RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,365 Commits 4 Branches 11 Tags 14 MiB
57c4e9c6ae
Commit Graph

526 Commits

Author SHA1 Message Date
iAmShorty
55266e274a [UPDATE] added pagination to reg and invite 2014-02-24 11:24:13 +01:00
Nathan Patten
966d32036b Update chat.inc.php 2014-02-24 21:12:15 +11:00
iAmShorty
fbdd811d7f [UPDATE] added top inviter, some code cleanup 2014-02-24 10:39:09 +01:00
Nathan Patten
ae9c220521 Update chat.inc.php 2014-02-24 20:01:02 +11:00
Nathan Patten
3418c3db77 Update chat.inc.php 2014-02-24 19:29:01 +11:00
iAmShorty
23afae0aaf [UPDATE] added last 10 registered users to dashboard 2014-02-23 21:35:20 +01:00
iAmShorty
7ffa620975 [UPDATE] Adding Reg Date to Userinfo in Admin Panel 2014-02-23 20:48:58 +01:00
iAmShorty
47f6048378 [UPDATE] Adding registrations to Admin Dashboard 2014-02-23 20:23:21 +01:00
Nathan Patten
b79bd6ae8e [ADD] Chat 2014-02-22 21:33:49 +11:00
iAmShorty
e16db6071e [FIX] Wallet Balance Fix 2014-02-19 09:45:35 +01:00
Sebastian Grewe
e6a396c85b Merge pull request #1750 from iAmShorty/wallet-info-adminpanel 
[ENHANCEMENT] Wallet info adminpanel
 2014-02-16 08:12:03 +01:00
Sebastian Grewe
bd561ff465 [FIX] Statistics Graphs ACL 
Fixes #1760
 2014-02-15 09:27:38 +01:00
Sebastian Grewe
d7f2e6e5ac [UPDATE] ACL Management 
* [ADDED] Smarty acl_check function
* [ADDED] Optional default return  value for getValue calls
* [UPDATE] ACL Checks in page controllers
* [UPDATE] Navigation template to use check_acl from Smarty
* [ADDED] New ACL options where needed
* [REMOVED] Disable pages from System Settings Tab
* [ADDED] Above removed pages into ACL Settings Tab

This will make usage of ACLs a bit easier and transparent.
Also fixes #1731 once merged.
 2014-02-14 10:56:25 +01:00
iAmShorty
224af2c9d3 [UPDATE] showing accounts with balance and address 2014-02-13 16:29:33 +01:00
iAmShorty
146799d163 [FEATURE] show addresses from account 2014-02-13 12:28:26 +01:00
Sebastian Grewe
fe554f5864 Merge pull request #1704 from MPOS/worker-delete-csrf 
[ADDE] CSRF validation for Worker Deletion
 2014-02-10 21:57:16 +01:00
Sebastian Grewe
5d65f04515 Merge pull request #1695 from MPOS/reward-average 
[ADDED] Use block averages for payout estimates
 2014-02-07 13:48:07 +01:00
Sebastian Grewe
ba1dd5e8ab Merge pull request #1696 from MPOS/cron-user-notification 
[ADDED] User notifications for disabled crons
 2014-02-07 13:03:26 +01:00
Sebastian Grewe
6509cc6039 [ADDE] CSRF validation for Worker Deletion 
* [ADDED] CSRF token checks to worker page
* [CHANGED] Check for both _GET and _POST ctokens
* [ADDED] CSRF token to each delete call URL

