RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

retooled most of the email confirmation setup

Browse Source
This commit is contained in:
xisi 2014-01-15 09:58:00 -05:00
parent 69eec05cb7
commit d9d678be61
11 changed files with 248 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
public/include/classes/payout.class.php
View File

@ -37,29 +37,14 @@ class Payout Extends Base {
* @return data mixed Inserted ID or false
**/
public function createPayout($account_id=NULL, $strToken) {
// twofactor - if cashout enabled we need to create/check the token
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['withdraw']) {
$tData = $this->token->getToken($strToken, 'withdraw_funds');
$tExists = $this->token->doesTokenExist('withdraw_funds', $account_id);
if (!is_array($tData) && $tExists == false) {
// token doesn't exist, let's create one, send an email with a link to use it, and error out
$token = $this->token->createToken('withdraw_funds', $account_id);
$aData['token'] = $token;
$aData['username'] = $this->getUserName($account_id);
$aData['email'] = $this->getUserEmail($aData['username']);
$aData['subject'] = 'Manual payout request confirmation';
$this->mail->sendMail('notifications/withdraw_funds', $aData);
$this->setErrorMessage("A confirmation has been sent to your e-mail");
return true;
$tValid = $this->token->isTokenValid($account_id, $strToken, 7);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
// already exists, if it's valid delete it and allow this edit
if ($strToken === $tData['token']) {
$this->token->deleteToken($tData['token']);
} else {
// token exists for this type, but this is not the right token
$this->setErrorMessage("A confirmation was sent to your e-mail, follow that link to cash out");
return false;
}
$this->setErrorMessage('Invalid token');
return false;
}
}
$stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id) VALUES (?)");
@ -86,7 +71,6 @@ $oPayout = new Payout();
$oPayout->setDebug($debug);
$oPayout->setMysql($mysqli);
$oPayout->setConfig($config);
$oPayout->setMail($mail);
$oPayout->setToken($oToken);
$oPayout->setErrorCodes($aErrorCodes);

16
public/include/classes/token.class.php
View File

@ -22,6 +22,20 @@ class Token Extends Base {
return $this->sqlError();
}
/**
* Check if a token we're passing in is completely valid
* @param account_id int Account id of user
* @param token string Token to check
* @param type int Type of token
* @return int 0 or 1
*/
public function isTokenValid($account_id, $token, $type) {
$stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? AND time < NOW() LIMIT 1");
if ($stmt && $stmt->bind_param('isi', $account_id, $token, $type) && $stmt->execute())
return $stmt->get_result()->num_rows;
return $this->sqlError();
}
/**
* Check if a token of this type already exists for a given account_id
* @param strType string Name of the type of token
@ -35,7 +49,7 @@ class Token Extends Base {
}
$stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND type = ? LIMIT 1");
if ($stmt && $stmt->bind_param('ii', $account_id, $iToken_id) && $stmt->execute())
return $stmt->num_rows;
return $stmt->get_result()->num_rows;
return $this->sqlError();
}

