From 63960e2e62c3c140b7efda02f674b44d754fb220 Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Fri, 10 Jan 2014 20:04:57 +0100 Subject: [PATCH 1/5] [IMPROVED] Allow e-mails only for login This is a major change in MPOS. Usernames will not be allowed anymore. This will avoid a lot of brute force issues since usernames are not a valid login method anymore. Fixes #1345 once merged. --- public/include/classes/user.class.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php index ada25335..80cc346a 100644 --- a/public/include/classes/user.class.php +++ b/public/include/classes/user.class.php @@ -116,7 +116,11 @@ class User extends Base { $this->setErrorMessage("Invalid username or password."); return false; } - if (filter_var($username, FILTER_VALIDATE_EMAIL)) { + if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { + $this->debug->append("Not an e-mail address, rejecting login", 2); + $this->setErrorMessage("Please login with your e-mail address"); + return false; + } else { $this->debug->append("Username is an e-mail: $username", 2); if (!$username = $this->getUserNameByEmail($username)) { $this->setErrorMessage("Invalid username or password."); From 2829f6a746bb5c81930fa666252be1ed1fe6ce3a Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Fri, 10 Jan 2014 20:27:18 +0100 Subject: [PATCH 2/5] [IMPROVED] Dropped username from login --- public/templates/mpos/login/default.tpl | 2 +- public/templates/mpos/login/small.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/public/templates/mpos/login/default.tpl b/public/templates/mpos/login/default.tpl index c10467a4..00a1d972 100644 --- a/public/templates/mpos/login/default.tpl +++ b/public/templates/mpos/login/default.tpl @@ -5,7 +5,7 @@

Login with existing account

- +
diff --git a/public/templates/mpos/login/small.tpl b/public/templates/mpos/login/small.tpl index 6448f750..85f099bf 100644 --- a/public/templates/mpos/login/small.tpl +++ b/public/templates/mpos/login/small.tpl @@ -5,7 +5,7 @@ {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.forms.login}{/if} - + From d9f591e7c86ad5a2776da2be31fa6b82ca14f0d7 Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Sat, 11 Jan 2014 20:58:52 +0100 Subject: [PATCH 3/5] [UPDATE] MPOS version due to major change --- public/include/version.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/include/version.inc.php b/public/include/version.inc.php index 157f229b..e1da501b 100644 --- a/public/include/version.inc.php +++ b/public/include/version.inc.php @@ -3,7 +3,7 @@ // Make sure we are called from index.php if (!defined('SECURITY')) die('Hacking attempt'); -define('MPOS_VERSION', '0.0.1'); +define('MPOS_VERSION', '0.0.2'); define('DB_VERSION', '0.0.3'); define('CONFIG_VERSION', '0.0.4'); From bc833eb40b43fdf61fdd336130d8cc72c1c4901c Mon Sep 17 00:00:00 2001 From: Jesse Collier Date: Sat, 11 Jan 2014 18:02:23 -0800 Subject: [PATCH 4/5] [IMPROVED] Adds Email label and removes maxlength When logging in from mobile, there currently is not an indicater to use email or username. This labels it correctly. Removed maxlength to allow for lengthier email addresses. --- public/templates/mobile/login/default.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/public/templates/mobile/login/default.tpl b/public/templates/mobile/login/default.tpl index 2a44cebb..899a990f 100644 --- a/public/templates/mobile/login/default.tpl +++ b/public/templates/mobile/login/default.tpl @@ -1,8 +1,8 @@
{if $GLOBAL.csrf.enabled && $GLOBAL.csrf.forms.login}{/if} -

