RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #174 from TheSerapher/issue-147

Browse Source 
Issue 147
This commit is contained in:
Sebastian Grewe 2013-06-13 02:39:23 -07:00
commit 8c01351b76
17 changed files with 231 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/include/classes/statistics.class.php
View File

@ -185,7 +185,8 @@ class Statistics {
$stmt = $this->mysqli->prepare(" $stmt = $this->mysqli->prepare("
SELECT SELECT
a.id AS id, a.id AS id,
a.admin as admin, a.is_admin as is_admin,
a.is_locked as is_locked,
a.username AS username, a.username AS username,
a.donate_percent AS donate_percent, a.donate_percent AS donate_percent,
a.email AS email, a.email AS email,

61
public/include/classes/user.class.php
View File

@ -36,7 +36,10 @@ class User {
return $this->getSingle($username, 'email', 'username', 's'); return $this->getSingle($username, 'email', 'username', 's');
} }
public function getUserAdmin($id) { public function getUserAdmin($id) {
return $this->getSingle($id, 'admin', 'id'); return $this->getSingle($id, 'is_admin', 'id');
}
public function getUserLocked($id) {
return $this->getSingle($id, 'is_locked', 'id');
} }
public function getUserToken($id) { public function getUserToken($id) {
return $this->getSingle($id, 'token', 'id'); return $this->getSingle($id, 'token', 'id');
@ -44,9 +47,27 @@ class User {
public function getIdFromToken($token) { public function getIdFromToken($token) {
return $this->getSingle($token, 'id', 'token', 's'); return $this->getSingle($token, 'id', 'token', 's');
} }
public function isLocked($id) {
return $this->getUserLocked($id);
}
public function isAdmin($id) { public function isAdmin($id) {
if ($this->getUserAdmin($id) == 1) return true; return $this->getUserAdmin($id);
return false; }
public function changeLocked($id) {
$field = array(
'name' => 'is_locked',
'type' => 'i',
'value' => !$this->isLocked($id)
);
return $this->updateSingle($id, $field);
}
public function changeAdmin($id) {
$field = array(
'name' => 'is_admin',
'type' => 'i',
'value' => !$this->isAdmin($id)
);
return $this->updateSingle($id, $field);
} }
public function setUserToken($id) { public function setUserToken($id) {
@ -79,10 +100,15 @@ class User {
public function checkLogin($username, $password) { public function checkLogin($username, $password) {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
$this->debug->append("Checking login for $username with password $password", 2); $this->debug->append("Checking login for $username with password $password", 2);
if ( $this->checkUserPassword($username, $password) ) { if ($this->isLocked($this->getUserId($username))) {
$this->setErrorMessage("Account is locked. Please contact site support.");
return false;
}
if ( $this->checkUserPassword($username, $password)) {
$this->createSession($username); $this->createSession($username);
return true; return true;
} }
$this->setErrorMessage("Invalid username or password");
