RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,544 Commits 4 Branches 11 Tags 14 MiB
6398e5dfec
Commit Graph

789 Commits

Author SHA1 Message Date
xisi
6398e5dfec merged session manager/memcache limiter 
cleanup for PR
 2014-01-28 07:26:33 -05:00
xisi
b728b680ca blah blah 2014-01-28 07:26:08 -05:00
Sebastian Grewe
5f65904431 [FIX] HTTPS detecion on Template 2014-01-28 09:25:50 +01:00
Sebastian Grewe
768d193793 Merge pull request #1576 from xisi/csrf-backend-only 
[FIXES] More CSRF improvements
 2014-01-25 06:59:08 -08:00
xisi
8fbda49fd1 Don't even need the suppression 2014-01-24 16:33:55 -05:00
xisi
a043e5ed19 Fixes #1561, which happened to me even with the API key in the correct format 2014-01-24 16:32:00 -05:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
Sebastian Grewe
70a09811ec [FIX] PHP Notice on Mobile Template 2014-01-24 11:29:19 +01:00
Sebastian Grewe
a1a3d7e873 [IMPROVED] Added donation minimum and rounding 
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template

Fixes #1475 once merged
 2014-01-24 10:06:13 +01:00
xisi
1fd0adf038 Removed unused config setting 2014-01-23 11:01:30 -05:00
Sebastian Grewe
4b04df5d8a [FIX] Allow TAB to focus on email login 2014-01-23 10:11:37 +01:00
Sebastian Grewe
0d10079a2a [FIX] remove mail debug output 2014-01-22 12:48:03 +01:00
Sebastian Grewe
3b13ea4990 [FIX] Properly show login details on mail notif. 
Fixes #1530 once merged
 2014-01-22 11:14:50 +01:00
nrpatten
151decb2b6 [FIX] Align Checkbox 
"Edit template" checkbox align closer to "Active"
 2014-01-22 00:39:42 +11:00
nrpatten
fc7a939b1e [FIX] Update github footer link 
Remove https://github.com/TheSerapher/php-mpos
Add https://github.com/MPOS/php-mpos
 2014-01-21 23:42:58 +11:00
Sebastian Grewe
bf484c4be2 Merge pull request #1510 from xisi/security-pagecontrollerfix 
Fix issue #1508
 2014-01-21 03:20:38 -08:00
nrpatten
6b938a66d2 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:50:29 +11:00
nrpatten
dfd4d57361 [FIX] Unknown Pool 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:49:42 +11:00
nrpatten
35d6317ec2 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:48:48 +11:00
nrpatten
1c07abb2c0 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:47:37 +11:00
xisi
ac91d70c5f This should fix issue #1508 2014-01-21 04:04:53 -05:00
Sebastian Grewe
2d760c2934 Merge pull request #1504 from daygle/patch-6 
Update default.tpl
 2014-01-21 01:00:00 -08:00
Sebastian Grewe
9520795e07 Merge pull request #1506 from nrpatten/next 
[FIX] input[type=email] in the wrong order and Overlap and Reposition TABS
 2014-01-21 00:07:58 -08:00
Sebastian Grewe
0edd964930 Merge pull request #1507 from xisi/security-js-pwstrength 
Simple javascript password strength/match
 2014-01-21 00:04:18 -08:00
nrpatten
0cfc92bd2b [FIX] Overlap and Reposition TABS 
[FIX] "E-mail address for system error" Overlap and realign class="tabs" to fieldset
 2014-01-21 17:12:06 +11:00
xisi
a20c2324e2 Added pw strength/match to change password form 2014-01-21 00:02:57 -05:00
xisi
b0053b65e1 Added basic javascript password strength/match testing 
Added pw strength/match to registration form
 2014-01-20 23:57:07 -05:00
Glen
3a43ed4e42 Update default.tpl 
Getting started page modification suggestions for all users.

1. Add BFGMiner details.
2. Remove bullet points for steps.
3. Add additional line for BFGMiner command line.
 2014-01-21 14:38:10 +11:00
rog1121
0a6ab8748b Mail Titles 2014-01-20 09:33:21 -07:00
Sebastian Grewe
eb6692b31c Merge pull request #1481 from raistlinthewiz/next 
tx fee's shouldn't be %
 2014-01-20 07:46:45 -08:00
Hüseyin Uslu
51d0879f8d Wording fix for index.php?page=account&action=edit - tx fee's shouldn't be % 2014-01-20 17:44:45 +02:00
xisi
ffda9dbae1 rebase + fix bug in overview tpl that could throw a notice 2014-01-20 04:53:00 -05:00
xisi
fd49e0eb78 disabled is actually correct to use in cash out form, we want the css props 
slightly optimization
 2014-01-20 04:41:13 -05:00
xisi
a987878c8e removed extraneous disabling of a field in edit account page, thanks @rog1121 2014-01-20 04:41:13 -05:00
xisi
b0413226b4 removed extraneous disabling of a field in edit account page, thanks @rog1121 2014-01-20 04:41:13 -05:00
xisi
76a67cb71a Changed the config options for CSRF/disabling forms 
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
 2014-01-20 04:41:13 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00
xisi
58529547e0 Cleaned up logic of login page csrf protection 
added csrf protection to register page
 2014-01-20 04:27:22 -05:00
xisi
6afc876d19 Merge changes from TheSerapher's pull/1404 Added re-Captcha to Login Page 2014-01-20 04:26:04 -05:00
rog1121
77a0287c7f Update default.tpl 2014-01-19 12:37:54 -07:00
Metice
e665552c05 Update default.tpl 
Remove username of placeholder
 2014-01-19 15:01:11 +01:00
Sebastian Grewe
48a344ed25 [SECURITY] Dropped small login form 
Since we are adding more security realted features, we drop the small
login in the header. It will need more workarounds than we'd like and is
already dropped when re-Captcha is enabled.

Security > Convenience :D
 2014-01-17 15:43:58 +01:00
Jesse Collier
bc833eb40b [IMPROVED] Adds Email label and removes maxlength 
When logging in from mobile, there currently is not an indicater to
use email or username. This labels it correctly.

Removed maxlength to allow for lengthier email addresses.
 2014-01-16 14:42:05 +01:00
Sebastian Grewe
2829f6a746 [IMPROVED] Dropped username from login 2014-01-16 14:40:51 +01:00
Sebastian Grewe
63f062af9d [UPDATE] CSRF to Mobile template 2014-01-16 14:33:04 +01:00
Sebastian Grewe
bef4298e1f [ADDED] Default re-Captcha HTML to mobile 2014-01-16 14:14:29 +01:00