From 6c4fb84ee909ccdd27e04cf9f60019a2b718bca3 Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Wed, 5 Jun 2013 09:11:25 +0200 Subject: [PATCH 1/2] Adding min/max threshold configuration * Check for min/max values set for auto payouts * Display error messages to the user * Sanitize values just in case we fall through the validation * Updated template and class * New configuration option added! Update your local configs! Fixes #108 --- public/include/classes/user.class.php | 21 +++++++++++++++++++-- public/include/config/global.inc.dist.php | 4 ++++ public/include/pages/account/edit.inc.php | 2 +- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php index 2b5f093e..8db17a1e 100644 --- a/public/include/classes/user.class.php +++ b/public/include/classes/user.class.php @@ -241,10 +241,27 @@ class User { public function updateAccount($userID, $address, $threshold, $donate) { $this->debug->append("STA " . __METHOD__, 4); $bUser = false; - $threshold = min(250, max(0, floatval($threshold))); - if ($threshold < 1) $threshold = 0.0; + + // number validation checks + if ($threshold < $this->config['ap_threshold']['min'] && $threshold != 0) { + $this->setErrorMessage('Threshold below configured minimum of ' . $this->config['ap_threshold']['min']); + return false; + } else if ($threshold > $this->config['ap_threshold']['max']) { + $this->setErrorMessage('Threshold above configured maximum of ' . $this->config['ap_threshold']['max']); + return false; + } + if ($donate < 0) { + $this->setErrorMessage('Donation below allowed 0% limit'); + return false; + } else if ($donate > 100) { + $this->setErrorMessage('Donation above allowed 100% limit'); + return false; + } + // Number sanitizer, just in case we fall through above + $threshold = min($this->config['ap_threshold']['max'], max(0, floatval($threshold))); $donate = min(100, max(0, floatval($donate))); + // We passed all validation checks so update the account $stmt = $this->mysqli->prepare("UPDATE $this->table SET coin_address = ?, ap_threshold = ?, donate_percent = ? WHERE id = ?"); $stmt->bind_param('sddi', $address, $threshold, $donate, $userID); $stmt->execute(); diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php index 2bb6069f..306d5261 100644 --- a/public/include/config/global.inc.dist.php +++ b/public/include/config/global.inc.dist.php @@ -25,6 +25,10 @@ $config = array( 'url' => 'https://btc-e.com/api/2', 'target' => '/ltc_usd/ticker' ), + 'ap_threshold' => array( + 'min' => 1, + 'max' => 250 + ), 'website' => array( 'name' => 'The Pool', 'slogan' => 'Resistance is futile', diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php index 6308e271..84937115 100644 --- a/public/include/pages/account/edit.inc.php +++ b/public/include/pages/account/edit.inc.php @@ -49,7 +49,7 @@ if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'])) { $_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success'); } else { - $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account', 'TYPE' => 'errormsg'); + $_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg'); } break; From 11338cedf3e3a8e09d8a24b6ee2a93debfc0011c Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Wed, 5 Jun 2013 09:17:10 +0200 Subject: [PATCH 2/2] Add new threshold display to template Forgot to add the template files that adds configurable thresholds --- public/include/smarty_globals.inc.php | 8 +++++++- public/templates/mmcFE/account/edit/default.tpl | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php index f34b3b4a..fa5c7923 100644 --- a/public/include/smarty_globals.inc.php +++ b/public/include/smarty_globals.inc.php @@ -25,7 +25,13 @@ $aGlobal = array( 'reward' => $config['reward'], 'price' => $setting->getValue('price'), 'blockexplorer' => $config['blockexplorer'], - 'chaininfo' => $config['chaininfo'] + 'chaininfo' => $config['chaininfo'], + 'config' => array( + 'ap_threshold' => array( + 'min' => $config['ap_threshold']['min'], + 'max' => $config['ap_threshold']['max'] + ) + ) ); // We don't want these session infos cached diff --git a/public/templates/mmcFE/account/edit/default.tpl b/public/templates/mmcFE/account/edit/default.tpl index 9d885b16..2fc9b4a9 100644 --- a/public/templates/mmcFE/account/edit/default.tpl +++ b/public/templates/mmcFE/account/edit/default.tpl @@ -9,7 +9,7 @@ API Key: {$GLOBAL.userdata.api_key} Payment Address: Donation %: [donation amount in percent (example: 0.5)] - Automatic Payout Threshold: [1-250 LTC. Set to '0' for no auto payout] + Automatic Payout Threshold: [{$GLOBAL.config.ap_threshold.min}-{$GLOBAL.config.ap_threshold.max} LTC. Set to '0' for no auto payout] 4 digit PIN: [The 4 digit PIN you chose when registering]