return false; return false;
} }
@ -300,7 +326,7 @@ class User {
private function checkUserPassword($username, $password) { private function checkUserPassword($username, $password) {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
$user = array(); $user = array();
$stmt = $this->mysqli->prepare("SELECT username, id, admin FROM $this->table WHERE username=? AND pass=? LIMIT 1"); $stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE username=? AND pass=? LIMIT 1");
if ($this->checkStmt($stmt)) { if ($this->checkStmt($stmt)) {
$stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt)); $stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt));
$stmt->execute(); $stmt->execute();
@ -308,7 +334,7 @@ class User {
$stmt->fetch(); $stmt->fetch();
$stmt->close(); $stmt->close();
// Store the basic login information // Store the basic login information
$this->user = array('username' => $row_username, 'id' => $row_id, 'admin' => $row_admin); $this->user = array('username' => $row_username, 'id' => $row_id, 'is_admin' => $row_admin);
return $username === $row_username; return $username === $row_username;
} }
return false; return false;
@ -337,7 +363,8 @@ class User {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
session_destroy(); session_destroy();
session_regenerate_id(true); session_regenerate_id(true);
return true; // Enforce a page reload
header("Location: index.php");
} }
/** /**
@ -359,7 +386,7 @@ class User {
$this->debug->append("Fetching user information for user id: $userID"); $this->debug->append("Fetching user information for user id: $userID");
$stmt = $this->mysqli->prepare(" $stmt = $this->mysqli->prepare("
SELECT SELECT
id, username, pin, api_key, admin, email, id, username, pin, api_key, is_admin, email,
IFNULL(donate_percent, '0') as donate_percent, coin_address, ap_threshold IFNULL(donate_percent, '0') as donate_percent, coin_address, ap_threshold
FROM $this->table FROM $this->table
WHERE id = ? LIMIT 0,1"); WHERE id = ? LIMIT 0,1");
@ -417,7 +444,7 @@ class User {
"); ");
} else { } else {
$stmt = $this->mysqli->prepare(" $stmt = $this->mysqli->prepare("
INSERT INTO $this->table (username, pass, email, pin, api_key, admin) INSERT INTO $this->table (username, pass, email, pin, api_key, is_admin)
VALUES (?, ?, ?, ?, ?, 1) VALUES (?, ?, ?, ?, ?, 1)
"); ");
} }
@ -505,6 +532,22 @@ class User {
} }
return false; return false;
} }
/**
* Check if a user is authenticated and allowed to login
* Checks the $_SESSION for existing data
* Destroys the session if account is now locked
* @param none
* @return bool
**/
public function isAuthenticated() {
$this->debug->append("STA " . __METHOD__, 4);
if ($_SESSION['AUTHENTICATED'] == true && ! $this->isLocked($_SESSION['USERDATA']['id']))
return true;
// Catchall
$this->logoutUser();
return false;
}
} }
// Make our class available automatically // Make our class available automatically

