RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,075 Commits 4 Branches 11 Tags 14 MiB
963b76ed80
Commit Graph

2123 Commits

Author SHA1 Message Date
Nathan Patten
3ea023e6e0 Blah 2014-02-24 20:21:27 +11:00
Nathan Patten
7f8c5e8270 Blah 2014-02-24 20:18:14 +11:00
Nathan Patten
17509aa3b9 Update admin_settings.inc.php 2014-02-24 20:02:45 +11:00
Nathan Patten
ae9c220521 Update chat.inc.php 2014-02-24 20:01:02 +11:00
Nathan Patten
a9cc0a9ec9 Update smarty_globals.inc.php 2014-02-24 19:56:51 +11:00
Nathan Patten
aac9b70aac Update smarty_globals.inc.php 2014-02-24 19:30:08 +11:00
Nathan Patten
3418c3db77 Update chat.inc.php 2014-02-24 19:29:01 +11:00
Nathan Patten
9372da9aa8 Update default.tpl 2014-02-24 19:28:26 +11:00
Nathan Patten
467a9531a6 Update navigation.tpl 2014-02-24 19:27:53 +11:00
Nathan Patten
b1af60709e [EDIT] move from acl to system 
Was going to do this the first time.. dunno why i put it in acl :p
 2014-02-24 19:17:31 +11:00
iAmShorty
00c184d45e [UPDATE] cleaning up admin dashboard 2014-02-23 22:58:57 +01:00
iAmShorty
d0a82be11b [UPDATE] adding if user was invited and inviter to registered users 2014-02-23 22:30:52 +01:00
iAmShorty
23afae0aaf [UPDATE] added last 10 registered users to dashboard 2014-02-23 21:35:20 +01:00
iAmShorty
7ffa620975 [UPDATE] Adding Reg Date to Userinfo in Admin Panel 2014-02-23 20:48:58 +01:00
iAmShorty
47f6048378 [UPDATE] Adding registrations to Admin Dashboard 2014-02-23 20:23:21 +01:00
Nathan Patten
45127409ed [FIX] Web Chat Disabled bt default 2014-02-23 07:26:36 +11:00
Nathan Patten
0e81af405a [FIX]tablesorter margin on resize 
Stops the tablesorter from pushing right on window resize
 2014-02-23 07:14:06 +11:00
Nathan Patten
ac8657e909 [ADD] Donor 2014-02-22 21:43:57 +11:00
Nathan Patten
e7ec045785 [ADD] Donor 2014-02-22 21:42:45 +11:00
Nathan Patten
a68a5675b1 [ADD] Chat Link To Nav 2014-02-22 21:39:22 +11:00
Nathan Patten
fdd8cb64f9 Create disabled.tpl 2014-02-22 21:36:14 +11:00
Nathan Patten
2aab514624 [ADD] Chat tpl 2014-02-22 21:35:27 +11:00
Nathan Patten
b79bd6ae8e [ADD] Chat 2014-02-22 21:33:49 +11:00
Nathan Patten
305d0e4cc9 [ADD] Chat settings 2014-02-22 21:32:30 +11:00
Nathan Patten
b657d41bd6 [ADD] Chat global 2014-02-22 21:30:11 +11:00
iAmShorty
c5ff564deb [FIX] Wallet Balance 2014-02-20 20:59:54 +01:00
Sebastian Grewe
865cd96f5e [IMPROVED] Allow debug console log to logfile 
* Needs logging level set to 7 in security config
* Needs debugging enabled in global config
 2014-02-20 09:01:18 +01:00
Sebastian Grewe
28d114b099 [ADDED] Use getCurrentIP on IP check 2014-02-20 08:26:58 +01:00
Sebastian Grewe
8bd469ba5d [CHANGED] Parse X-FORWARDED-FOR when supplied 
Instead of trusting REMOTE_ADDR we should parse X-FORWARDED-FOR if
supplied. This will properly use the user IP in a multi-LB setup.

Needs testing
 2014-02-19 14:32:20 +01:00
iAmShorty
e16db6071e [FIX] Wallet Balance Fix 2014-02-19 09:45:35 +01:00
Sebastian Grewe
8cb42aab2b Merge pull request #1770 from iAmShorty/realbalance-wrapper 
[FIX] return balance from main account
 2014-02-19 09:34:01 +01:00
Sebastian Grewe
a4e3468b9b [CHANGE] 500 default limit 2014-02-18 09:22:16 +01:00
Sebastian Grewe
7229b5b130 [ADDED] Payout Queue Limiter 
* [ADDED] LIMIT to getMPQueue and getAPQueue
* [ADDED] Default config payout queue size of 1000 for MP and 1000 for AP
* [UPDATED] Payouts cronjob to use this new default limits

This may help some coins that have tx count issues when doing sendmany.
Other coins can play with the values to find their sweet spot. Run the
payout multiple times in a row to force more transactions of the same
amount.