-

+

+

{nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}

From 75729c659263b6d389be7937633c71ae98f8c0ec Mon Sep 17 00:00:00 2001 From: obigal Date: Sun, 12 Jan 2014 15:07:22 -0500 Subject: [PATCH 5/5] pplns payouts speed improvements / reworked insert method --- cronjobs/pplns_payout.php | 60 ++++++++++++--------- public/include/classes/roundstats.class.php | 4 +- public/include/classes/statistics.class.php | 32 ++--------- 3 files changed, 42 insertions(+), 54 deletions(-) diff --git a/cronjobs/pplns_payout.php b/cronjobs/pplns_payout.php index 87a02ac5..c8e6626a 100755 --- a/cronjobs/pplns_payout.php +++ b/cronjobs/pplns_payout.php @@ -153,19 +153,42 @@ foreach ($aAllBlocks as $iIndex => $aBlock) { $iRoundShares = $iNewRoundShares; } + // Merge round shares and pplns shares arrays + $aTotalAccountShares = NULL; + foreach($aAccountShares as $key => $aData) { + $aData['pplns_valid'] = $aData['valid']; + $aData['pplns_invalid'] = $aData['invalid']; + $aData['valid'] = 0; + $aData['invalid'] = 0; + $aTotalAccountShares[$aData['username']] = $aData; + } + foreach($aRoundAccountShares as $key => $aTempData) { + if (array_key_exists($aTempData['username'], $aTotalAccountShares)) { + $aTotalAccountShares[$aTempData['username']]['valid'] = $aTempData['valid']; + $aTotalAccountShares[$aTempData['username']]['invalid'] = $aTempData['invalid']; + } else { + $aTempData['pplns_valid'] = 0; + $aTempData['pplns_invalid'] = 0; + $aTotalAccountShares[$aTempData['username']] = $aTempData; + } + } + // Table header for account shares $log->logInfo("ID\tUsername\tValid\tInvalid\tPercentage\tPayout\t\tDonation\tFee"); // Loop through all accounts that have found shares for this round - foreach ($aAccountShares as $key => $aData) { + foreach ($aTotalAccountShares as $key => $aData) { // Skip entries that have no account ID, user deleted? if (empty($aData['id'])) { $log->logInfo('User ' . $aData['username'] . ' does not have an associated account, skipping'); continue; } + if ($aData['pplns_valid'] == 0) { + continue; + } // Payout based on PPLNS target shares, proportional payout for all users - $aData['percentage'] = round(( 100 / $iRoundShares) * $aData['valid'], 8); + $aData['percentage'] = round(( 100 / $iRoundShares) * $aData['pplns_valid'], 8); $aData['payout'] = round(( $aData['percentage'] / 100 ) * $dReward, 8); // Defaults $aData['fee' ] = 0; @@ -179,33 +202,13 @@ foreach ($aAllBlocks as $iIndex => $aBlock) { // Verbose output of this users calculations $log->logInfo($aData['id'] . "\t" . $aData['username'] . "\t" . - $aData['valid'] . "\t" . - $aData['invalid'] . "\t" . + $aData['pplns_valid'] . "\t" . + $aData['pplns_invalid'] . "\t" . number_format($aData['percentage'], 8) . "\t" . number_format($aData['payout'], 8) . "\t" . number_format($aData['donation'], 8) . "\t" . number_format($aData['fee'], 8)); - // Add full round share statistics, not just PPLNS - foreach ($aRoundAccountShares as $key => $aRoundData) { - if ($aRoundData['username'] == $aData['username']) - if (!$statistics->updateShareStatistics($aRoundData, $aBlock['id'])) - $log->logError('Failed to update share statistics for ' . $aData['username'] . ': ' . $statistics->getCronError()); - } - - // Add PPLNS share statistics - foreach ($aAccountShares as $key => $aRoundData) { - if ($aRoundData['username'] == $aData['username']){ - if (@$statistics->getIdShareStatistics($aRoundData, $aBlock['id'])){ - if (!$statistics->updatePPLNSShareStatistics($aRoundData, $aBlock['id'])) - $log->logError('Failed to update pplns statistics for ' . $aData['username'] . ': ' . $statistics->getCronError()); - } else { - if (!$statistics->insertPPLNSShareStatistics($aRoundData, $aBlock['id'])) - $log->logError('Failed to insert pplns statistics for ' . $aData['username'] . ': ' . $statistics->getCronError()); - } - } - } - // Add new credit transaction if (!