93
public/include/classes/user.class.php
View File

@ -255,6 +255,43 @@ class User extends Base {
return $dPercent;
}
/**
* Send e-mail to confirm a change for 2fa
* @param strType string Token type name
* @param userID int User ID
* @return bool
*/
public function sendChangeConf($strType, $userID) {
$exists = $this->token->doesTokenExist($strType, $userID);
if ($exists == 0) {
$token = $this->token->createToken($strType, $userID);
$aData['token'] = $token;
$aData['username'] = $this->getUserName($userID);
$aData['email'] = $this->getUserEmail($aData['username']);
switch ($strType) {
case 'account_edit':
$aData['subject'] = 'Account detail change confirmation';
break;
case 'change_pw':
$aData['subject'] = 'Account password change confirmation';
break;
case 'withdraw_funds':
$aData['subject'] = 'Manual payout request confirmation';
break;
default:
$aData['subject'] = '';
}
if ($this->mail->sendMail('notifications/'.$strType, $aData)) {
return true;
} else {
$this->setErrorMessage('Failed to send the notification');
return false;
}
}
$this->setErrorMessage('A request has already been sent to your e-mail address. Please wait 10 minutes for it to expire.');
return false;
}
/**
* Update the accounts password
* @param userID int User ID
@ -274,29 +311,14 @@ class User extends Base {
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
return false;
}
// twofactor - if changepw is enabled we need to create/check the token
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['changepw']) {
$tData = $this->token->getToken($strToken, 'change_pw');
$tExists = $this->token->doesTokenExist('change_pw', $userID);
if (!is_array($tData) && $tExists == false) {
// token doesn't exist, let's create one, send an email with a link to use it, and error out
$token = $this->token->createToken('change_pw', $userID);
$aData['token'] = $token;
$aData['username'] = $this->getUserName($userID);
$aData['email'] = $this->getUserEmail($aData['username']);
$aData['subject'] = 'Account password change confirmation';
$this->mail->sendMail('notifications/change_pw', $aData);
$this->setErrorMessage("A confirmation has been sent to your e-mail");
return true;
$tValid = $this->token->isTokenValid($userID, $strToken, 6);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
// already exists, if it's valid delete it and allow this edit
if ($strToken === $tData['token']) {
$this->token->deleteToken($tData['token']);
} else {
// token exists for this type, but this is not the right token
$this->setErrorMessage("A confirmation was sent to your e-mail, follow that link to change your password");
return false;
}
$this->setErrorMessage('Invalid token');
return false;
}
}
$current = $this->getHash($current);
@ -313,7 +335,7 @@ class User extends Base {
$this->setErrorMessage( 'Unable to update password, current password wrong?' );
return false;
}
/**
* Update account information from the edit account page
* @param userID int User ID
@ -373,29 +395,14 @@ class User extends Base {
$threshold = min($this->config['ap_threshold']['max'], max(0, floatval($threshold)));
$donate = min(100, max(0, floatval($donate)));
// twofactor - if details enabled we need to create/check the token
// twofactor - consume the token if it is enabled and valid
if ($this->config['twofactor']['enabled'] && $this->config['twofactor']['options']['details']) {
$tData = $this->token->getToken($strToken, 'account_edit');
$tExists = $this->token->doesTokenExist('account_edit', $userID);
if (!is_array($tData) && $tExists == false) {
// token doesn't exist, let's create one, send an email with a link to use it, and error out
$token = $this->token->createToken('account_edit', $userID);
$aData['token'] = $token;
$aData['username'] = $this->getUserName($userID);
$aData['email'] = $this->getUserEmail($aData['username']);
$aData['subject'] = 'Account detail change confirmation';
$this->mail->sendMail('notifications/account_edit', $aData);
$this->setErrorMessage("A confirmation has been sent to your e-mail");
return true;
$tValid = $this->token->isTokenValid($userID, $strToken, 5);
if ($tValid) {
$this->token->deleteToken($strToken);
} else {
// already exists, if it's valid delete it and allow this edit
if ($strToken === $tData['token']) {
$this->token->deleteToken($tData['token']);
} else {
// token exists for this type, but this is not the right token
$this->setErrorMessage("A confirmation was sent to your e-mail, follow that link to edit your account details");
return false;
}
$this->setErrorMessage('Invalid token');
return false;
}
}

2
public/include/config/global.inc.dist.php
View File

@ -7,7 +7,7 @@ if (!defined('SECURITY')) die('Hacking attempt');
* This is used in the version check to ensure you run the latest version of the configuration file.
* Once you upgraded your config, change the version here too.
**/
$config['version'] = '0.0.3';
$config['version'] = '0.0.4';
// Our include directory for additional features
define('INCLUDE_DIR', BASEPATH . 'include');