Fixes #1773 and thanks to @jrwr for the idea!
 2014-02-18 09:16:26 +01:00
iAmShorty
8f4237945b [UPDATE] make it uppercase 2014-02-17 15:40:26 +01:00
iAmShorty
4532bd6601 [UPDATE] add coinname to qrode 2014-02-17 15:39:10 +01:00
iAmShorty
63ba74fc60 [UPDATE] balance fix for cron and wallet 2014-02-16 17:32:05 +01:00
iAmShorty
d2be015554 [FIX] return balance from main account 2014-02-16 16:44:36 +01:00
Sebastian Grewe
85f985060b Merge pull request #1766 from rog1121/notification-fix 
Notifications Fix
 2014-02-16 14:50:38 +01:00
Sebastian Grewe
cdaf757b8b Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-02-16 08:32:10 +01:00
Sebastian Grewe
6f5d866bb9 [ADDED] Force run even if cron is active with -f 2014-02-16 08:31:47 +01:00
Sebastian Grewe
5c22cc3c08 Merge pull request #1764 from MPOS/combine-cleanups 
[IMPROVED] Combined cleanup tasks into single PHP
 2014-02-16 08:12:11 +01:00
Sebastian Grewe
e6a396c85b Merge pull request #1750 from iAmShorty/wallet-info-adminpanel 
[ENHANCEMENT] Wallet info adminpanel
 2014-02-16 08:12:03 +01:00
Sebastian Grewe
5dd13d4475 Merge pull request #1757 from MPOS/getrealbalance-wrapper 
[ADDED] getrealbalance wrapper for payouts
 2014-02-16 08:11:08 +01:00
rog1121
eb382b677c Notifications Fix 2014-02-15 18:00:36 -07:00
iAmShorty
45d79d0eab [UPDATE] style change for addresses 2014-02-15 23:17:37 +01:00
Sebastian Grewe
d1f3f5d01d [UPDATE] Return negative balance if main is negative 2014-02-15 19:17:12 +01:00
Sebastian Grewe
146b56259b [IMPROVED] Combined cleanup tasks into single PHP 
* [IMPROVED] Logging format for all cleanup tasks
* [UPDATED] Cron shellescripts
* [UPDATE] Cron Monitoring Page
* [DELETED] Old `*_cleanup.php` scripts
 2014-02-15 19:01:25 +01:00
iAmShorty
2acf83894d only show new table if accounts > 1 2014-02-15 13:55:28 +01:00
Sebastian Grewe
7c4ec2f042 Merge pull request #1754 from MPOS/csrf-validation 
[FIX] Use session ID for user uniqueness
 2014-02-15 09:30:31 +01:00
Sebastian Grewe
bd561ff465 [FIX] Statistics Graphs ACL 
Fixes #1760
 2014-02-15 09:27:38 +01:00
iAmShorty
b0baa29a1f [FIX] fix for negative balance 
using php abs() should do the trick with negative balance
 2014-02-14 21:03:30 +01:00
iAmShorty
691e1e60cb Update bitcoinwrapper.class.php 2014-02-14 20:49:42 +01:00
Sebastian Grewe
6f1f56abb6 [ADDED] getrealbalance wrapper for payouts 
During payouts, we must ensure our wallets main accounts has the funds
to payout users. Hence we implement a wrapper method:

* If account count == 1 we only have main account, return getbalance
* Else return our main accounts balance - calculated unconfirmed

This should keep getbalance untouched when used on other places but
gives our payout processing a proper main account balance.

It's mostly a wrapper for those wallets running multiple accounts in one
wallet. They are warned on the front-end already but this ensure payouts
process properly.

Fixes #1755 once merged.
 2014-02-14 17:21:52 +01:00
iAmShorty
0ef5fdedef [UPDATE] small changes 2014-02-14 17:08:22 +01:00
Sebastian Grewe
cb85e266be [FIX] Use session ID for user uniqueness 2014-02-14 14:16:36 +01:00
Sebastian Grewe
8f4af5b038 [REMOVED] Liquid payout cron from monitoring pages 2014-02-14 11:40:50 +01:00
Sebastian Grewe
a083b1c272 [REMOVED] Liquid Payout cron due to issues 
Payouts did not work very well and caused more issues for pools than
being worth having this cron. We revert this and let them use
sendtoaddress again whenever they wish to deduct payouts from their pool
at their own discretion.

We may add this thing back in sometime later with a proper and working
implementation but no promises.
 2014-02-14 11:39:11 +01:00
Sebastian Grewe
d7f2e6e5ac [UPDATE] ACL Management 
* [ADDED] Smarty acl_check function
* [ADDED] Optional default return  value for getValue calls
* [UPDATE] ACL Checks in page controllers
* [UPDATE] Navigation template to use check_acl from Smarty
* [ADDED] New ACL options where needed
* [REMOVED] Disable pages from System Settings Tab
* [ADDED] Above removed pages into ACL Settings Tab

This will make usage of ACLs a bit easier and transparent.
Also fixes #1731 once merged.
 2014-02-14 10:56:25 +01:00
Sebastian Grewe
f43a5214c4 [FIX] PPS Payout processing 
* [ADDED] Abort if we don't have enough shares to calculate PPS from
* [FIXED] Proper calculations for account shares, we dropped a share
  each run
* [ADDED] Error code if no new shares available
 2014-02-14 10:55:17 +01:00
Sebastian Grewe
682beb60d1 Merge pull request #1739 from MPOS/notification-cleanup 
[ADDED] Notification cleanup script
 2014-02-14 08:56:51 +01:00
Sebastian Grewe
bb2037d813 Merge pull request #1753 from andymornes/next 
[FIX] Correcting user ID for new block emails
 2014-02-14 06:34:51 +01:00
Andy Mornes
ac3bea9f1a [FIX] Correcting user ID for new block emails 
Also adding the currency to the notifications as well.
 2014-02-13 13:26:48 -06:00
iAmShorty
1fd7499856 [UPDATE] style changes 2014-02-13 17:28:47 +01:00
iAmShorty
224af2c9d3 [UPDATE] showing accounts with balance and address 2014-02-13 16:29:33 +01:00
Sebastian Grewe
c8f639796a [UPDATE] Added INDEX to transactions table 
Should speed up queries using both account_id and archived for a
specific account.
 2014-02-13 14:45:32 +01:00
iAmShorty
81b8b976d1 [FEATURE] show addresses from account 2014-02-13 12:29:04 +01:00
iAmShorty
146799d163 [FEATURE] show addresses from account 2014-02-13 12:28:26 +01:00
Sebastian Grewe
8c1174bcb2 Merge pull request #1749 from iAmShorty/wallet-info 
[UPDATE] Wallet Accounts Message
 2014-02-13 09:31:04 +01:00
iAmShorty
58085eb7f5 [UPDATE] cleanup 2014-02-13 09:30:07 +01:00
iAmShorty
0e792e34f3 [UPDATE] message only if more than 1 account in wallet and Default has no funds 2014-02-13 09:21:19 +01:00
Sebastian Grewe
3d10f25d22 [ADDED] Documentation URL 2014-02-13 09:01:45 +01:00
Sebastian Grewe
d725f9bf5d [ADDED] Sendmany config option 
* Disable sendmany by default
* Allow people to enable the new feature via config
 2014-02-12 16:21:24 +01:00
Sebastian Grewe
71aca7e0af [UPDATE] Getbalance wrapper 
We need to wrap our getbalance call due to issues in the coind and
payout systems in the RPC. Apparently it's having issues with multiple
accounts setup in a single wallet. Sendmany can not properly use other
accounts added to the wallet as the payout account.