11
public/include/pages/account.inc.php
View File

@ -1,13 +1,10 @@
<?php <?php
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) if (!defined('SECURITY')) die('Hacking attempt');
die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) { if ($user->isAuthenticated()) {
header('Location: index.php?page=home'); // Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
} }
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
?> ?>

122
public/include/pages/account/edit.inc.php
View File

@ -4,79 +4,77 @@
if (!defined('SECURITY')) if (!defined('SECURITY'))
die('Hacking attempt'); die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) { if ($user->isAuthenticated()) {
header('Location: index.php?page=home'); if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST['do']) {
} $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN','TYPE' => 'errormsg');
} else {
if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST['do']) { switch ($_POST['do']) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN','TYPE' => 'errormsg'); case 'cashOut':
} else { if ($setting->getValue('manual_payout_active') == 1) {
switch ($_POST['do']) { $_SESSION['POPUP'][] = array('CONTENT' => 'A manual payout is in progress. Please try again later.', 'TYPE' => 'errormsg');
case 'cashOut': } else {
if ($setting->getValue('manual_payout_active') == 1) { $setting->setValue('manual_payout_active', 1);
$_SESSION['POPUP'][] = array('CONTENT' => 'A manual payout is in progress. Please try again later.', 'TYPE' => 'errormsg'); $continue = true;
} else { $aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']);
$setting->setValue('manual_payout_active', 1); $dBalance = $aBalance['confirmed'];
$continue = true; $sCoinAddress = $user->getCoinAddress($_SESSION['USERDATA']['id']);
$aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']); // Ensure we can cover the potential transaction fee
$dBalance = $aBalance['confirmed']; if ($dBalance > $config['txfee']) {
$sCoinAddress = $user->getCoinAddress($_SESSION['USERDATA']['id']); if ($bitcoin->can_connect() === true) {
// Ensure we can cover the potential transaction fee
if ($dBalance > $config['txfee']) {
if ($bitcoin->can_connect() === true) {
try {
$bitcoin->validateaddress($sCoinAddress);
} catch (BitcoinClientException $e) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid payment address: ' . $sUserSendAddress, 'TYPE' => 'errormsg');
$continue = false;
}
if ($continue == true) {
// Send balance to address, mind fee for transaction!
try { try {
if ($setting->getValue('auto_payout_active') == 0) { $bitcoin->validateaddress($sCoinAddress);
$bitcoin->sendtoaddress($sCoinAddress, $dBalance);
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Auto-payout active, please contact site support immidiately to revoke invalid transactions.', 'TYPE' => 'errormsg');
$continue = false;
}
} catch (BitcoinClientException $e) { } catch (BitcoinClientException $e) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to send ' . $config['currency'] . ', please contact site support immidiately', 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid payment address: ' . $sUserSendAddress, 'TYPE' => 'errormsg');
$continue = false; $continue = false;
} }
} if ($continue == true) {
// Set balance to 0, add to paid out, insert to ledger // Send balance to address, mind fee for transaction!
if ($continue == true && $transaction->addTransaction($_SESSION['USERDATA']['id'], $dBalance, 'Debit_MP', NULL, $sCoinAddress)) { try {
$_SESSION['POPUP'][] = array('CONTENT' => 'Transaction completed', 'TYPE' => 'success'); if ($setting->getValue('auto_payout_active') == 0) {
$aMailData['email'] = $user->getUserEmail($user->getUserName($_SESSION['USERDATA']['id'])); $bitcoin->sendtoaddress($sCoinAddress, $dBalance);
$aMailData['amount'] = $dBalance; } else {
$aMailData['subject'] = 'Manual Payout Completed'; $_SESSION['POPUP'][] = array('CONTENT' => 'Auto-payout active, please contact site support immidiately to revoke invalid transactions.', 'TYPE' => 'errormsg');
$notification->sendNotification($_SESSION['USERDATA']['id'], 'manual_payout', $aMailData); $continue = false;
}
} catch (BitcoinClientException $e) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to send ' . $config['currency'] . ', please contact site support immidiately', 'TYPE' => 'errormsg');
$continue = false;
}
}
// Set balance to 0, add to paid out, insert to ledger
if ($continue == true && $transaction->addTransaction($_SESSION['USERDATA']['id'], $dBalance, 'Debit_MP', NULL, $sCoinAddress)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Transaction completed', 'TYPE' => 'success');
$aMailData['email'] = $user->getUserEmail($user->getUserName($_SESSION['USERDATA']['id']));
$aMailData['amount'] = $dBalance;
$aMailData['subject'] = 'Manual Payout Completed';
$notification->sendNotification($_SESSION['USERDATA']['id'], 'manual_payout', $aMailData);
}
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to connect to litecoind RPC service', 'TYPE' => 'errormsg');
} }
} else { } else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to connect to litecoind RPC service', 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee'] . ' ' . $conifg['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg');
} }
} else { $setting->setValue('manual_payout_active', 0);
$_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee'] . ' ' . $conifg['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg');
} }
$setting->setValue('manual_payout_active', 0); break;
}
break;
case 'updateAccount': case 'updateAccount':
if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'])) { if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success'); $_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success');
} else { } else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg');
} }
break; break;
case 'updatePassword': case 'updatePassword':
if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'])) { if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success'); $_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success');
} else { } else {
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
}
break;
} }
break;
} }
} }