$transaction->addTransaction($aData['id'], $aData['payout'], 'Credit', $aBlock['id'])) $log->logFatal('Failed to insert new Credit transaction to database for ' . $aData['username'] . ': ' . $transaction->getCronError()); @@ -219,6 +222,15 @@ foreach ($aAllBlocks as $iIndex => $aBlock) { $log->logFatal('Failed to insert new Donation transaction to database for ' . $aData['username'] . ': ' . $transaction->getCronError()); } + // Add full round share statistics + foreach ($aTotalAccountShares as $key => $aRoundData) { + if (empty($aRoundData['id'])) { + continue; + } + if (!$statistics->insertPPLNSStatistics($aRoundData, $aBlock['id'])) + $log->logError('Failed to insert share statistics for ' . $aRoundData['username'] . ': ' . $statistics->getCronError()); + } + // Store this blocks height as last accounted for $setting->setValue('last_accounted_block_id', $aBlock['id']); diff --git a/public/include/classes/roundstats.class.php b/public/include/classes/roundstats.class.php index 0bbbb5ac..bfb7707f 100644 --- a/public/include/classes/roundstats.class.php +++ b/public/include/classes/roundstats.class.php @@ -107,7 +107,7 @@ class RoundStats extends Base { FROM " . $this->statistics->getTableName() . " AS s LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id - WHERE b.height = ? + WHERE b.height = ? AND s.valid > 0 GROUP BY username ASC ORDER BY valid DESC "); @@ -136,7 +136,7 @@ class RoundStats extends Base { FROM " . $this->statistics->getTableName() . " AS s LEFT JOIN " . $this->block->getTableName() . " AS b ON s.block_id = b.id LEFT JOIN " . $this->user->getTableName() . " AS a ON a.id = s.account_id - WHERE b.height = ? + WHERE b.height = ? AND s.pplns_valid > 0 GROUP BY username ASC ORDER BY pplns_valid DESC "); diff --git a/public/include/classes/statistics.class.php b/public/include/classes/statistics.class.php index 5ced30bf..5ae10690 100644 --- a/public/include/classes/statistics.class.php +++ b/public/include/classes/statistics.class.php @@ -202,36 +202,12 @@ class Statistics extends Base { } /** - * update user statistics of valid and invalid pplns shares + * insert user round and pplns shares merged array **/ - public function updatePPLNSShareStatistics($aStats, $iBlockId) { + public function insertPPLNSStatistics($aStats, $iBlockId) { $this->debug->append("STA " . __METHOD__, 4); - $stmt = $this->mysqli->prepare(" - UPDATE $this->table SET pplns_valid = ?, pplns_invalid = ? WHERE account_id = ? AND block_id = ?"); - if ($this->checkStmt($stmt) && $stmt->bind_param('iiii', $aStats['valid'], $aStats['invalid'], $aStats['id'], $iBlockId) && $stmt->execute()) return true; - return $this->sqlError(); - } - - /** - * insert user statistics of valid and invalid pplns shares "rbpplns" - **/ - public function insertPPLNSShareStatistics($aStats, $iBlockId) { - $this->debug->append("STA " . __METHOD__, 4); - $stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, valid, invalid, pplns_valid, pplns_invalid, block_id) VALUES (?, 0, 0, ?, ?, ?)"); - if ($this->checkStmt($stmt) && $stmt->bind_param('iiii', $aStats['id'], $aStats['valid'], $aStats['invalid'], $iBlockId) && $stmt->execute()) return true; - return $this->sqlError(); - } - - /** - * Fetch the share ID from stats for rbpplns - **/ - function getIdShareStatistics($aStats, $iBlockId) { - $stmt = $this->mysqli->prepare(" - SELECT id AS id FROM $this->table - WHERE account_id = ? AND block_id = ? - "); - if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $aStats['id'], $iBlockId) && $stmt->execute() && $result = $stmt->get_result()) - return $result->fetch_object()->id; + $stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, valid, invalid, pplns_valid, pplns_invalid, block_id) VALUES (?, ?, ?, ?, ?, ?)"); + if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiii', $aStats['id'], $aStats['valid'], $aStats['invalid'], $aStats['pplns_valid'], $aStats['pplns_invalid'], $iBlockId) && $stmt->execute()) return true; return $this->sqlError(); }