Hence we wrap our getbalance call in the RPC and only return the default
account balance at all times. Since this is used for all payouts and for
payments from blocks, there should be no issue. Those pools running
multiple accounts in their wallet will have to move their coins into the
default wallet!
 2014-02-12 16:21:24 +01:00
Sebastian Grewe
2f52a8b1d2 Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-02-12 15:44:12 +01:00
Sebastian Grewe
def685082b [ADDED] RPC Error Code to Logging 2014-02-12 15:44:00 +01:00
Sebastian Grewe
86ca90fa09 Merge pull request #1743 from iAmShorty/check-wallet-accounts 
[UPDATE] Removed Wallet Info Message
 2014-02-12 14:51:39 +01:00
iAmShorty
37581d720c [UPDATE] Removed Wallet Info Message 2014-02-12 14:47:28 +01:00
Sebastian Grewe
8fd0af6fe1 Merge pull request #1741 from iAmShorty/check-wallet-accounts 
Check wallet accounts
 2014-02-12 13:20:56 +01:00
iAmShorty
3b53a3bbb7 [UPDATE] updated text 2014-02-12 13:20:35 +01:00
iAmShorty
eb06bd1b7e [UPDATE] changed error message 2014-02-12 12:16:25 +01:00
iAmShorty
4096109788 [UPDATE] added currency 2014-02-12 12:14:02 +01:00
iAmShorty
ed943f5c54 [UPDATE] typo 2014-02-12 11:53:10 +01:00
iAmShorty
2d0755915a [UPDATE] no php notice when array is empty 2014-02-12 11:47:47 +01:00
iAmShorty
7d6e9e1fd3 [UPDATE] check for number of accounts in admin_checks.php 2014-02-12 11:44:18 +01:00
iAmShorty
2df6472656 [UPDATE] check for number of accounts in admin_checks.php 2014-02-12 11:43:41 +01:00
iAmShorty
e7a6ee7e95 [UPDATE] logging rpc error message 2014-02-12 11:03:51 +01:00
Sebastian Grewe
5f48d2dabc [ADDED] Notification cleanup script 
* [ADDED] Admin Panel Setting for max age for notifications
* [ADDED] Cronjob to clean out old notifications
* [ADDED] New cron to scripts and monitoring

Fixes #1672 once merged.
 2014-02-12 10:47:42 +01:00
Sebastian Grewe
975b41276d [ADDED] New memcache option for contrib caches 2014-02-12 08:07:58 +01:00
Sebastian Grewe
cb4211a618 Merge pull request #1732 from MPOS/no-txfee-check 
[FIX] Do not add TXFee with txfee 0
 2014-02-12 07:33:15 +01:00
Andy Mornes
caee4a7c8f Consolidating the nocache tags 2014-02-12 00:27:21 -06:00
Andy Mornes
91a57903ce New Block Notification additions 
Adding the block number, finder, amount, and difficulty to the new block
notification email
 2014-02-12 00:18:00 -06:00
Sebastian Grewe
c622d7c69b Merge pull request #1726 from j4s0n/fix/next/issue-1725 
(#1725) Fix cold wallet check FP and added testnet detection
 2014-02-11 19:38:08 +01:00
Sebastian Grewe
9039eb29dc [FIX] Do not add TXFee with txfee 0 2014-02-11 16:35:01 +01:00
j4s0n
4f7dcb4f9c Typo correction. 2014-02-10 23:46:56 -05:00
Sebastian Grewe
0cf6e38dc3 Merge pull request #1705 from MPOS/cron-check-active 
[IMPROVED] Check if cron is running in PHP scripts
 2014-02-10 21:57:28 +01:00
Sebastian Grewe
fe554f5864 Merge pull request #1704 from MPOS/worker-delete-csrf 
[ADDE] CSRF validation for Worker Deletion
 2014-02-10 21:57:16 +01:00
j4s0n
8c3205a8b2 (#1725) Fix cold wallet check FP and added testnet detection 
Without this patch, admin.php checks if it can connect to the wallet service. Regardless of if that check passes or fails, it then checks if the cold wallet address is valid. If the can_connect() test failed, the validateaddress() check will also fail, even if the address is not invalid. To fix this, the validateaddress() check is move to an elseif block in the can_connect() chain.

Additionally, this patch checks to see if the wallet service is running as a testnet. While running as a testnet is perfectly acceptable when testing, the suer should be warned. A lot of folks using the quickstart guide miss this.

A function was added to the Bitcoin class to detect when we are running in a test net. A check was added to admin.php, and the existing can_connect and validateaddress() calls were restructured to solve these issues.
 2014-02-10 12:07:08 -05:00
Sebastian Grewe
a9d9fe4b64 [FIX] Proper fix for Payout ID # 2014-02-10 09:47:40 +01:00
Sebastian Grewe
19fc975d95 [FIX] Insert ID of Payout Request 2014-02-09 17:46:25 +01:00
Sebastian Grewe
6ea257ac20 Merge pull request #1711 from raistlinthewiz/next 
Fixed back ['memcache']['keyprefix'].
 2014-02-08 18:10:31 +01:00
Hüseyin Uslu
24e910a01c Fixed back ['memcache']['keyprefix']. 2014-02-08 18:24:43 +02:00
Sebastian Grewe
08a3200b75 [FIX] Fallback to fixed reward without blocks 2014-02-08 13:46:21 +01:00
Sebastian Grewe
5d65f04515 Merge pull request #1695 from MPOS/reward-average 
[ADDED] Use block averages for payout estimates
 2014-02-07 13:48:07 +01:00
Sebastian Grewe
754f69df2c Merge pull request #1682 from MPOS/payout-balance-check 
Payout balance check
 2014-02-07 13:47:54 +01:00
Sebastian Grewe
ed0be8ec47 [UPGRADE] Upgraded KLogger Library 
* [REMOVED] Logfile name not possible right now
* [ADDED] All loglevels supplied by KLogger
 2014-02-07 13:40:50 +01:00
Sebastian Grewe
ba1dd5e8ab Merge pull request #1696 from MPOS/cron-user-notification 
[ADDED] User notifications for disabled crons
 2014-02-07 13:03:26 +01:00
Sebastian Grewe
2a8927af8f [IMPROVED] Check if cron is running in PHP scripts 
* Ensures we don't spawn more than one PHP process
* Will require admin-intervention to reset the cron_active flag in DB