36
public/include/pages/account/notifications.inc.php
View File

@ -2,24 +2,24 @@
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt'); if (!defined('SECURITY')) die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home'); if ($user->isAuthenticated()) {
if ($_REQUEST['do'] == 'save') {
if ($_REQUEST['do'] == 'save') { if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) {
if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) { $_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings');
$_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings'); } else {
} else { $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update settings', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update settings', 'TYPE' => 'errormsg'); }
} }
// Fetch notifications
$aNotifications = $notification->getNofifications($_SESSION['USERDATA']['id']);
if (!$aNotifications) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any notifications', 'TYPE' => 'errormsg');
// Fetch user notification settings
$aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
$smarty->assign('NOTIFICATIONS', $aNotifications);
$smarty->assign('SETTINGS', $aSettings);
$smarty->assign('CONTENT', 'default.tpl');
} }
// Fetch notifications
$aNotifications = $notification->getNofifications($_SESSION['USERDATA']['id']);
if (!$aNotifications) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any notifications', 'TYPE' => 'errormsg');
// Fetch user notification settings
$aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
$smarty->assign('NOTIFICATIONS', $aNotifications);
$smarty->assign('SETTINGS', $aSettings);
$smarty->assign('CONTENT', 'default.tpl');
?> ?>

13
public/include/pages/account/transactions.inc.php
View File

@ -2,11 +2,10 @@
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt'); if (!defined('SECURITY')) die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home'); if (!$user->isAuthenticated()) {
$aTransactions = $transaction->getTransactions($_SESSION['USERDATA']['id']);
$aTransactions = $transaction->getTransactions($_SESSION['USERDATA']['id']); if (!$aTransactions) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any transaction', 'TYPE' => 'errormsg');
if (!$aTransactions) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any transaction', 'TYPE' => 'errormsg'); $smarty->assign('TRANSACTIONS', $aTransactions);
$smarty->assign('CONTENT', 'default.tpl');
$smarty->assign('TRANSACTIONS', $aTransactions); }
$smarty->assign('CONTENT', 'default.tpl');
?> ?>

57
public/include/pages/account/workers.inc.php
View File

@ -2,35 +2,36 @@
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt'); if (!defined('SECURITY')) die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home');
switch ($_REQUEST['do']) { if ($user->isAuthenticated()) {
case 'delete': switch ($_REQUEST['do']) {
if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) { case 'delete':
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed'); if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
} else { $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed');
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); } else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
case 'add':
if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker added');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
case 'update':
if ($worker->updateWorkers($_SESSION['USERDATA']['id'], $_POST['data'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
} }
break;
case 'add': $aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) { if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker added');
} else { $smarty->assign('CONTENT', 'default.tpl');
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg'); $smarty->assign('WORKERS', $aWorkers);
}
break;
case 'update':
if ($worker->updateWorkers($_SESSION['USERDATA']['id'], $_POST['data'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
} }
$aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'errormsg');
$smarty->assign('CONTENT', 'default.tpl');
$smarty->assign('WORKERS', $aWorkers);
?> ?>

7
public/include/pages/admin.inc.php
View File

@ -1,13 +1,12 @@
<?php <?php
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) if (!defined('SECURITY')) die('Hacking attempt');
die('Hacking attempt');
// Check user to ensure they are admin // Check user to ensure they are admin
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) { if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
header("HTTP/1.1 404 Page not found"); header("HTTP/1.1 404 Page not found");
die(); die("404 Page not found");
} }
// Tempalte specifics // Tempalte specifics

19
public/include/pages/admin/user.inc.php
View File

@ -1,17 +1,28 @@
<?php <?php
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) if (!defined('SECURITY')) die('Hacking attempt');
die('Hacking attempt');
// Check user to ensure they are admin // Check user to ensure they are admin
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) { if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
header("HTTP/1.1 404 Page not found"); header("HTTP/1.1 404 Page not found");
die(); die("404 Page not found");
} }
$aRoundShares = $statistics->getRoundShares(); $aRoundShares = $statistics->getRoundShares();
// Change account lock
if ($_POST['do'] == 'lock') {
$supress_master = 1;
$user->changeLocked($_POST['account_id']);
}
// Change account admin
if ($_POST['do'] == 'admin') {
$supress_master = 1;
$user->changeAdmin($_POST['account_id']);
}
if ($_POST['query']) { if ($_POST['query']) {
// Fetch requested users // Fetch requested users
$aUsers = $statistics->getAllUserStats($_POST['query']); $aUsers = $statistics->getAllUserStats($_POST['query']);