Fixes #1702 once merged
 2014-02-07 12:24:48 +01:00
Sebastian Grewe
feeca87eb0 [FIX] Reset failed login, redirect to trusted location 
Fixes #1701
 2014-02-07 12:20:24 +01:00
Sebastian Grewe
6a55506b0c [IMPROVED] Logging format 
* Added IP address to all log output
* Added Page and Action to all log output
* Modified log messages
* Added Error and Fatal handlers
* Raised failed logins to Error
* Added KLogger default log levels
* Made it most verbose
 2014-02-07 10:14:56 +01:00
Sebastian Grewe
8a050ba9af [ADDED] User notifications for disabled crons 
Fixes #1201 once merged
 2014-02-06 14:20:40 +01:00
Sebastian Grewe
3deaf82f1e [ADDED] Use block averages for payout estimates 
Fixes #1514 once merged.
 2014-02-06 11:38:57 +01:00
Sebastian Grewe
7cf3fb27fb [UPDATE] Allow global notification settings 
Fixes #1232 and allows further expansion in the future.
Addresses #1672 too.
 2014-02-06 11:13:22 +01:00
Sebastian Grewe
7673c34d80 Merge branch 'fix-contactform' into next 2014-02-06 10:57:49 +01:00
Sebastian Grewe
b05f87ab5d [FIX] Invalid CSRF error on password reset form 
Fixes #1675
 2014-02-06 10:49:04 +01:00
Sebastian Grewe
2f1d68448f [FIX] CSRF/Re-captcha on Contactform 
Fixes #1666
 2014-02-06 10:19:58 +01:00
Sebastian Grewe
af2e34a1c6 [FIX] No manual-payout on empty coin address 2014-02-05 17:02:21 +01:00
Sebastian Grewe
43e1c44def Merge pull request #1646 from xisi/security-logging 
[ADDITION] Basic security logging
 2014-02-04 08:05:13 -08:00
xisi
ca1ae6ba2c wrapped KLogger 2014-02-02 11:57:06 -05:00
Sebastian Grewe
9da7af8a5e [FIX] 24 Hour Account Graphs 2014-02-02 11:35:08 +01:00
xisi
cf8a8cc4d8 fixes #1639 2014-01-31 17:34:48 -05:00
xisi
e7bace5550 basic logging, adds logs folder to root dir 
htaccess to block access to the logs
by default, only log warnings
simple config check to see if that folder is writable

warning if changeNoFee is used
warning if setLocked is used
warning if changeAdmin is used
warning if when logging in that IP is different than saved IP
info if a login fails with bad user or password
warning if a user is locked via failed logins
info if an update/etc fails with bad pin
warning if a user is locked via failed pins
info when a pin request is sent
warning when a pin request email doesn't send
warning when trying to request pin reset and incorrect password
info when a twofactor token sent
warning if twofactor email doesn't send
warning when a user tries to request multiple of the same type of token
info when a twofactor token is deleted
warning if a twofactor token fails to delete
warning when an invalid change password token is used
info on successful account update
warning when reset password is called and IP doesn't match saved IP, info otherwise
warning if isAuthenticated falls through and kills a session
 2014-01-31 13:11:38 -05:00
Sebastian Grewe
319d9439a4 Merge pull request #1621 from xisi/sessions-mclimiter-fixes 
[UPDATE] Security updates and fixes
 2014-01-31 05:55:09 -08:00
xisi
afdf3abb29 ripped out all the memcache session stuff, not worth it with the side effects of caching things 
cleaned up config/checks
 2014-01-30 18:41:56 -05:00
xisi
51818421d8 weird problem, strict for isAuthenticated 2014-01-29 14:46:21 -05:00
xisi
ae47437ab7 fixed worker delete csrf thing I stubbed earlier 
took to field out of the rest of the login forms
 2014-01-29 09:41:50 -05:00
Sebastian Grewe
d007358710 [FIX] Ignore missing HTTP_REFERRER 
Fixes #1626
 2014-01-29 08:52:12 +01:00
xisi
9f6cf99aa3 small fixes 2014-01-28 08:08:53 -05:00
xisi
6398e5dfec merged session manager/memcache limiter 
cleanup for PR
 2014-01-28 07:26:33 -05:00
Joey
63c3b96a29 now enforce client & server validity on login with strict on 
fixed csrf token check for a few pages where it mightve been broken
session manager now can be bound to base user class and used, like in login
logout now pushes you to login regardless, no longer has param to push to custom url
fixed validate client, hijacking sessions no longer works
 2014-01-28 07:26:32 -05:00
xisi
b728b680ca blah blah 2014-01-28 07:26:08 -05:00
xisi
9dcb855b34 strict class, trying to figure out why edit account doesnt work 2014-01-28 06:18:57 -05:00
Sebastian Grewe
967c1cc48f [FIX] Proper HTTPS detection 
Fixes #1618 once merged
 2014-01-28 09:25:20 +01:00
Sebastian Grewe
b783237c2e Merge pull request #1457 from MPOS/issue-1332 
Issue 1332
 2014-01-28 00:18:56 -08:00
Sebastian Grewe
ecfa741223 [FIX] Do not assign smarty vars if caching hits 2014-01-27 13:43:33 +01:00
Sebastian Grewe
d4557982ba [FIX] API call for transactions 
Fixes #1602 once merged.
 2014-01-27 09:13:09 +01:00
Sebastian Grewe
b87691371f [SECURITY] Path disclosure and redirects 
* [SECURITY] Do not disclose paths with wrong query arguments in API
* [SECURITY] Removed $to redirect after login