Shouldn't trigger often but may help people.
 2014-02-07 13:00:05 +01:00
Sebastian Grewe
6509cc6039 [ADDE] CSRF validation for Worker Deletion 
* [ADDED] CSRF token checks to worker page
* [CHANGED] Check for both _GET and _POST ctokens
* [ADDED] CSRF token to each delete call URL

Fixes #1702 once merged
 2014-02-07 12:24:48 +01:00
Sebastian Grewe
feeca87eb0 [FIX] Reset failed login, redirect to trusted location 
Fixes #1701
 2014-02-07 12:20:24 +01:00
Sebastian Grewe
6a55506b0c [IMPROVED] Logging format 
* Added IP address to all log output
* Added Page and Action to all log output
* Modified log messages
* Added Error and Fatal handlers
* Raised failed logins to Error
* Added KLogger default log levels
* Made it most verbose
 2014-02-07 10:14:56 +01:00
Sebastian Grewe
a03b9d4ace [ADDED] JSONP support for MPOS API 
Fixes #1700 once merged.

Thanks @spliznork for the feature request and solution.
 2014-02-07 09:00:09 +01:00
Sebastian Grewe
93470fd63e [FIX] Suppress potential empty HTTP_USER_AGENT 2014-02-06 16:34:06 +01:00
Sebastian Grewe
baaf8bf6eb [IMPROVED] Skip contrib shares until cache available 
* Will help larger pools
* Will fallback to SQL if memcache is disabled
 2014-02-06 14:38:38 +01:00
Sebastian Grewe
8a050ba9af [ADDED] User notifications for disabled crons 
Fixes #1201 once merged
 2014-02-06 14:20:40 +01:00
Sebastian Grewe
6130db50a5 [FIX] Default reward to 50 again 2014-02-06 12:19:16 +01:00
Sebastian Grewe
458a43d469 [FIX] Debug var removed 2014-02-06 11:49:30 +01:00
Sebastian Grewe
3deaf82f1e [ADDED] Use block averages for payout estimates 
Fixes #1514 once merged.
 2014-02-06 11:38:57 +01:00
Sebastian Grewe
c8fbc369cf [FIX] API Key sample format 
Fixes #1694
 2014-02-06 11:20:57 +01:00
Sebastian Grewe
7cf3fb27fb [UPDATE] Allow global notification settings 
Fixes #1232 and allows further expansion in the future.
Addresses #1672 too.
 2014-02-06 11:13:22 +01:00
Sebastian Grewe
7673c34d80 Merge branch 'fix-contactform' into next 2014-02-06 10:57:49 +01:00
Sebastian Grewe
5196cc7448 [UPDATE] Highlight next/previous arrows on admin/user 2014-02-06 10:56:19 +01:00
Sebastian Grewe
324bf05116 [FIX] Better error message 
Fixes #1664
 2014-02-06 10:51:00 +01:00
Sebastian Grewe
b05f87ab5d [FIX] Invalid CSRF error on password reset form 
Fixes #1675
 2014-02-06 10:49:04 +01:00
Sebastian Grewe
2f1d68448f [FIX] CSRF/Re-captcha on Contactform 
Fixes #1666
 2014-02-06 10:19:58 +01:00
Sebastian Grewe
837a8c58ea [FIX] Smarty caching cross-sessions 
Fixes #1691 and fixes #1684
 2014-02-06 09:17:09 +01:00
Sebastian Grewe
ed6c302c57 [FIX] Duplicate Conditionals 
Fixes #1690
 2014-02-06 08:56:38 +01:00
Sebastian Grewe
0e968c90a6 [FIX] Manual PPS Payouts 
Fixes #1692
 2014-02-06 08:53:18 +01:00
Sebastian Grewe
bea6477cb0 [UPDATE] Cache getmininginfo too 2014-02-05 17:21:13 +01:00
Sebastian Grewe
af2e34a1c6 [FIX] No manual-payout on empty coin address 2014-02-05 17:02:21 +01:00
Sebastian Grewe
bdaa4933fa [FIX] Cron error code for monitoring 2014-02-05 16:16:23 +01:00
Sebastian Grewe
bfbb8c83b7 [FIX] Account Update with same coin address 2014-02-05 15:29:52 +01:00
Sebastian Grewe
06eee145bf [FIX] Validate cold wallet address 2014-02-05 09:31:51 +01:00
Sebastian Grewe
c0618dd598 [VERSION] 0.0.4 MPOS for Payout overhaul 2014-02-05 09:02:36 +01:00
Sebastian Grewe
bc0d340bf3 Merge pull request #1642 from MPOS/payout-overhaul 
[IMPROVED] Payout logics
 2014-02-04 21:59:22 -08:00
Sebastian Grewe
43e1c44def Merge pull request #1646 from xisi/security-logging 
[ADDITION] Basic security logging
 2014-02-04 08:05:13 -08:00
Sebastian Grewe
30af8e83c5 Merge pull request #1657 from HerrKauwer/zxcvbn 
Used zxcvbn for password strength determination
 2014-02-02 23:53:22 -08:00
Sebastian Grewe
c677295447 [FIX] Network hashrate in khash before checks 2014-02-03 08:20:42 +01:00
Sebastian Grewe
e59d3a8e25 [FIX] Address Validation in user class 2014-02-03 08:16:59 +01:00
Sebastian Grewe
c00b6d6757 [IMPROVED] Payout logics 
* [ADDED] More methods to our transaction class
 * `createDebitAPRecord` and `createDebitMPRecord`, will handle the
 * entire debit process
  * Adds Debit transaction
  * Adds TXFee transaction
  * mark transactions as archived
  * validate user is fully paid out
  * send notification to user
 * `getMPQueue` was added to unify the process of getting payout queues
* [MOVED] Only one mail template for both payout methods
* [ADDED] Some minor calls to user class
* [ADDED] Full address validation to bitcoin class
* [SQL] New SQL upgrade and Version Increment
 * Adding UNIQUE index to coin_address in accounts table
 * preperation for `sendmany` implementation
 2014-02-03 08:16:58 +01:00
Sebastian Grewe
d61e6a7243 [FIX] Cron compile folder permission issue 2014-02-03 07:58:06 +01:00
xisi
18c7565e5c cleanup 2014-02-02 13:34:41 -05:00
xisi
ca1ae6ba2c wrapped KLogger 2014-02-02 11:57:06 -05:00
HerrKauwer
70e8b27085 Used zxcvbn for password strength determination 2014-02-02 15:04:55 +01:00
Sebastian Grewe
9da7af8a5e [FIX] 24 Hour Account Graphs 2014-02-02 11:35:08 +01:00
Sebastian Grewe
656a92d286 Merge pull request #1651 from rog1121/patch-4 
Locked Account Message
 2014-02-01 13:14:22 -08:00
rog1121
07d49b0956 Locked Account Message 2014-02-01 12:35:48 -07:00
xisi
cf8a8cc4d8 fixes #1639 2014-01-31 17:34:48 -05:00
xisi
e7bace5550 basic logging, adds logs folder to root dir 
htaccess to block access to the logs
by default, only log warnings
simple config check to see if that folder is writable