133
public/include/pages/account/edit.inc.php
View File

@ -4,7 +4,44 @@
if (!defined('SECURITY'))
die('Hacking attempt');
// 2fa tpl stuff
$cp_editable = $wf_editable = $ea_editable = $wf_sent = $ea_sent = $cp_sent = 0;
$ea_token = (!isset($_GET['ea_token'])) ? '' : $_GET['ea_token'];
$cp_token = (!isset($_GET['cp_token'])) ? '' : $_GET['cp_token'];
$wf_token = (!isset($_GET['wf_token'])) ? '' : $_GET['wf_token'];
if ($user->isAuthenticated()) {
// update 2f tpl stuff
if ($config['twofactor']['enabled']) {
$popupmsg = 'E-mail confirmations are required for ';
$popuptypes = array();
if ($config['twofactor']['options']['details']) {
$popuptypes[] = 'editing your details';
$ea_editable = $user->token->isTokenValid($_SESSION['USERDATA']['id'], $ea_token, 5);
$ea_sent = $user->token->doesTokenExist('account_edit', $_SESSION['USERDATA']['id']);
}
if ($config['twofactor']['options']['changepw']) {
$popuptypes[] = 'changing your password';
$cp_editable = $user->token->isTokenValid($_SESSION['USERDATA']['id'], $cp_token, 6);
$cp_sent = $user->token->doesTokenExist('change_pw', $_SESSION['USERDATA']['id']);
}
if ($config['twofactor']['options']['withdraw']) {
$popuptypes[] = 'withdrawals';
$wf_editable = $user->token->isTokenValid($_SESSION['USERDATA']['id'], $wf_token, 7);
$wf_sent = $user->token->doesTokenExist('withdraw_funds', $_SESSION['USERDATA']['id']);
}
$ptc = 0;
$ptcn = count($popuptypes);
foreach ($popuptypes as $pt) {
if ($ptcn == 1) { $popupmsg.= $popuptypes[$ptc]; continue; }
if ($ptc !== ($ptcn-1)) {
$popupmsg.= $popuptypes[$ptc].', ';
} else {
$popupmsg.= 'and '.$popuptypes[$ptc];
}
$ptc++;
}
$_SESSION['POPUP'][] = array('CONTENT' => $popupmsg, 'TYPE' => 'info');
}
if (isset($_POST['do']) && $_POST['do'] == 'genPin') {
if ($user->generatePin($_SESSION['USERDATA']['id'], $_POST['currentPassword'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Your PIN # has been sent to your email.', 'TYPE' => 'success');
@ -13,54 +50,78 @@ if ($user->isAuthenticated()) {
}
}
else {
if ( @$_POST['do'] && (! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']))) {
if ( @$_POST['do'] && (!$checkpin = $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']))) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN. ' . ($config['maxfailed']['pin'] - $user->getUserPinFailed($_SESSION['USERDATA']['id'])) . ' attempts remaining.', 'TYPE' => 'errormsg');
} else {
switch (@$_POST['do']) {
case 'cashOut':
if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Manual payouts are disabled.', 'TYPE' => 'info');
} else {
$aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']);
$dBalance = $aBalance['confirmed'];
if ($dBalance > $config['txfee_manual']) {
if (!$oPayout->isPayoutActive($_SESSION['USERDATA']['id'])) {
$wf_token = (!isset($_POST['wf_token'])) ? '' : $_POST['wf_token'];
if ($iPayoutId = $oPayout->createPayout($_SESSION['USERDATA']['id'], $wf_token)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Created new manual payout request with ID #' . $iPayoutId);
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $iPayoutId->getError(), 'TYPE' => 'errormsg');
}
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'You already have one active manual payout request.', 'TYPE' => 'errormsg');
}
if (isset($_POST['unlock']) && isset($_POST['utype']) && $checkpin) {
$validtypes = array('account_edit','change_pw','withdraw_funds');
$isvalid = in_array($_POST['utype'],$validtypes);
if ($isvalid) {
$ctype = strip_tags($_POST['utype']);
$send = $user->sendChangeConf($ctype, $_SESSION['USERDATA']['id']);
// set to sent for this pageload
if ($ctype == 'account_edit') $ea_sent = 1;
if ($ctype == 'change_pw') $cp_sent = 1;
if ($ctype == 'withdraw_funds') $wf_sent = 1;
if ($send) {
$_SESSION['POPUP'][] = array('CONTENT' => 'A confirmation was sent to your e-mail, follow that link to continue', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee_manual'] . ' ' . $config['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
}
}
break;
case 'updateAccount':
} else {
$ea_token = (!isset($_POST['ea_token'])) ? '' : $_POST['ea_token'];
if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'], $_POST['is_anonymous'], $ea_token)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg');
}
break;
case 'updatePassword':
$cp_token = (!isset($_POST['cp_token'])) ? '' : $_POST['cp_token'];
if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'], $cp_token)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
$wf_token = (!isset($_POST['wf_token'])) ? '' : $_POST['wf_token'];
switch (@$_POST['do']) {
case 'cashOut':
if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Manual payouts are disabled.', 'TYPE' => 'info');
} else {
$aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']);
$dBalance = $aBalance['confirmed'];
if ($dBalance > $config['txfee']) {
if (!$oPayout->isPayoutActive($_SESSION['USERDATA']['id'])) {
if ($iPayoutId = $oPayout->createPayout($_SESSION['USERDATA']['id'], $wf_token)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Created new manual payout request with ID #' . $iPayoutId);
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $iPayoutId->getError(), 'TYPE' => 'errormsg');
}
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'You already have one active manual payout request.', 'TYPE' => 'errormsg');
}
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee'] . ' ' . $config['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg');
}
}
break;
case 'updateAccount':
if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'], $_POST['is_anonymous'], $ea_token)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg');
}
break;
case 'updatePassword':
if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'], $cp_token)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
}
break;
}
break;
}
}
}
}
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
$smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
$smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
$smarty->assign("DETAILSUNLOCKED", $ea_editable);
$smarty->assign("CHANGEPASSSENT", $cp_sent);
$smarty->assign("WITHDRAWSENT", $wf_sent);
$smarty->assign("DETAILSSENT", $ea_sent);
?>

