --- a/public/include/pages/statistics/user.inc.php +++ b/public/include/pages/statistics/user.inc.php @@ -4,12 +4,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); -$aHourlyHashRates = $statistics->getHourlyHashrateByAccount($_SESSION['USERDATA']['id']); - -// Propagate content our template -$smarty->assign("YOURHASHRATES", $aHourlyHashRates); - -if ($_SESSION['AUTHENTICATED']) { +if ($user->isAuthenticated()) { + $aHourlyHashRates = $statistics->getHourlyHashrateByAccount($_SESSION['USERDATA']['id']); + // Propagate content our template + $smarty->assign("YOURHASHRATES", $aHourlyHashRates); $smarty->assign("CONTENT", "default.tpl"); } ?> diff --git a/public/templates/mmcFE/admin/user/default.tpl b/public/templates/mmcFE/admin/user/default.tpl index 86c52e48..1da8c3a4 100644 --- a/public/templates/mmcFE/admin/user/default.tpl +++ b/public/templates/mmcFE/admin/user/default.tpl @@ -23,6 +23,7 @@ Est. Payout    Balance    Admin + Locked @@ -37,7 +38,10 @@ {$USERS[user].payout.est_payout|number_format:"8"} {$USERS[user].balance|number_format:"8"} - + + + + {sectionelse} diff --git a/public/templates/mmcFE/global/navigation.tpl b/public/templates/mmcFE/global/navigation.tpl index 84da0388..9beb87cb 100644 --- a/public/templates/mmcFE/global/navigation.tpl +++ b/public/templates/mmcFE/global/navigation.tpl @@ -11,7 +11,7 @@ {/if} - {if $smarty.session.AUTHENTICATED|default:"0" == 1 && $GLOBAL.userdata.admin == 1} + {if $smarty.session.AUTHENTICATED|default:"0" == 1 && $GLOBAL.userdata.is_admin == 1}
  • Admin Panel