warning if changeNoFee is used
warning if setLocked is used
warning if changeAdmin is used
warning if when logging in that IP is different than saved IP
info if a login fails with bad user or password
warning if a user is locked via failed logins
info if an update/etc fails with bad pin
warning if a user is locked via failed pins
info when a pin request is sent
warning when a pin request email doesn't send
warning when trying to request pin reset and incorrect password
info when a twofactor token sent
warning if twofactor email doesn't send
warning when a user tries to request multiple of the same type of token
info when a twofactor token is deleted
warning if a twofactor token fails to delete
warning when an invalid change password token is used
info on successful account update
warning when reset password is called and IP doesn't match saved IP, info otherwise
warning if isAuthenticated falls through and kills a session
 2014-01-31 13:11:38 -05:00
Sebastian Grewe
255b9e1f56 [FIX] API Timeout added 
Fixes #1643
 2014-01-31 16:27:03 +01:00
Sebastian Grewe
319d9439a4 Merge pull request #1621 from xisi/sessions-mclimiter-fixes 
[UPDATE] Security updates and fixes
 2014-01-31 05:55:09 -08:00
xisi
afdf3abb29 ripped out all the memcache session stuff, not worth it with the side effects of caching things 
cleaned up config/checks
 2014-01-30 18:41:56 -05:00
xisi
8487a8d462 respect client validation settings for failures 2014-01-30 09:38:41 -05:00
xisi
3d414e9ffa I think this is a good midway between hardcoding it in and allowing configurability 2014-01-29 23:35:07 -05:00
xisi
0643cf4b87 fixed crons, tested on 2 boxes 2014-01-29 18:33:34 -05:00
xisi
53a8b4adf1 .htaccess check for @ahmedbodi 2014-01-29 15:43:09 -05:00
xisi
51818421d8 weird problem, strict for isAuthenticated 2014-01-29 14:46:21 -05:00
xisi
5d017f60c3 how this worked before is beyond me 2014-01-29 13:28:38 -05:00
Yefta Sutanto
0bd1606207 Update sidebar_prop.tpl 
Fixing "Your Invalid" percentage calculation
 2014-01-30 00:17:20 +07:00
Yefta Sutanto
0a9398b99e Update sidebar_pps.tpl 2014-01-30 00:16:45 +07:00
Yefta Sutanto
016da6cd61 Update sidebar_pplns.tpl 
Fixing "Your Invalid" percentage calculation
 2014-01-30 00:12:34 +07:00
xisi
ae47437ab7 fixed worker delete csrf thing I stubbed earlier 
took to field out of the rest of the login forms
 2014-01-29 09:41:50 -05:00
xisi
c36413d70c tests not checks 2014-01-29 09:17:58 -05:00
xisi
f298c60260 little more cleanup 
put version check/config check after sessions/rate limiter so it works correctly & only uses 1 db hit
 2014-01-29 09:16:03 -05:00
xisi
568445845a changes DEBUG SALT and SALTY from defines to variables 
switched that in all places used (class loads mostly)
moved all includes at the beginning of index into bootstrap
moves *_PATH defines from config to bootstrap
config now uses defaults first, then user config
 2014-01-29 07:34:50 -05:00
xisi
c2b1c68699 added check if we can write config files to admin_checks, we shouldnt be able to 2014-01-29 05:20:06 -05:00
Sebastian Grewe
923795c23b [FIX] Ignore AP for empty/NULL addresses 2014-01-29 09:58:18 +01:00
xisi
56ad9266d3 last login time not this login time 2014-01-29 03:55:51 -05:00
Sebastian Grewe
d84018763d [FIX] Admin Panel Users: Show user shares 
Fixes #1624
 2014-01-29 09:27:34 +01:00
Sebastian Grewe
d3aa7ad1d5 Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-29 08:52:39 +01:00
Sebastian Grewe
d007358710 [FIX] Ignore missing HTTP_REFERRER 
Fixes #1626
 2014-01-29 08:52:12 +01:00
xisi
74dec2796d Added last login time/ip address popup on login w/ close button 
Info/blue if your ip matches, warning/yellow if not
 2014-01-28 15:45:24 -05:00
xisi
3efe979ae3 Switch config over to wiki, yay 2014-01-28 14:24:48 -05:00
xisi
181ef0c6d2 security config mask 2014-01-28 10:31:53 -05:00
Zen00
0e8949c71d Linked Site-Title 
Seems that there was plans to make the site title a link, but the .tpl
was never updated.
 2014-01-28 08:16:31 -07:00
xisi
614b5b1dbb of all the pages to miss it on 2014-01-28 08:19:58 -05:00
xisi
9f6cf99aa3 small fixes 2014-01-28 08:08:53 -05:00
xisi
f56c18276a small fixes 2014-01-28 07:26:33 -05:00
xisi
6398e5dfec merged session manager/memcache limiter 
cleanup for PR
 2014-01-28 07:26:33 -05:00
Joey
63c3b96a29 now enforce client & server validity on login with strict on 
fixed csrf token check for a few pages where it mightve been broken
session manager now can be bound to base user class and used, like in login
logout now pushes you to login regardless, no longer has param to push to custom url
fixed validate client, hijacking sessions no longer works
 2014-01-28 07:26:32 -05:00
Joey
795e019d0d cleaned up config options a bit 2014-01-28 07:26:32 -05:00
Joey
493c43e0ed updated check in autoloader so default needs to be changed if SECHASH_CHECK is enabled 2014-01-28 07:26:32 -05:00
Joey
d5f1c97f82 fixed check against define like it used to even if SECHASH_CHECK is disabled 
fixed ajax calls in memcache limiter to use REQUEST page/action rather than QUERY_STRING
 2014-01-28 07:26:32 -05:00
xisi
b728b680ca blah blah 2014-01-28 07:26:08 -05:00
xisi
9dcb855b34 strict class, trying to figure out why edit account doesnt work 2014-01-28 06:18:57 -05:00
xisi
f21f05e874 pushing to start core rebuild 2014-01-28 06:18:57 -05:00
xisi
7393f21d01 just pushing so I can rebase zzz 2014-01-28 06:18:57 -05:00
Sebastian Grewe
56f995c86f Merge pull request #1617 from HerrKauwer/pwcheck 
Cleaned up pwcheck.js
 2014-01-28 00:28:32 -08:00
Sebastian Grewe
5f65904431 [FIX] HTTPS detecion on Template 2014-01-28 09:25:50 +01:00
Sebastian Grewe
967c1cc48f [FIX] Proper HTTPS detection 
Fixes #1618 once merged
 2014-01-28 09:25:20 +01:00
Sebastian Grewe
b783237c2e Merge pull request #1457 from MPOS/issue-1332 
Issue 1332
 2014-01-28 00:18:56 -08:00
Sebastian Grewe
f83c88aae6 Merge pull request #1603 from MPOS/double-payouts 
Double payouts
 2014-01-27 22:25:44 -08:00
HerrKauwer
095ee2e40a Cleaned up pwcheck.js 2014-01-27 23:56:39 +01:00
Sebastian Grewe
ecfa741223 [FIX] Do not assign smarty vars if caching hits 2014-01-27 13:43:33 +01:00
Sebastian Grewe
b5cb8171ba Merge branch 'master-read-only-check' into next 2014-01-27 13:26:14 +01:00
Sebastian Grewe
f183b586a8 [ADDED] Check if master is read-only 
Just to ensure we can run at all.
 2014-01-27 12:58:41 +01:00
Sebastian Grewe
fab3c44e90 [ADDED] THash/second modifier 2014-01-27 12:45:46 +01:00
Sebastian Grewe
1cd9352952 [FIX] Transaction ID and RPC Transaction ID 2014-01-27 10:31:18 +01:00
Sebastian Grewe
d4557982ba [FIX] API call for transactions 
Fixes #1602 once merged.
 2014-01-27 09:13:09 +01:00
Sebastian Grewe
b87691371f [SECURITY] Path disclosure and redirects 
* [SECURITY] Do not disclose paths with wrong query arguments in API
* [SECURITY] Removed $to redirect after login

