RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,287 Commits 4 Branches 11 Tags 14 MiB
36f3a16cc3
Commit Graph

386 Commits

Author SHA1 Message Date
xisi
36f3a16cc3 gave password reset its own csrf token 2014-01-20 04:40:38 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
xisi
cc6e58084f Fixed an bug where a notice could be thrown on the edit page under the right conditions 
Cleaned up login page logic which should fix #1459 & #1461
Fixed a bug in tools class where an incorrect config setting could throw a notice
 2014-01-20 04:40:38 -05:00
xisi
62e341b877 finally cleaned up the edit account page to my liking 
fixed change I made to test a fix for someone who was having issues
 2014-01-20 04:38:53 -05:00
xisi
fed3981979 fixed isTokenValid, started work on edit fixes, recaptcha fix test 2014-01-20 04:38:25 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
xisi
9ccb5e15bc refactored old token usage in account edit page 2014-01-20 04:27:58 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00
xisi
58529547e0 Cleaned up logic of login page csrf protection 
added csrf protection to register page
 2014-01-20 04:27:22 -05:00
xisi
6da5510035 clean up pages that use csrftokens 2014-01-20 04:26:04 -05:00
xisi
a56140ca84 Moved csrftoken stuff into a class 
added getCurrentIP method to user class
added config option for sitewide csrf protection
 2014-01-20 04:26:04 -05:00
xisi
6afc876d19 Merge changes from TheSerapher's pull/1404 Added re-Captcha to Login Page 2014-01-20 04:26:04 -05:00
Sebastian Grewe
1dfbeea5f7 Merge pull request #1420 from TheSerapher/issue-1343 
[IMPROVED] jsonRPC Error Handling with CURL
 2014-01-16 06:15:42 -08:00
Sebastian Grewe
d5bff56f6f [ADDED] re-Captha admin options 2014-01-16 14:14:29 +01:00
Sebastian Grewe
b9d36bcfc9 [IMPROVED] Added re-Captcha to Login Page 
* Enable re-captcha to use it
* Disables the mini-login box in header
* Requires re-Captcha to be setup in Admin Panel

Fixes #1400 once merged.
 2014-01-16 14:13:50 +01:00
xisi
e7725399c2 change function name for sending 2f emails 2014-01-16 05:55:57 -05:00
xisi
8736123df2 improved bad csrf token error message 
cleaned up wording of config
improved leadtime defaults in getCSRFToken
 2014-01-16 05:55:57 -05:00
xisi
764be9f0b7 fixed verbiage 2014-01-16 05:55:57 -05:00
xisi
2d0938b35b [ADDED] Simple CSRF protection tokens 
* Adds config options for disabling, timeout lead time, and forms
 * Adds another salt in config that's used in the token
 * Adds protection for login form by default
 2014-01-16 05:55:57 -05:00
xisi
802930cba1 save old token to use in case we error out 2014-01-16 05:53:36 -05:00
xisi
ed8349ef50 works as far as I can tell 2014-01-16 05:53:36 -05:00
xisi
40d09a4ee4 oops, forgot to make sure we're auth'ed 2014-01-16 05:53:36 -05:00
xisi
a598eec924 fix sync changes done in edit.inc.php at the end of request 2014-01-16 05:53:36 -05:00
xisi
1b1f552567 fix cosmetic issue #2 2014-01-16 05:53:36 -05:00
xisi
a0ecbd0294 fix cosmetic issue 2014-01-16 05:53:36 -05:00
xisi
d9d678be61 retooled most of the email confirmation setup 2014-01-16 05:53:36 -05:00
xisi
ef904858ae [Addition] E-mail confirmations for user actions 
* If enabled, sends e-mail to confirm user withdraws, edits and pw changes
 * Adds 4 config options, enabled + individual settings
 * Adds 3 new token_types
 2014-01-16 05:42:43 -05:00
Sebastian Grewe
aa27e8dfde [IMPROVED] jsonRPC Error Handling with CURL 
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled

It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.

Fixes #1343 once merged.
 2014-01-15 16:11:59 +01:00
nicoschtein
064dfe09df Changed txfee to txfee_manual in account/edit.inc.php 2014-01-14 19:16:27 -02:00
Sebastian Grewe
58e23975b7 [FIX] Anon worker_name on getblocksfound API 
Forgot that.
 2014-01-14 17:10:08 +01:00
Sebastian Grewe
98f2a2d61a [FIX] Honor anon flag on API getblocksfound 
Fixes #1407 once merged
 2014-01-14 17:04:59 +01:00
Sebastian Grewe
9f7e81748e Merge pull request #1391 from raistlinthewiz/next 
Added two brand new api calls; getblockstats and getpoolinfo
 2014-01-13 21:51:25 -08:00
Neozonz
1be228812d [FIX] Type Success on notifications 2014-01-13 17:27:50 -05:00
Hüseyin Uslu
0340bf523d added two brand new api calls; getblockstats and getpoolinfo 2014-01-13 23:57:26 +02:00
Sebastian Grewe
175402fa85 [FIX] Illegal offset 
Fixes #1382 once merged.
 2014-01-13 12:42:55 +01:00
Sebastian Grewe
9da944c61e [FIX] Day in seconds wrong 2014-01-12 09:15:51 +01:00
Sebastian Grewe
20305026e8 [ADDED] User login overview to admin dashboard 
Fixes #1374 once merged
 2014-01-12 09:05:59 +01:00
Sebastian Grewe
f98d08df83 [SECURITY] Fixing XSS in PHP_SELF 
Fixes #1364 once merged.
 2014-01-11 19:01:14 +01:00
Sebastian Grewe
1485a02528 [ADDED] Invitation overview to admin dashboard 
* Split up dashboard default template into subfiles
* Added new invitation overview
* Updated page file

Fixes #1357 once merged.
 2014-01-11 13:45:55 +01:00
Sebastian Grewe
9a959164a6 [FIX] wrong percentage calculations in API 2014-01-11 13:18:46 +01:00
Sebastian Grewe
c1d08895cf Merge pull request #1355 from TheSerapher/issue-1354 
[CLEANUP] Dashboard number formatting
 2014-01-11 04:11:49 -08:00
Sebastian Grewe
5f942d9ba7 [CLEANUP] Dashboard number formatting 
Cleans up some Ajax data on the dashboard to match the static template
data format. No more jumpy numbers.

Fixes #1354
 2014-01-11 13:10:44 +01:00
Sebastian Grewe
6baad2dd06 [UPDATE] Added active workers to admin dashboard 
* Using lower time range for shares: 120 seconds
* Updated worker class with new time range for active workers
* Added statistics, active users call with 120 seconds time range
* Updated admin panel dashboard template

Fixes #1352 once merged.
 2014-01-11 12:37:39 +01:00
rog1121
412807b7a8 Add Stratum URL 2014-01-10 18:40:06 -07:00
Sebastian Grewe
90a8404bab [CLEANUP] Code cleanup, error checking 
Fixes #1315 once merged.
 2014-01-10 16:34:36 +01:00
Sebastian Grewe
10dbcd471d [IMPROVE] Enable SSL on recaptcha_get_html 
Fixes #1334 once merged.
 2014-01-10 11:00:00 +01:00
Sebastian Grewe
19094e73e3 Merge pull request #1271 from drainx/next 
JSON-RPC
 2014-01-09 22:11:35 -08:00
Sebastian Grewe
eafb241bde [REMOVED] Support page code 2014-01-09 09:11:33 +01:00