7
public/include/pages/admin/wallet.inc.php
View File

@ -1,13 +1,12 @@
<?php <?php
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) if (!defined('SECURITY')) die('Hacking attempt');
die('Hacking attempt');
// Check user to ensure they are admin // Check user to ensure they are admin
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) { if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
header("HTTP/1.1 404 Page not found"); header("HTTP/1.1 404 Page not found");
die(); die("404 Page not found");
} }
if ($bitcoin->can_connect() === true){ if ($bitcoin->can_connect() === true){

2
public/include/pages/login.inc.php
View File

@ -7,7 +7,7 @@ if (!defined('SECURITY'))
if ( $user->checkLogin($_POST['username'],$_POST['password']) ) { if ( $user->checkLogin($_POST['username'],$_POST['password']) ) {
header('Location: index.php?page=home'); header('Location: index.php?page=home');
} else { } else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid username or password', 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
} }
$smarty->assign('CONTENT', 'default.tpl'); $smarty->assign('CONTENT', 'default.tpl');
?> ?>

11
public/include/pages/statistics/blocks.inc.php
View File

@ -1,9 +1,8 @@
<?php <?php
// Make sure we are called from index.php // Make sure we are called from index.php
if (!defined('SECURITY')) if (!defined('SECURITY')) die('Hacking attempt');
die('Hacking attempt'); if (!$user->isAuthenticated()) header("Location: index.php?page=home");
// Grab the last blocks found // Grab the last blocks found
$iLimit = 30; $iLimit = 30;
@ -14,9 +13,5 @@ $aBlockData = $aBlocksFoundData[0];
$smarty->assign("BLOCKSFOUND", $aBlocksFoundData); $smarty->assign("BLOCKSFOUND", $aBlocksFoundData);
$smarty->assign("BLOCKLIMIT", $iLimit); $smarty->assign("BLOCKLIMIT", $iLimit);
if ($_SESSION['AUTHENTICATED']) { $smarty->assign("CONTENT", "blocks_found.tpl");
$smarty->assign("CONTENT", "blocks_found.tpl");
} else {
$smarty->assign("CONTENT", "default.tpl");
}
?> ?>

2
public/include/pages/statistics/pool.inc.php
View File

@ -50,7 +50,7 @@ $smarty->assign("LASTBLOCK", $aBlockData['height']);
$smarty->assign("DIFFICULTY", $dDifficulty); $smarty->assign("DIFFICULTY", $dDifficulty);
$smarty->assign("REWARD", $config['reward']); $smarty->assign("REWARD", $config['reward']);
if ($_SESSION['AUTHENTICATED']) { if ($user->isAuthenticated()) {
$smarty->assign("CONTENT", "authenticated.tpl"); $smarty->assign("CONTENT", "authenticated.tpl");
} else { } else {
$smarty->assign("CONTENT", "../default.tpl"); $smarty->assign("CONTENT", "../default.tpl");

10
public/include/pages/statistics/user.inc.php
View File

@ -4,12 +4,10 @@
if (!defined('SECURITY')) if (!defined('SECURITY'))
die('Hacking attempt'); die('Hacking attempt');
$aHourlyHashRates = $statistics->getHourlyHashrateByAccount($_SESSION['USERDATA']['id']); if ($user->isAuthenticated()) {
$aHourlyHashRates = $statistics->getHourlyHashrateByAccount($_SESSION['USERDATA']['id']);
// Propagate content our template // Propagate content our template
$smarty->assign("YOURHASHRATES", $aHourlyHashRates); $smarty->assign("YOURHASHRATES", $aHourlyHashRates);
if ($_SESSION['AUTHENTICATED']) {
$smarty->assign("CONTENT", "default.tpl"); $smarty->assign("CONTENT", "default.tpl");
} }
?> ?>