1
public/include/smarty_globals.inc.php
View File

@ -64,6 +64,7 @@ $aGlobal = array(
'confirmations' => $config['confirmations'],
'reward' => $config['reward'],
'price' => $setting->getValue('price'),
'twofactor' => $config['twofactor'],
'config' => array(
'disable_navbar' => $setting->getValue('disable_navbar'),
'disable_navbar_api' => $setting->getValue('disable_navbar_api'),

4
public/include/version.inc.php
View File

@ -3,8 +3,8 @@
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
define('CONFIG_VERSION', '0.0.3');
define('MPOS_VERSION', '0.0.1');
define('DB_VERSION', '0.0.4');
define('CONFIG_VERSION', '0.0.4');
// Fetch installed database version
$db_version = $setting->getValue('DB_VERSION');

11
public/site_assets/mpos/css/layout.css
View File

@ -580,6 +580,17 @@ text-shadow: 0 1px 0 #6CDCF9;
cursor: pointer;
}
input[type=submit].alt_btn:disabled,input[type=submit].alt_btn:readonly {
background: #D0D1D4 url(../images/btn_submit.png) repeat-x;
border: 1px solid#aaa;
text-shadow: none;
color: #999;
}
input[type=submit].alt_btn:disabled:hover {
color: #999;
}
input[type=submit].alt_btn:hover {
color: #001217;
}