Fixes #1596 once merged.
 2014-01-26 17:41:27 +01:00
Sebastian Grewe
7c8d7701f2 [FIX] Lock state 2 for admin locks 2014-01-26 11:17:33 +01:00
Sebastian Grewe
702ed49704 [ADDED] Account lock status 
* Lock 1: user confirmation/unlock pending, count shares
* Lock 2: Admin disabled, ignore shares

This further addresses #1332 and should allow proper dropping of shares
for banned accounts.
 2014-01-26 11:17:33 +01:00
Sebastian Grewe
e4627fc51d [IMPROVED] Ignore locked account shares 
* Updated getRoundShares to honor locked accounts
* Updated getSharesForAccounts and getArchiveShares

This will fix #1332 and ignore locked user accounts in share
calculations for payouts.
 2014-01-26 11:17:33 +01:00
Sebastian Grewe
816fb783ce Merge pull request #1589 from joebauers/next 
Update user.class.php
 2014-01-25 23:50:25 -08:00
joebauers
48ce68e612 Update user.class.php 
No need to show world if valid account.
 2014-01-26 02:44:30 -05:00
Sebastian Grewe
a343ac4047 Merge pull request #1568 from MPOS/payout-fail-bail 
[FIX] Bail payouts on failed sendtoaddress calls
 2014-01-25 08:38:56 -08:00
Sebastian Grewe
768d193793 Merge pull request #1576 from xisi/csrf-backend-only 
[FIXES] More CSRF improvements
 2014-01-25 06:59:08 -08:00
Sebastian Grewe
9e6a2a3bea [FIX] Do not treat disabled notification as error 
Fixes #1582 once merged.
 2014-01-25 13:10:38 +01:00
xisi
8fbda49fd1 Don't even need the suppression 2014-01-24 16:33:55 -05:00
xisi
a043e5ed19 Fixes #1561, which happened to me even with the API key in the correct format 2014-01-24 16:32:00 -05:00
xisi
c81aec4c64 fixed bug in registration form 2014-01-24 15:38:56 -05:00
xisi
0f88f70fcf fixes bug in registration form, thanks @Zen00 2014-01-24 15:34:01 -05:00
xisi
4e18ff318b cleaned up tabbing and sessions in index 2014-01-24 15:07:00 -05:00
xisi
c192cbb0bd Token failure condition fix 2014-01-24 14:46:50 -05:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
Sebastian Grewe
a586cc36ab [FIX] Honor cache flag for getUserSharerate 2014-01-24 12:32:21 +01:00
Sebastian Grewe
2891a07637 [FIX] Bail payouts on failed sendtoaddress calls 
* [WORKAROUND] Helps for coins that run a bad RPC implementation
* Addresses #1406 and wil at least stop double payouts
 2014-01-24 12:15:23 +01:00
Sebastian Grewe
70a09811ec [FIX] PHP Notice on Mobile Template 2014-01-24 11:29:19 +01:00
Sebastian Grewe
481c8dd980 [FIX] Round donations on donor page 2014-01-24 10:52:13 +01:00
Sebastian Grewe
a1a3d7e873 [IMPROVED] Added donation minimum and rounding 
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template