29
public/templates/mmcFE/admin/user/default.tpl
View File

@ -1,5 +1,22 @@
<script language="javascript">
function storeLock(id) {
$.ajax({
type: "POST",
url: "{$smarty.server.PHP_SELF}",
data: "page={$smarty.request.page}&action={$smarty.request.action}&do=lock&account_id=" + id,
});
}
function storeAdmin(id) {
$.ajax({
type: "POST",
url: "{$smarty.server.PHP_SELF}",
data: "page={$smarty.request.page}&action={$smarty.request.action}&do=admin&account_id=" + id,
});
}
</script>
{include file="global/block_header.tpl" BLOCK_HEADER="Query User Database"} {include file="global/block_header.tpl" BLOCK_HEADER="Query User Database"}
<form action="{$smarty.server.PHP_SELF}" method="POST"> <form action="{$smarty.server.PHP_SELF}" method="POST" id='query'>
<input type="hidden" name="page" value="{$smarty.request.page}"> <input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}"> <input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="query" value="{$smarty.request.query|default:"%"}"> <input type="text" class="pin" name="query" value="{$smarty.request.query|default:"%"}">
@ -23,6 +40,7 @@
<th class="right">Est. Payout&nbsp;&nbsp;&nbsp;</th> <th class="right">Est. Payout&nbsp;&nbsp;&nbsp;</th>
<th class="right">Balance&nbsp;&nbsp;&nbsp;</th> <th class="right">Balance&nbsp;&nbsp;&nbsp;</th>
<th class="center">Admin</th> <th class="center">Admin</th>
<th class="center">Locked</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -37,7 +55,14 @@
<td class="right">{$USERS[user].payout.est_payout|number_format:"8"}</td> <td class="right">{$USERS[user].payout.est_payout|number_format:"8"}</td>
<td class="right">{$USERS[user].balance|number_format:"8"}</td> <td class="right">{$USERS[user].balance|number_format:"8"}</td>
<td class="center"> <td class="center">
<img src="{$PATH}/images/{if $USERS[user].admin}success{else}error{/if}.gif" /> <input type="hidden" name="admin[{$USERS[user].id}]" value="0"/>
<input type="checkbox" onclick="storeAdmin({$USERS[user].id})" name="admin[{$USERS[user].id}]" value="1" id="admin[{$USERS[user].id}]" {if $USERS[user].is_admin}checked{/if} />
<label for="admin[{$USERS[user].id}]"></label>
</td>
<td class="center">
<input type="hidden" name="locked[{$USERS[user].id}]" value="0"/>
<input type="checkbox" onclick="storeLock({$USERS[user].id})" name="locked[{$USERS[user].id}]" value="1" id="locked[{$USERS[user].id}]" {if $USERS[user].is_locked}checked{/if} />
<label for="locked[{$USERS[user].id}]"></label>
</td> </td>
</tr> </tr>
{sectionelse} {sectionelse}

2
public/templates/mmcFE/global/navigation.tpl
View File

@ -11,7 +11,7 @@
</ul> </ul>
</li> </li>
{/if} {/if}
{if $smarty.session.AUTHENTICATED|default:"0" == 1 && $GLOBAL.userdata.admin == 1} {if $smarty.session.AUTHENTICATED|default:"0" == 1 && $GLOBAL.userdata.is_admin == 1}
<li><a href="{$smarty.server.PHP_SELF}?page=admin">Admin Panel</a> <li><a href="{$smarty.server.PHP_SELF}?page=admin">Admin Panel</a>
<ul> <ul>
<li><a href="{$smarty.server.PHP_SELF}?page=admin&action=user">User Info</a></li> <li><a href="{$smarty.server.PHP_SELF}?page=admin&action=user">User Info</a></li>

2
sql/issue_147_accounts_upgrade.sql Normal file
View File

@ -0,0 +1,2 @@
ALTER TABLE `accounts` ADD `is_locked` BOOLEAN NOT NULL DEFAULT FALSE AFTER `email` ;
ALTER TABLE `accounts` CHANGE `admin` `is_admin` BOOLEAN NOT NULL DEFAULT FALSE ;