Fixes #1596 once merged.
 2014-01-26 17:41:27 +01:00
Sebastian Grewe
7c8d7701f2 [FIX] Lock state 2 for admin locks 2014-01-26 11:17:33 +01:00
Sebastian Grewe
702ed49704 [ADDED] Account lock status 
* Lock 1: user confirmation/unlock pending, count shares
* Lock 2: Admin disabled, ignore shares

This further addresses #1332 and should allow proper dropping of shares
for banned accounts.
 2014-01-26 11:17:33 +01:00
Sebastian Grewe
768d193793 Merge pull request #1576 from xisi/csrf-backend-only 
[FIXES] More CSRF improvements
 2014-01-25 06:59:08 -08:00
xisi
c81aec4c64 fixed bug in registration form 2014-01-24 15:38:56 -05:00
xisi
0f88f70fcf fixes bug in registration form, thanks @Zen00 2014-01-24 15:34:01 -05:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
Sebastian Grewe
a1a3d7e873 [IMPROVED] Added donation minimum and rounding 
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template

Fixes #1475 once merged
 2014-01-24 10:06:13 +01:00
Sebastian Grewe
659c203c06 Merge pull request #1551 from xisi/csrf-improvements 
[FIXES] CSRF tokens & login cleanup
 2014-01-23 23:27:31 -08:00
Sebastian Grewe
90d0ff1081 Merge pull request #1546 from ahmedbodi/patch-1 
Get Cronjob Status API
 2014-01-23 23:13:42 -08:00
Hüseyin Uslu
b518ce0799 Tiny update. 2014-01-24 00:38:28 +02:00
Hüseyin Uslu
0639af54b3 Added reward_type and reward info to api/getpoolinfo 2014-01-24 00:37:50 +02:00
ahmedbodi
6d7d3f2026 Update getcronjobstatus.inc.php 2014-01-23 20:23:41 +00:00
xisi
a3314fa81e Cleaned up login page logic a bit more 
Fixed up CSRF tokens so rollover minutes/hours are now checked and valid
 2014-01-23 11:01:30 -05:00
ahmedbodi
ece8b3adf6 Create getcronjobstatus.inc.php 2014-01-23 10:29:01 +00:00
Sebastian Grewe
7acd3bc821 Merge pull request #1543 from Neozonz/issue-1542 
[BUG] FIX txfee in getpoolinfo API
 2014-01-23 01:13:00 -08:00
Sebastian Grewe
8a53e0319d [FIX] Missed file for admin maintenance 2014-01-23 10:01:35 +01:00
Neozonz
7a21b05a3d [BUG] Fix txfee API call with added support for old API calls 
[ADD] txfee_auto to API Calls
[ADD] txfee_manual to API Calls
[ADD] confirmations to API Calls
 2014-01-23 02:38:34 -05:00
Sebastian Grewe
593149742e Merge pull request #1491 from Neozonz/issue-1488 
[Optimize] SQL Queries : Remove joins from account table
 2014-01-22 04:56:16 -08:00
Neozonz
3de2fee57f [FIX] Updated function call to include account id as well 2014-01-22 07:10:05 -05:00
Neozonz
0faf23027a [CACHE] Readded 2014-01-21 20:29:09 -05:00
Neozonz
a9853e2832 [Removed] Caching for testing 2014-01-21 20:18:38 -05:00
Neozonz
3222792533 [BUG FIX] Missing JSON 2014-01-21 20:14:13 -05:00
Neozonz
be8437e9dd [FIX] Missing User ID argument 2014-01-21 20:07:07 -05:00