Fixes #1475 once merged
 2014-01-24 10:06:13 +01:00
Sebastian Grewe
659c203c06 Merge pull request #1551 from xisi/csrf-improvements 
[FIXES] CSRF tokens & login cleanup
 2014-01-23 23:27:31 -08:00
Sebastian Grewe
90d0ff1081 Merge pull request #1546 from ahmedbodi/patch-1 
Get Cronjob Status API
 2014-01-23 23:13:42 -08:00
Sebastian Grewe
f75200ce1e Merge pull request #1560 from raistlinthewiz/next 
Added reward_type and reward info to api/getpoolinfo
 2014-01-23 23:09:06 -08:00
Neozonz
2d607cca97 [FIX/ENHANCE] Session management 
@herrkauwer appreciate the code review and help
@xisi initial code pr
@add1ct3dd reporting the issue
 2014-01-23 16:52:29 -08:00
Hüseyin Uslu
b518ce0799 Tiny update. 2014-01-24 00:38:28 +02:00
Hüseyin Uslu
0639af54b3 Added reward_type and reward info to api/getpoolinfo 2014-01-24 00:37:50 +02:00
ahmedbodi
6d7d3f2026 Update getcronjobstatus.inc.php 2014-01-23 20:23:41 +00:00
Sebastian Grewe
207a8719fd Merge pull request #1558 from xisi/security-invalidsession-fix 
[FIX] Invalid session regeneration
 2014-01-23 11:52:00 -08:00
xisi
bb24b9cb2c Wrong spot 2014-01-23 14:45:11 -05:00
Joey
8b59e3d519 Merge pull request #1557 from xisi/security-invalidsession-fix 
[FIX] Invalid session regeneration
 2014-01-23 11:43:29 -08:00
xisi
4df4957ec5 Fixes invalid session bug 2014-01-23 14:32:28 -05:00
xisi
1fd0adf038 Removed unused config setting 2014-01-23 11:01:30 -05:00
xisi
a3314fa81e Cleaned up login page logic a bit more 
Fixed up CSRF tokens so rollover minutes/hours are now checked and valid
 2014-01-23 11:01:30 -05:00
Sebastian Grewe
33cfa5667d Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-23 16:59:46 +01:00
Sebastian Grewe
92e7f3e1e4 [FIX] Return floats for some statistics 
Fixes #1540
 2014-01-23 16:59:12 +01:00
Andrea Baccega
d6670508f7 Lets always use $this->table instead of hardcoding 2014-01-23 12:56:19 +01:00
ahmedbodi
ece8b3adf6 Create getcronjobstatus.inc.php 2014-01-23 10:29:01 +00:00
Sebastian Grewe
7acd3bc821 Merge pull request #1543 from Neozonz/issue-1542 
[BUG] FIX txfee in getpoolinfo API
 2014-01-23 01:13:00 -08:00
Sebastian Grewe
4b04df5d8a [FIX] Allow TAB to focus on email login 2014-01-23 10:11:37 +01:00
Sebastian Grewe
8a53e0319d [FIX] Missed file for admin maintenance 2014-01-23 10:01:35 +01:00
Sebastian Grewe
ac1bc4b2ce [FIX] Allow admin logins in maintenance mode 
Fixes #1489
 2014-01-23 08:58:25 +01:00
Neozonz
7a21b05a3d [BUG] Fix txfee API call with added support for old API calls 
[ADD] txfee_auto to API Calls
[ADD] txfee_manual to API Calls
[ADD] confirmations to API Calls
 2014-01-23 02:38:34 -05:00
Sebastian Grewe
cde6227692 Merge pull request #1539 from fspijkerman/next 
Use a full path instead of CWD set by PHP
 2014-01-22 22:17:24 -08:00
Frank Spijkerman
0d300581ff Use a full path instead of CWD set by PHP 2014-01-22 18:40:06 +01:00
freynder
952d5d979c Bugfix: shares and shares_archive values should be added up. 2014-01-22 14:18:38 +01:00
Sebastian Grewe
2a661b5e78 [FIX] Return proper data if memcache disabled 
If memcache option is disabled, the functions should return the data we
tried to set instead of false. At least we can ensure data is returned
as expected from any methods trying to use the memcache.
 2014-01-22 14:02:44 +01:00
Sebastian Grewe
593149742e Merge pull request #1491 from Neozonz/issue-1488 
[Optimize] SQL Queries : Remove joins from account table
 2014-01-22 04:56:16 -08:00
Neozonz
8b4ad00b1a [FIX] Fixed Data types for getHashrate 2014-01-22 07:33:01 -05:00
Neozonz
3de2fee57f [FIX] Updated function call to include account id as well 2014-01-22 07:10:05 -05:00
Sebastian Grewe
0d10079a2a [FIX] remove mail debug output 2014-01-22 12:48:03 +01:00
Sebastian Grewe
faf648d1d2 [FIX] Show username in Login Mails 2014-01-22 12:18:51 +01:00
Sebastian Grewe
3b13ea4990 [FIX] Properly show login details on mail notif. 
Fixes #1530 once merged
 2014-01-22 11:14:50 +01:00
Neozonz
0faf23027a [CACHE] Readded 2014-01-21 20:29:09 -05:00
Neozonz
a9853e2832 [Removed] Caching for testing 2014-01-21 20:18:38 -05:00
Neozonz
934825e8dc [FIX] Remove old query remnants 2014-01-21 20:14:44 -05:00
Neozonz
3222792533 [BUG FIX] Missing JSON 2014-01-21 20:14:13 -05:00
Neozonz
be8437e9dd [FIX] Missing User ID argument 2014-01-21 20:07:07 -05:00
Neozonz
f613cc6bfd [FIX] Set interval for sample size as well 2014-01-21 20:06:37 -05:00
Neozonz
2090247afb [COMMENT] Added commenting and fixed function descriptions 
[CLEAN] Clean Code