75
public/templates/mpos/account/edit/default.tpl
View File

@ -7,11 +7,11 @@
<div class="module_content">
<fieldset>
<label>Username</label>
<input type="text" value="{$GLOBAL.userdata.username|escape}" readonly />
<input type="text" value="{$GLOBAL.userdata.username|escape}" disabled />
</fieldset>
<fieldset>
<label>User Id</label>
<input type="text" value="{$GLOBAL.userdata.id}" readonly />
<input type="text" value="{$GLOBAL.userdata.id}" disabled />
</fieldset>
{if !$GLOBAL.website.api.disabled}
<fieldset>
@ -21,29 +21,29 @@
{/if}
<fieldset>
<label>E-Mail</label>
<input type="text" name="email" value="{nocache}{$GLOBAL.userdata.email|escape}{/nocache}" size="20" />
<input type="text" name="email" value="{nocache}{$GLOBAL.userdata.email|escape}{/nocache}" size="20" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details && !$DETAILSUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>Payment Address</label>
<input type="text" name="paymentAddress" value="{nocache}{$smarty.request.paymentAddress|default:$GLOBAL.userdata.coin_address|escape}{/nocache}" size="40" />
<input type="text" name="paymentAddress" value="{nocache}{$smarty.request.paymentAddress|default:$GLOBAL.userdata.coin_address|escape}{/nocache}" size="40" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details && !$DETAILSUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>Donation Percentage</label>
<font size="1"> Donation amount in percent (example: 0.5)</font>
<input type="text" name="donatePercent" value="{nocache}{$smarty.request.donatePercent|default:$GLOBAL.userdata.donate_percent|escape}{/nocache}" size="4" />
<input type="text" name="donatePercent" value="{nocache}{$smarty.request.donatePercent|default:$GLOBAL.userdata.donate_percent|escape}{/nocache}" size="4" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details && !$DETAILSUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>Automatic Payout Threshold</label>
</br>
<font size="1" style="margin: 0px -200px;">{$GLOBAL.config.ap_threshold.min}-{$GLOBAL.config.ap_threshold.max} {$GLOBAL.config.currency}. Set to '0' for no auto payout. A {if $GLOBAL.config.txfee_auto > 0.00001}{$GLOBAL.config.txfee_auto}{else}{$GLOBAL.config.txfee_auto|number_format:"8"}{/if}% {$GLOBAL.config.currency} TX fee will apply <span id="tt"><img width="15px" height="15px" title="This {if $GLOBAL.config.txfee_auto > 0.00001}{$GLOBAL.config.txfee_auto}{else}{$GLOBAL.config.txfee_auto|number_format:"8"}{/if}% automatic payment transaction fee is a network fee and goes back into the network not the pool." src="site_assets/mpos/images/questionmark.png"></span></font>
<input type="text" name="payoutThreshold" value="{nocache}{$smarty.request.payoutThreshold|default:$GLOBAL.userdata.ap_threshold|escape}{/nocache}" size="{$GLOBAL.config.ap_threshold.max|strlen}" maxlength="{$GLOBAL.config.ap_threshold.max|strlen}" />
<input type="text" name="payoutThreshold" value="{nocache}{$smarty.request.payoutThreshold|default:$GLOBAL.userdata.ap_threshold|escape}{/nocache}" size="{$GLOBAL.config.ap_threshold.max|strlen}" maxlength="{$GLOBAL.config.ap_threshold.max|strlen}" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details && !$DETAILSUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>Anonymous Account</label>
Hide username on website from others. Admins can still get your user information.
<label class="checkbox" for="is_anonymous">
<input class="ios-switch" type="hidden" name="is_anonymous" value="0" />
<input class="ios-switch" type="checkbox" name="is_anonymous" value="1" id="is_anonymous" {nocache}{if $GLOBAL.userdata.is_anonymous}checked{/if}{/nocache} />
<input class="ios-switch" type="checkbox" name="is_anonymous" value="1" id="is_anonymous" {nocache}{if $GLOBAL.userdata.is_anonymous}checked{/if}{/nocache} {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details && !$DETAILSUNLOCKED}disabled{/if}/>
<div class="switch"></div>
</label>
</fieldset>
@ -55,8 +55,23 @@
</div>
<footer>
<div class="submit_link">
{nocache}
<input type="hidden" name="ea_token" value="{$smarty.request.ea_token|escape}">
<input type="submit" value="Update Account" class="alt_btn">
<input type="hidden" name="utype" value="account_edit">
{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details}
{if $DETAILSUNLOCKED > 0 && $DETAILSSENT > 0}
<input type="submit" value="Update Account" class="alt_btn">
{else}
{if $DETAILSSENT == 1}
<input type="submit" value="Update Account" class="alt_btn" disabled>
{else}
<input type="submit" value="Unlock" class="alt_btn" name="unlock">
{/if}
{/if}
{else}
<input type="submit" value="Update Account" class="alt_btn">
{/if}
{/nocache}
</div>
</footer>
</article>
@ -77,11 +92,11 @@
</p>
<fieldset>
<label>Account Balance</label>
<input type="text" value="{nocache}{$GLOBAL.userdata.balance.confirmed|escape}{/nocache}" {$GLOBAL.config.currency} readonly/>
<input type="text" value="{nocache}{$GLOBAL.userdata.balance.confirmed|escape}{/nocache}" {$GLOBAL.config.currency} readonly {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.withdraw && !$WITHDRAWUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>Payout to</label>
<input type="text" value="{nocache}{$GLOBAL.userdata.coin_address|escape}{/nocache}" readonly/>
<input type="text" value="{nocache}{$GLOBAL.userdata.coin_address|escape}{/nocache}" readonly {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.withdraw && !$WITHDRAWUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>4 digit PIN</label>
@ -90,8 +105,23 @@
</div>
<footer>
<div class="submit_link">
{nocache}
<input type="hidden" name="wf_token" value="{$smarty.request.wf_token|escape}">
<input type="submit" value="Cash Out" class="alt_btn">
<input type="hidden" name="utype" value="withdraw_funds">
{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.withdraw}
{if $WITHDRAWUNLOCKED > 0 && $WITHDRAWSENT > 0}
<input type="submit" value="Cash Out" class="alt_btn">
{else}
{if $WITHDRAWSENT == 1}
<input type="submit" value="Cash Out" class="alt_btn" disabled>
{else}
<input type="submit" value="Unlock" class="alt_btn" name="unlock">
{/if}
{/if}
{else}
<input type="submit" value="Cash Out" class="alt_btn">
{/if}
{/nocache}
</div>
</footer>
</article>
@ -112,15 +142,15 @@
</p>
<fieldset>
<label>Current Password</label>
<input type="password" name="currentPassword" />
<input type="password" name="currentPassword" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw && !$CHANGEPASSUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>New Password</label>
<input type="password" name="newPassword" />
<input type="password" name="newPassword" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw && !$CHANGEPASSUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>New Password Repeat</label>
<input type="password" name="newPassword2" />
<input type="password" name="newPassword2" {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw && !$CHANGEPASSUNLOCKED}disabled{/if}/>
</fieldset>
<fieldset>
<label>4 digit PIN</label>
@ -129,8 +159,23 @@
</div>
<footer>
<div class="submit_link">
{nocache}
<input type="hidden" name="cp_token" value="{$smarty.request.cp_token|escape}">
<input type="submit" value="Change Password" class="alt_btn">
<input type="hidden" name="utype" value="change_pw">
{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw}
{if $CHANGEPASSUNLOCKED > 0 && $CHANGEPASSSENT > 0}
<input type="submit" value="Change Password" class="alt_btn">
{else}
{if $CHANGEPASSSENT == 1}
<input type="submit" value="Change Password" class="alt_btn" disabled>
{else}
<input type="submit" value="Unlock" class="alt_btn" name="unlock">
{/if}
{/if}
{else}
<input type="submit" value="Change Password" class="alt_btn">
{/if}
{/nocache}
</div>
</footer>
</article>

