php-mpos

Author	SHA1	Message	Date
xisi	51818421d8	weird problem, strict for isAuthenticated	2014-01-29 14:46:21 -05:00
xisi	5d017f60c3	how this worked before is beyond me	2014-01-29 13:28:38 -05:00
xisi	ae47437ab7	fixed worker delete csrf thing I stubbed earlier took to field out of the rest of the login forms	2014-01-29 09:41:50 -05:00
xisi	c36413d70c	tests not checks	2014-01-29 09:17:58 -05:00
xisi	f298c60260	little more cleanup put version check/config check after sessions/rate limiter so it works correctly & only uses 1 db hit	2014-01-29 09:16:03 -05:00
xisi	568445845a	changes DEBUG SALT and SALTY from defines to variables switched that in all places used (class loads mostly) moved all includes at the beginning of index into bootstrap moves *_PATH defines from config to bootstrap config now uses defaults first, then user config	2014-01-29 07:34:50 -05:00
xisi	c2b1c68699	added check if we can write config files to admin_checks, we shouldnt be able to	2014-01-29 05:20:06 -05:00
xisi	56ad9266d3	last login time not this login time	2014-01-29 03:55:51 -05:00
xisi	74dec2796d	Added last login time/ip address popup on login w/ close button Info/blue if your ip matches, warning/yellow if not	2014-01-28 15:45:24 -05:00
xisi	3efe979ae3	Switch config over to wiki, yay	2014-01-28 14:24:48 -05:00
xisi	181ef0c6d2	security config mask	2014-01-28 10:31:53 -05:00
xisi	614b5b1dbb	of all the pages to miss it on	2014-01-28 08:19:58 -05:00
xisi	9f6cf99aa3	small fixes	2014-01-28 08:08:53 -05:00
xisi	f56c18276a	small fixes	2014-01-28 07:26:33 -05:00
xisi	6398e5dfec	merged session manager/memcache limiter cleanup for PR	2014-01-28 07:26:33 -05:00
xisi	c373fc7192	removed exploits/added to gitignore for later	2014-01-28 07:26:32 -05:00
Joey	63c3b96a29	now enforce client & server validity on login with strict on fixed csrf token check for a few pages where it mightve been broken session manager now can be bound to base user class and used, like in login logout now pushes you to login regardless, no longer has param to push to custom url fixed validate client, hijacking sessions no longer works	2014-01-28 07:26:32 -05:00
Joey	795e019d0d	cleaned up config options a bit	2014-01-28 07:26:32 -05:00
Joey	493c43e0ed	updated check in autoloader so default needs to be changed if SECHASH_CHECK is enabled	2014-01-28 07:26:32 -05:00
Joey	d5f1c97f82	fixed check against define like it used to even if SECHASH_CHECK is disabled fixed ajax calls in memcache limiter to use REQUEST page/action rather than QUERY_STRING	2014-01-28 07:26:32 -05:00
xisi	b728b680ca	blah blah	2014-01-28 07:26:08 -05:00
xisi	9dcb855b34	strict class, trying to figure out why edit account doesnt work	2014-01-28 06:18:57 -05:00
xisi	f21f05e874	pushing to start core rebuild	2014-01-28 06:18:57 -05:00
xisi	7393f21d01	just pushing so I can rebase zzz	2014-01-28 06:18:57 -05:00
xisi	d57aed4049	basic test stuff	2014-01-28 06:18:57 -05:00
Sebastian Grewe	56f995c86f	Merge pull request #1617 from HerrKauwer/pwcheck Cleaned up pwcheck.js	2014-01-28 00:28:32 -08:00
Sebastian Grewe	5f65904431	[FIX] HTTPS detecion on Template	2014-01-28 09:25:50 +01:00
Sebastian Grewe	967c1cc48f	[FIX] Proper HTTPS detection Fixes #1618 once merged	2014-01-28 09:25:20 +01:00
Sebastian Grewe	b783237c2e	Merge pull request #1457 from MPOS/issue-1332 Issue 1332	2014-01-28 00:18:56 -08:00
Sebastian Grewe	f83c88aae6	Merge pull request #1603 from MPOS/double-payouts Double payouts	2014-01-27 22:25:44 -08:00
HerrKauwer	095ee2e40a	Cleaned up pwcheck.js	2014-01-27 23:56:39 +01:00
Sebastian Grewe	7d4e0ccb6d	Merge pull request #1608 from MPOS/admin-wallet-smarty-cache [FIX] Do not assign smarty vars if caching hits	2014-01-27 04:51:40 -08:00
Sebastian Grewe	ecfa741223	[FIX] Do not assign smarty vars if caching hits	2014-01-27 13:43:33 +01:00
Sebastian Grewe	b5cb8171ba	Merge branch 'master-read-only-check' into next	2014-01-27 13:26:14 +01:00
Sebastian Grewe	823f694638	Merge pull request #1605 from MPOS/thash-modifier [ADDED] THash/second modifier	2014-01-27 03:59:28 -08:00
Sebastian Grewe	f183b586a8	[ADDED] Check if master is read-only Just to ensure we can run at all.	2014-01-27 12:58:41 +01:00
Sebastian Grewe	fab3c44e90	[ADDED] THash/second modifier	2014-01-27 12:45:46 +01:00
Sebastian Grewe	a0b36841c8	[FIX] Logic error	2014-01-27 12:30:26 +01:00
Sebastian Grewe	cb1fc8b9c6	Update README.md Added phone apps.	2014-01-27 10:48:16 +01:00
Sebastian Grewe	227a7c33de	[FIX] Reset TX and RPCTX Ids	2014-01-27 10:39:19 +01:00
Sebastian Grewe	1cd9352952	[FIX] Transaction ID and RPC Transaction ID	2014-01-27 10:31:18 +01:00
Sebastian Grewe	72d923737f	[WORKAROUND] Fully debit user before RPC call * First debit the user fully for this transaction * Try the payout RPC call * Fail this so admins can first confirm it worked, then force payouts * Added comment what line to remove if this happens a lot This will further address #1586	2014-01-27 09:25:59 +01:00
Sebastian Grewe	e3219cf5da	Merge branch 'next' of github.com:MPOS/php-mpos into next	2014-01-27 09:13:41 +01:00
Sebastian Grewe	d4557982ba	[FIX] API call for transactions Fixes #1602 once merged.	2014-01-27 09:13:09 +01:00
iAmShorty	9bff2fd1e2	Merge pull request #1597 from iAmShorty/coinverify-adduser [UPDATE] adding user to log if no valid coin address set	2014-01-26 11:24:35 -08:00
root	0d5ee3ecd7	[UPDATE] adding user to log if no valid coin address set	2014-01-26 20:09:24 +01:00
Sebastian Grewe	b87691371f	[SECURITY] Path disclosure and redirects * [SECURITY] Do not disclose paths with wrong query arguments in API * [SECURITY] Removed $to redirect after login Fixes #1596 once merged.	2014-01-26 17:41:27 +01:00
Sebastian Grewe	0d2895f517	Merge pull request #1592 from iAmShorty/address-validation [FIX] checking payout address	2014-01-26 07:41:08 -08:00
Sebastian Grewe	112f6153c9	Merge pull request #1595 from danbi/next Update findblock.php	2014-01-26 07:33:41 -08:00
root	10ad4eecdd	[FIX] moved before balance check	2014-01-26 16:31:39 +01:00

1 2 3 4 5 ...

2558 Commits