 2014-01-21 19:43:33 -05:00
Neozonz
02f085f2d7 [FIX] MySQLi Queries 2014-01-22 00:13:58 +00:00
Nonstopmine.com
ac7aed4bc4 Update mail.class.php 
PHP Notice
 2014-01-21 22:28:39 +02:00
Neozonz
34dfd4aefb [FIX] SQL Conditional Operator 2014-01-21 11:16:00 -08:00
Sebastian Grewe
971006b7a2 [FIX] Live stats not being done with global cache 
Fixes live stats not updating and always using the global cache instead.
 2014-01-21 17:16:26 +01:00
Sebastian Grewe
4d07efe61c Merge pull request #1519 from nrpatten/next 
[FIX] Align Checkbox
 2014-01-21 06:34:38 -08:00
Sebastian Grewe
0d367697e0 [FIX] Storing/showing wrong data from cache 
Fixes #1517
 2014-01-21 15:24:44 +01:00
nrpatten
151decb2b6 [FIX] Align Checkbox 
"Edit template" checkbox align closer to "Active"
 2014-01-22 00:39:42 +11:00
nrpatten
fc7a939b1e [FIX] Update github footer link 
Remove https://github.com/TheSerapher/php-mpos
Add https://github.com/MPOS/php-mpos
 2014-01-21 23:42:58 +11:00
Sebastian Grewe
af1e6e8e13 Merge pull request #1516 from MPOS/default-payout-block 
[UPDATE] Change payout by default to block
 2014-01-21 04:15:18 -08:00
Sebastian Grewe
10ba200df6 [UPDATE] Change payout by default to block 2014-01-21 13:14:53 +01:00
Neozonz
1630d85440 [FIX] Cache by Account_ID 
[FIX] Query by Username
 2014-01-21 06:58:28 -05:00
Sebastian Grewe
2eb53d8efc Merge pull request #1515 from xisi/security-typofix 
Typo in registration
 2014-01-21 03:56:18 -08:00
xisi
c88a14bac1 typo 2014-01-21 06:51:56 -05:00
Neozonz
0a5344cba0 Merge branch 'github.com/issue-1488' 
Conflicts:
	public/include/classes/statistics.class.php
 2014-01-21 06:44:10 -05:00
Neozonz
07e8af55f8 [FIX] Added back accound_ids for caching 
[FIX] SQL string termination
 2014-01-21 06:42:08 -05:00
Neozonz
df97e7a8ea [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
9e8841b1df [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
4d845c7c73 [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
4b98c09fb2 [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
3d72da0ca4 [Optimize] Switched calls to username from id 2014-01-21 06:40:59 -05:00
Neozonz
d99ae5bab5 [Optimize] Switched calls to username from id 2014-01-21 06:40:59 -05:00
Neozonz
58df4ad1b2 [Optimize] Switched calls to username from id 2014-01-21 06:39:37 -05:00
Neozonz
4a4fd65ae2 [CLEAN] Clean spacing 2014-01-21 06:39:37 -05:00
Neozonz
ca0634929e [FIX] Whoopsie 2014-01-21 06:39:37 -05:00
Neozonz
a78141b5ce [Optimize] SQL Queries : Remove joins from account table 2014-01-21 06:36:07 -05:00
Sebastian Grewe
bf484c4be2 Merge pull request #1510 from xisi/security-pagecontrollerfix 
Fix issue #1508
 2014-01-21 03:20:38 -08:00
Neozonz
48cc7f7665 [FIX] Added back accound_ids for caching 
[FIX] SQL string termination
 2014-01-21 06:19:59 -05:00
Sebastian Grewe
7e93517552 Merge pull request #1513 from MPOS/static-caches 
Static caches
 2014-01-21 02:57:40 -08:00
Sebastian Grewe
6b46385584 [IMPROVED] non-auto expire caches added 2014-01-21 10:59:25 +01:00
Sebastian Grewe
fe9c706020 [IMPROVED] non-auto expire caches added 2014-01-21 10:56:08 +01:00
nrpatten
6b938a66d2 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:50:29 +11:00
nrpatten
dfd4d57361 [FIX] Unknown Pool 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:49:42 +11:00
nrpatten
35d6317ec2 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:48:48 +11:00
nrpatten
1c07abb2c0 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:47:37 +11:00
Sebastian Grewe
8ef419f795 [ADDED] Static cache with no auto-expiration 2014-01-21 10:16:17 +01:00
xisi
ac91d70c5f This should fix issue #1508 2014-01-21 04:04:53 -05:00
Sebastian Grewe
2d760c2934 Merge pull request #1504 from daygle/patch-6 
Update default.tpl
 2014-01-21 01:00:00 -08:00
Sebastian Grewe
3cb546cea5 [HOTFIX] Broken maill class 2014-01-21 09:49:57 +01:00
Sebastian Grewe
8cea4ec3ff Merge pull request #1494 from nonstopmine/patch-1 
Update edit.inc.php
 2014-01-21 00:18:44 -08:00
Sebastian Grewe
9520795e07 Merge pull request #1506 from nrpatten/next 
[FIX] input[type=email] in the wrong order and Overlap and Reposition TABS
 2014-01-21 00:07:58 -08:00
Sebastian Grewe
0edd964930 Merge pull request #1507 from xisi/security-js-pwstrength 
Simple javascript password strength/match
 2014-01-21 00:04:18 -08:00
nrpatten
b411f68d64 [FIX] Unknown Pool 
Remove From: {$GLOBAL.website.name|default:"Unknown Pool"}
Add From: ' . $this->setting->getValue('website_name')
 2014-01-21 18:37:19 +11:00