* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache
Addresses #1471 and may fix it already if no other changes are required.
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.
Fixes#1345 once merged.
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled
It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.
Fixes#1343 once merged.
* [RENAMED] sessionTimeoutStamp to last_login
* [UPDATE] user class to store login time after successful login
* [ADDED] SQL Upgrade file for new column
* [UPDATE] Updated base SQL file
Fixes#1162 once merged.
* Using lower time range for shares: 120 seconds
* Updated worker class with new time range for active workers
* Added statistics, active users call with 120 seconds time range
* Updated admin panel dashboard template
Fixes#1352 once merged.
* Added new token type: account_unlock
* Added update SQL File
* Updated base structure with new token type
* Added empty template
* Updated user class to send mail on failed passwords
* Added unlock account page to use tokens
Addresses #670
* Added new SQL file to update tokentypes table
* Added new function to base class
* Renamed function in base class used in shares class
* Added new error code
* Added new cronjob to delete expired tokens
* Added new cronjob to run-cron scripts and monitoring page
* Added new function to tokentype class
* Added new function to token class
Will address #1181 once merged.
When an account is edited and no payment address has been set, the following non-sense message appears:
Unable to connect to RPC server for coin address validation
This patch fixes the issue and allows profile to be edited with no payment address
Adds pagination support for the admin panel pool workers page. Will
greatly increase loading times of this page if working as intended.
Fixes another part of #1043.
This will add pagination and user filters to the Admin Panel User
Information page.
* Added various filter methods (combined with AND in SQL)
* Added pagination and limits to fetch only matching users
This will greatly increase efficiency on larger pools
Fixes#1043 once merged.
This will improve loading times on large transaction tables. Thanks
@feeleep75 for helping with this one.
* Do not use SQL_CALC_NUM_ROWS since it will do a full table scan
* Allow admins to disable account transaction summaries to speed up page
loads on large tables
* added new admin setting under system to Disable TX Summaries
Fixes#1065 once merged
I'm not 100% sure this is a bug, but I'm getting the following error from my crons.
> PHP Notice: Undefined property: Notification::$mail in /var/www/MPOS/public/include/classes/notification.class.php on line 158
> PHP Fatal error: Call to a member function getError() on a non-object in /var/www/MPOS/public/include/classes/notification.class.php on line 158
It appears the `Notification` class extends the `Mail` class instead of `Base`, in which case `$this->mail` does not exist.
Fixes an infinite loop in cleaning up the archive table:
* Shares come in faster than defined in cleanup sleep timeout
Will use an upper limit ID which would match the delete query at the
initial state. Skips archiving if no ID is found (e.g. no rows match the
archive purge conditions).
This will fix#997 once merged.
This will address #886. Long rounds can cause a system to become
very unresponsive due to high SQL/IO load when doing cleanups of
shares and archived tables.
* Run DELETE from shares with LIMIT
* Run DELETE from shares_archive with LIMIT
* Configure DELETE behaviour via config file
* Only archive shares that are really required (PROP, PPS)
Should greatly improve round ends on PROP and PPS after large rounds,
also improves PPLNS though archving will still take some time unless
we limit the share amount artificially. Shares could be needed though,
so we don't.
This will lock a user account if a password or PIN has been entered
wrong for multiple times in a row. When unlocking the account via admin
panel, both counters are reset so the user can log in again.
This should fix issues with brute force attacks to access user accounts.
Please see configuration dist file for new config options.
Please import SQL upgrade 007 to add new column to user accounts table.
Addresses #670 and should be merged once tested.
Will fix an issue with users receiving wrong mails, e.g. during password
resets ONLY IF smarty cache is enabled.
Please update ASAP if you have smarty caches enabled! This is a very big
issue. By default smarty caches are disabled and not recommended to be
used. See configuration file.
Fixes#899 once merged.
This should address issues with pools finishing very long rounds where
hashrate statistics suddenly dramatically increased. This was caused due
to both shares and archived shares being added before they they were
deleted from shares.
* adds the proper way to calculate user based hash- and sharerates.
* replaces `UNION ALL` with `UNION`
Fixes#642 once merged.
* We must ignore the last debit transaction to find the proper TX ID
that has been archived
This should now complete the fix for #853 - needs live testing but I am
confident it will work as intended. Deploying to my live FST pool for
testing.
Fixes issues with coins that did not implement a proper array index into
their `getmininginfo` output. Currently supported keys are
* networkhashps
* hashespersec
* netmhashps
If none of there are found or `getmininginfo` fails itself, we now
default to `0` to ensure the webfrontend still works.
Fixes#847 and also fixes#834 which has not reported back the
required information.
This will skip any updates if we detect the default string in our
settings table. Otherwise the script will return an error and disable
itself.
Fixes#839 once merged
* [ADDED] Block over times stats to blocks stats page
* [CHANGED] Split default block stats page template up into subtemplates
* [IMPROVED] Single SQL Query for all Block Stats over Time
* [UPDATED] Templates for new SQL Data
* [ADDED] More error codes
* [MODIFIED] Class updates to use Base Class all the time
* [MODIFIED] Cronjobs have been slightly adjusted
* [ADDED] More base class features
* [ADDED] new monitoring method : endCronjob
* [IMPROVED] Use newly added error codes
* [ADDED] mail notifications, enabled by default
* [ADDED] cron disable on fatal errors with exit code != 0
* [ADDED] Command line swtich: -f = Force running crons even if disabled
* [ADDED] Disabled status in monitoring site
This will improve error handling in our cronjobs. Fatal errors now
require manual intervention by explicityly running crons with the force
option (`-f`). Until they are forced to run, crons will stay disabled.
Fixes#773 once merged
* [FIX] Estimated shares on various places
* [ADDED] Calculate estimated shares based on network diff in stats
class
* [UPDATED] Themes updated as needed
Fixes#819 once merged
