* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* Added new token type: account_unlock
* Added update SQL File
* Updated base structure with new token type
* Added empty template
* Updated user class to send mail on failed passwords
* Added unlock account page to use tokens
Addresses #670
This will improve loading times on large transaction tables. Thanks
@feeleep75 for helping with this one.
* Do not use SQL_CALC_NUM_ROWS since it will do a full table scan
* Allow admins to disable account transaction summaries to speed up page
loads on large tables
* added new admin setting under system to Disable TX Summaries
Fixes#1065 once merged
* Merge manual and auto-payout into single cronjob
* Update template/code to reflect single payout cron
* Update monitoring page
* Update disable payouts option in admin panel settings
* Update account payout page to use new option
This will fix#967 once merged.
This will lock a user account if a password or PIN has been entered
wrong for multiple times in a row. When unlocking the account via admin
panel, both counters are reset so the user can log in again.
This should fix issues with brute force attacks to access user accounts.
Please see configuration dist file for new config options.
Please import SQL upgrade 007 to add new column to user accounts table.
Addresses #670 and should be merged once tested.
* [ADDED] More error codes
* [MODIFIED] Class updates to use Base Class all the time
* [MODIFIED] Cronjobs have been slightly adjusted
* [ADDED] More base class features
* Added: API String QR Code for #582 and #591
This will allow more QRCodes being added that are specific to an
account. The require library is added and the API string can be used as
an example how codes are generated.
Fixes#582
* Removed getAllTransactions method
* Unified getTransactions for users and admins
* Added filter abilities to user transaction view
This should speed up things a fair bit for transaction heavy pools.
Addresses #536
This addresses #497 and allows the admins to disable notifications
through the admin panel. Might be used by those relying on clients using
the API instead.
Once merged it will fix#497.
This will avoid double payouts via the website. Payouts will be
requested by users and processed by a cron. If, for whatever reason,
users do add two requests (it is checked if a payout exists) they would
only have one successful payout until their account balance is back up
to a save value to trigger the payout.
This should fix any issues with manual payouts being exploited through
the website. Will require some testing by others to ensure things work
as expected.
Invitations can now be configured through admin panel settings. By
default, invitations are enabled. Invitation system is also available if
registrations are disabled. To completely remove the ability of new
users to sign up, disable both registration and invitations.
Fixes#330
This will allow users to send invitations to other people via email.
Each account will still need to confirm the email address if the option
is enabled.
Addresses #330, will need to allow pool operators to enable this feature
even with registrations turned off.
* Adding mail verification during account registration
* Added new dist file option for mail verification
* Added account confirmation page using tokens
* Added mail class into user class for password resets
* Moved password reset template
* Adjusted account registration page
* Adjusted user class for email confirmation
Also fixed a bug with smarty_cache_key not being used properly if smarty
is disabled. Key still needs to be available even if caching is disabled
Addresses #330 and prepare the ticket for invitation only system.
* Added anonymous flag to accounts table
* Added checkbox for anonymous flag in edit account page
* Updated user class to support new flag
* Updated statistics class to support anonymous and donations
* Updated all templates showing usernames to show anonymous instead
* Added new SQL `ALTER TABLE` file for upgrading the table
Fixes#419 once merged.
