added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache
Addresses #1471 and may fix it already if no other changes are required.
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.
Fixes#1345 once merged.
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled
It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.
Fixes#1343 once merged.
* [RENAMED] sessionTimeoutStamp to last_login
* [UPDATE] user class to store login time after successful login
* [ADDED] SQL Upgrade file for new column
* [UPDATE] Updated base SQL file
Fixes#1162 once merged.
* Using lower time range for shares: 120 seconds
* Updated worker class with new time range for active workers
* Added statistics, active users call with 120 seconds time range
* Updated admin panel dashboard template
Fixes#1352 once merged.
* Added new token type: account_unlock
* Added update SQL File
* Updated base structure with new token type
* Added empty template
* Updated user class to send mail on failed passwords
* Added unlock account page to use tokens
Addresses #670
* Added new SQL file to update tokentypes table
* Added new function to base class
* Renamed function in base class used in shares class
* Added new error code
* Added new cronjob to delete expired tokens
* Added new cronjob to run-cron scripts and monitoring page
* Added new function to tokentype class
* Added new function to token class
Will address #1181 once merged.
When an account is edited and no payment address has been set, the following non-sense message appears:
Unable to connect to RPC server for coin address validation
This patch fixes the issue and allows profile to be edited with no payment address
Adds pagination support for the admin panel pool workers page. Will
greatly increase loading times of this page if working as intended.
Fixes another part of #1043.
This will add pagination and user filters to the Admin Panel User
Information page.
* Added various filter methods (combined with AND in SQL)
* Added pagination and limits to fetch only matching users
This will greatly increase efficiency on larger pools
Fixes#1043 once merged.
This will improve loading times on large transaction tables. Thanks
@feeleep75 for helping with this one.
* Do not use SQL_CALC_NUM_ROWS since it will do a full table scan
* Allow admins to disable account transaction summaries to speed up page
loads on large tables
* added new admin setting under system to Disable TX Summaries
Fixes#1065 once merged
I'm not 100% sure this is a bug, but I'm getting the following error from my crons.
> PHP Notice: Undefined property: Notification::$mail in /var/www/MPOS/public/include/classes/notification.class.php on line 158
> PHP Fatal error: Call to a member function getError() on a non-object in /var/www/MPOS/public/include/classes/notification.class.php on line 158
It appears the `Notification` class extends the `Mail` class instead of `Base`, in which case `$this->mail` does not exist.
