RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,287 Commits 4 Branches 11 Tags 14 MiB
36f3a16cc3
Commit Graph

1015 Commits

Author SHA1 Message Date
xisi
36f3a16cc3 gave password reset its own csrf token 2014-01-20 04:40:38 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
xisi
7e3197246a fixed error response to not leak info to users 2014-01-20 04:40:38 -05:00
xisi
cc6e58084f Fixed an bug where a notice could be thrown on the edit page under the right conditions 
Cleaned up login page logic which should fix #1459 & #1461
Fixed a bug in tools class where an incorrect config setting could throw a notice
 2014-01-20 04:40:38 -05:00
xisi
dacadd8477 Fixed bug / undefined index when api settings are empty 2014-01-20 04:40:15 -05:00
xisi
62e341b877 finally cleaned up the edit account page to my liking 
fixed change I made to test a fix for someone who was having issues
 2014-01-20 04:38:53 -05:00
xisi
fed3981979 fixed isTokenValid, started work on edit fixes, recaptcha fix test 2014-01-20 04:38:25 -05:00
xisi
3b6a408c3f forget the check, the crons run 2014-01-20 04:33:28 -05:00
xisi
d3a7d4bdbf inc db version in version include 2014-01-20 04:32:54 -05:00
xisi
4be9330ca1 typo 2014-01-20 04:32:54 -05:00
xisi
18f808a85b After messing around for quite awhile now with the SQL NOW() and timestamp comparison, I've come to the conclusion it's much better for my sanity to do the expiration check in php - there seems to be some divergence between the way this is handled between SQL setups I've tested. So there you go. 2014-01-20 04:32:54 -05:00
xisi
bacbb8c36c after looking into this quite a bit, this is the correct way to do it after all 2014-01-20 04:30:17 -05:00
xisi
13e6c43ba5 add notify_email to accounts table and getUserNotifyEmail() method in user class 2014-01-20 04:30:17 -05:00
xisi
9ecd8d4d3e added signup_timestamp to accounts table 
added getSignupTime() method to user class
added 014_accounts_update.sql and updated 000_base_structure.sql
incremented db version
 2014-01-20 04:30:17 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
a36a0c5b79 [UPDATE] CSRF protection + User/IP/Date & time added to login notification 
* Adds CSRF protection for multiple pages, see bottom
 * Adds User/IP/Date & time to successful login notification
 * New config option for sitewide CSRF protection
 * Fixed a bug in the contact form
 * Lots of cleanup related to CSRF stuff
 * Increments config version
 * CSRF protection: register, contact, account edit, workers, notifications, and invites
 2014-01-20 04:29:45 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
xisi
9ccb5e15bc refactored old token usage in account edit page 2014-01-20 04:27:58 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00
xisi
58529547e0 Cleaned up logic of login page csrf protection 
added csrf protection to register page
 2014-01-20 04:27:22 -05:00
xisi
6da5510035 clean up pages that use csrftokens 2014-01-20 04:26:04 -05:00
xisi
42d93f5beb specific timing for csrf tokens 2014-01-20 04:26:04 -05:00
xisi
a56140ca84 Moved csrftoken stuff into a class 
added getCurrentIP method to user class
added config option for sitewide csrf protection
 2014-01-20 04:26:04 -05:00
xisi
19a0945be2 no config version inc 2014-01-20 04:26:04 -05:00
xisi
6afc876d19 Merge changes from TheSerapher's pull/1404 Added re-Captcha to Login Page 2014-01-20 04:26:04 -05:00
Sebastian Grewe
954459b897 Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-20 09:58:33 +01:00
Sebastian Grewe
56fbf205b7 [ADDED] Comment for DEBUG levels 2014-01-20 09:58:06 +01:00
Sebastian Grewe
5b7cf6ab93 [FIX] SQL again, sigh 2014-01-19 17:28:34 +01:00
Sebastian Grewe
8a983835c6 [FIX] Whoopsie SQL 2014-01-19 17:25:55 +01:00
Sebastian Grewe
d4db477c2d [FIX] Also honor diff for share difficulties if unset 2014-01-19 17:22:00 +01:00
Sebastian Grewe
b905089a01 [FIX] Removed debug output 2014-01-19 17:18:09 +01:00
Sebastian Grewe
0fb543c3ed [FIX] Honor target_bits for hashrate 2014-01-19 17:17:24 +01:00
Sebastian Grewe
cf49db4535 [IMPROVED] Cronbased global Hash-/Sharerate cache 
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache

Addresses #1471 and may fix it already if no other changes are required.
 2014-01-19 17:05:27 +01:00
Sebastian Grewe
10e3fcab7e Merge pull request #1468 from Neozonz/issue-1467 
MySQL Optimization: always use order by when using limits
 2014-01-19 06:39:13 -08:00
Neozonz
44e0fa6745 Reverted 2014-01-19 09:35:39 -05:00
Neozonz
73e3bb2284 Removed ORDER BY for single queries 2014-01-19 06:05:55 -05:00
Neozonz
773286bd06 ORDER BY for Updates/Deletes 2014-01-19 06:00:29 -05:00
Neozonz
38f5daba6b Search blocks by desc and order by for deletes 2014-01-19 06:00:14 -05:00
Neozonz
47eb9f7fa0 Allow getWorkerHashRate to set invervals 2014-01-19 05:56:31 -05:00
Joey
0309886645 What a stupid thing of me to miss 
UNIX_TIMESTAMP() for time comparison, oops
 2014-01-17 03:53:09 -05:00
Sebastian Grewe
a572d0cea0 Merge pull request #1351 from TheSerapher/issue-1345 
Issue 1345
 2014-01-16 23:46:40 -08:00
Sebastian Grewe
1dfbeea5f7 Merge pull request #1420 from TheSerapher/issue-1343 
[IMPROVED] jsonRPC Error Handling with CURL
 2014-01-16 06:15:42 -08:00
Sebastian Grewe
12399a9c43 [REMOVED] Old code 2014-01-16 15:01:25 +01:00
obigal
75729c6592 pplns payouts speed improvements / reworked insert method 2014-01-16 14:42:05 +01:00
Sebastian Grewe
d9f591e7c8 [UPDATE] MPOS version due to major change 2014-01-16 14:41:44 +01:00
Sebastian Grewe
63960e2e62 [IMPROVED] Allow e-mails only for login 
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.

Fixes #1345 once merged.
 2014-01-16 14:40:51 +01:00
Sebastian Grewe
d5bff56f6f [ADDED] re-Captha admin options 2014-01-16 14:14:29 +01:00
Sebastian Grewe
b9d36bcfc9 [IMPROVED] Added re-Captcha to Login Page 
* Enable re-captcha to use it
* Disables the mini-login box in header
* Requires re-Captcha to be setup in Admin Panel

Fixes #1400 once merged.
 2014-01-16 14:13:50 +01:00
xisi
050a068d05 fix versioning 2014-01-16 06:05:29 -05:00