6
sql/000_base_structure.sql
View File

@ -96,7 +96,9 @@ CREATE TABLE IF NOT EXISTS `notification_settings` (
`type` varchar(15) NOT NULL,
`account_id` int(11) NOT NULL,
`active` tinyint(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
PRIMARY KEY (`id`),
KEY `account_id` (`account_id`),
UNIQUE KEY `account_id_type` (`account_id`,`type`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `payouts` (
@ -128,7 +130,7 @@ CREATE TABLE IF NOT EXISTS `settings` (
UNIQUE KEY `setting` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `settings` (`name`, `value`) VALUES ('DB_VERSION', '0.0.3');
INSERT INTO `settings` (`name`, `value`) VALUES ('DB_VERSION', '0.0.4');
CREATE TABLE IF NOT EXISTS `shares` (
`id` bigint(30) NOT NULL AUTO_INCREMENT,

2
sql/013_tokentype_update.sql
View File

@ -3,5 +3,5 @@ INSERT INTO `token_types` (`name`, `expiration`) VALUES ('change_pw', 360);
INSERT INTO `token_types` (`name`, `expiration`) VALUES ('withdraw_funds', 360);
CREATE INDEX `account_id` ON `notification_settings` (`account_id`);
CREATE UNIQUE INDEX `account_id_type` ON `notification_settings` (`account_id`,`type`);
INSERT INTO `settings` (`name`, `value`) VALUES ('DB_VERSION', '0.0.3') ON DUPLICATE KEY UPDATE `value` = '0.0.3';
INSERT INTO `settings` (`name`, `value`) VALUES ('DB_VERSION', '0.0.4') ON DUPLICATE KEY UPDATE `value` = '0.0.4';
INSERT INTO `settings` (`name`, `value`) VALUES ('db_upgrade_required', 0) ON DUPLICATE KEY UPDATE `value` = 0;