* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
* Adds CSRF protection for multiple pages, see bottom
* Adds User/IP/Date & time to successful login notification
* New config option for sitewide CSRF protection
* Fixed a bug in the contact form
* Lots of cleanup related to CSRF stuff
* Increments config version
* CSRF protection: register, contact, account edit, workers, notifications, and invites
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* Check DB structure version, config file version and MPOS core version
* Added new Admin Dashboard to show this core information
* Cronjobs will be disabled if SQL files are not imported
* SQL files must re-set the db_upgrade_required setting
* Cronjobs will disabled if config files are not updated
* Simple config file update and version string update will fix this
* Added MPOS status overview
* Cronjobs and Wallet information for now, others may be added later
* Added new navigation link for Admin Panel Dashboard
* Added new version file
* Will require updates whenever DB or configs are updated
* Update SQL file that adds the DB_VERSION setting
This will address #1242 and already includes a huge chunk of changes
required to make this work.
This will address #886. Long rounds can cause a system to become
very unresponsive due to high SQL/IO load when doing cleanups of
shares and archived tables.
* Run DELETE from shares with LIMIT
* Run DELETE from shares_archive with LIMIT
* Configure DELETE behaviour via config file
* Only archive shares that are really required (PROP, PPS)
Should greatly improve round ends on PROP and PPS after large rounds,
also improves PPLNS though archving will still take some time unless
we limit the share amount artificially. Shares could be needed though,
so we don't.
This will lock a user account if a password or PIN has been entered
wrong for multiple times in a row. When unlocking the account via admin
panel, both counters are reset so the user can log in again.
This should fix issues with brute force attacks to access user accounts.
Please see configuration dist file for new config options.
Please import SQL upgrade 007 to add new column to user accounts table.
Addresses #670 and should be merged once tested.
This will suspend any dashboard updates if the system load exceeds a
configurable threshold. Graphs will not update until the system load is
again below the threshold.
See dist config for new option.
Should help those pools suffering from too many live update users.
* [ADDED] New Config Option: Algorithm
* scrypt and sha256d supported right now
* might add SHA coin support across MPOS
* Compatible with previous implementation
* [REMOVED] config option: pps_target
* Replaced by config option: algorithm
* Please update your config, defaults to srypt now!
* [ADDED] Unpaid Shares in Dashboard
* [MODIFIED] User estshares from DB query instead template math
* Adjusted mmcfe-ng occurences in code
* Adjusted Database strucutre to only supply the full structure
* Adjusted default template to MPOS
Addresses #643
* Added new configuration option `$config['network_confirmations']` to
dist config
* Default to 120 if not set
This will allow us to define a different confirmation level for user
transactions but still display blocks at their approriate unconfirmed
value when displaying them in the wallet information for admins. Risky
for pool owners but still a viable option.
Fixes#610