Neozonz
02f085f2d7 [FIX] MySQLi Queries 2014-01-22 00:13:58 +00:00
Neozonz
1630d85440 [FIX] Cache by Account_ID 
[FIX] Query by Username
 2014-01-21 06:58:28 -05:00
Sebastian Grewe
2eb53d8efc Merge pull request #1515 from xisi/security-typofix 
Typo in registration
 2014-01-21 03:56:18 -08:00
xisi
c88a14bac1 typo 2014-01-21 06:51:56 -05:00
Neozonz
07e8af55f8 [FIX] Added back accound_ids for caching 
[FIX] SQL string termination
 2014-01-21 06:42:08 -05:00
Neozonz
df97e7a8ea [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
9e8841b1df [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
4d845c7c73 [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
4b98c09fb2 [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
3d72da0ca4 [Optimize] Switched calls to username from id 2014-01-21 06:40:59 -05:00
Neozonz
58df4ad1b2 [Optimize] Switched calls to username from id 2014-01-21 06:39:37 -05:00
Sebastian Grewe
8cea4ec3ff Merge pull request #1494 from nonstopmine/patch-1 
Update edit.inc.php
 2014-01-21 00:18:44 -08:00
xisi
d782038d0f stupid rebase 2014-01-20 15:38:46 -05:00
nonstopmine
bab002d9f8 Update edit.inc.php 
txfee is old variable, replaced with txfee_manual
 2014-01-20 22:32:04 +02:00
xisi
200e115ee6 forgot to move this to the new config setting, oops 2014-01-20 06:21:42 -05:00
xisi
fd49e0eb78 disabled is actually correct to use in cash out form, we want the css props 
slightly optimization
 2014-01-20 04:41:13 -05:00
xisi
03e0b2e51d request fiddling 2014-01-20 04:41:13 -05:00
xisi
76a67cb71a Changed the config options for CSRF/disabling forms 
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
 2014-01-20 04:41:13 -05:00
xisi
5e5e751271 switched account edit csrf token to 1 min now that saving works on an incorrect entry 2014-01-20 04:40:38 -05:00
xisi
36f3a16cc3 gave password reset its own csrf token 2014-01-20 04:40:38 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
xisi
cc6e58084f Fixed an bug where a notice could be thrown on the edit page under the right conditions 
Cleaned up login page logic which should fix #1459 & #1461
Fixed a bug in tools class where an incorrect config setting could throw a notice
 2014-01-20 04:40:38 -05:00
xisi
62e341b877 finally cleaned up the edit account page to my liking 
fixed change I made to test a fix for someone who was having issues
 2014-01-20 04:38:53 -05:00
xisi
fed3981979 fixed isTokenValid, started work on edit fixes, recaptcha fix test 2014-01-20 04:38:25 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
xisi
9ccb5e15bc refactored old token usage in account edit page 2014-01-20 04:27:58 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00