RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,075 Commits 4 Branches 11 Tags 14 MiB
963b76ed80
Commit Graph

2123 Commits

Author SHA1 Message Date
xisi
afdf3abb29 ripped out all the memcache session stuff, not worth it with the side effects of caching things 
cleaned up config/checks
 2014-01-30 18:41:56 -05:00
xisi
8487a8d462 respect client validation settings for failures 2014-01-30 09:38:41 -05:00
xisi
3d414e9ffa I think this is a good midway between hardcoding it in and allowing configurability 2014-01-29 23:35:07 -05:00
xisi
0643cf4b87 fixed crons, tested on 2 boxes 2014-01-29 18:33:34 -05:00
xisi
53a8b4adf1 .htaccess check for @ahmedbodi 2014-01-29 15:43:09 -05:00
xisi
51818421d8 weird problem, strict for isAuthenticated 2014-01-29 14:46:21 -05:00
xisi
5d017f60c3 how this worked before is beyond me 2014-01-29 13:28:38 -05:00
Yefta Sutanto
0bd1606207 Update sidebar_prop.tpl 
Fixing "Your Invalid" percentage calculation
 2014-01-30 00:17:20 +07:00
Yefta Sutanto
0a9398b99e Update sidebar_pps.tpl 2014-01-30 00:16:45 +07:00
Yefta Sutanto
016da6cd61 Update sidebar_pplns.tpl 
Fixing "Your Invalid" percentage calculation
 2014-01-30 00:12:34 +07:00
xisi
ae47437ab7 fixed worker delete csrf thing I stubbed earlier 
took to field out of the rest of the login forms
 2014-01-29 09:41:50 -05:00
xisi
c36413d70c tests not checks 2014-01-29 09:17:58 -05:00
xisi
f298c60260 little more cleanup 
put version check/config check after sessions/rate limiter so it works correctly & only uses 1 db hit
 2014-01-29 09:16:03 -05:00
xisi
568445845a changes DEBUG SALT and SALTY from defines to variables 
switched that in all places used (class loads mostly)
moved all includes at the beginning of index into bootstrap
moves *_PATH defines from config to bootstrap
config now uses defaults first, then user config
 2014-01-29 07:34:50 -05:00
xisi
c2b1c68699 added check if we can write config files to admin_checks, we shouldnt be able to 2014-01-29 05:20:06 -05:00
Sebastian Grewe
923795c23b [FIX] Ignore AP for empty/NULL addresses 2014-01-29 09:58:18 +01:00
xisi
56ad9266d3 last login time not this login time 2014-01-29 03:55:51 -05:00
Sebastian Grewe
d84018763d [FIX] Admin Panel Users: Show user shares 
Fixes #1624
 2014-01-29 09:27:34 +01:00
Sebastian Grewe
d3aa7ad1d5 Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-29 08:52:39 +01:00
Sebastian Grewe
d007358710 [FIX] Ignore missing HTTP_REFERRER 
Fixes #1626
 2014-01-29 08:52:12 +01:00
xisi
74dec2796d Added last login time/ip address popup on login w/ close button 
Info/blue if your ip matches, warning/yellow if not
 2014-01-28 15:45:24 -05:00
xisi
3efe979ae3 Switch config over to wiki, yay 2014-01-28 14:24:48 -05:00
xisi
181ef0c6d2 security config mask 2014-01-28 10:31:53 -05:00
Zen00
0e8949c71d Linked Site-Title 
Seems that there was plans to make the site title a link, but the .tpl
was never updated.
 2014-01-28 08:16:31 -07:00
xisi
614b5b1dbb of all the pages to miss it on 2014-01-28 08:19:58 -05:00
xisi
9f6cf99aa3 small fixes 2014-01-28 08:08:53 -05:00
xisi
f56c18276a small fixes 2014-01-28 07:26:33 -05:00
xisi
6398e5dfec merged session manager/memcache limiter 
cleanup for PR
 2014-01-28 07:26:33 -05:00
Joey
63c3b96a29 now enforce client & server validity on login with strict on 
fixed csrf token check for a few pages where it mightve been broken
session manager now can be bound to base user class and used, like in login
logout now pushes you to login regardless, no longer has param to push to custom url
fixed validate client, hijacking sessions no longer works
 2014-01-28 07:26:32 -05:00
Joey
795e019d0d cleaned up config options a bit 2014-01-28 07:26:32 -05:00
Joey
493c43e0ed updated check in autoloader so default needs to be changed if SECHASH_CHECK is enabled 2014-01-28 07:26:32 -05:00
Joey
d5f1c97f82 fixed check against define like it used to even if SECHASH_CHECK is disabled 
fixed ajax calls in memcache limiter to use REQUEST page/action rather than QUERY_STRING
 2014-01-28 07:26:32 -05:00
xisi
b728b680ca blah blah 2014-01-28 07:26:08 -05:00
xisi
9dcb855b34 strict class, trying to figure out why edit account doesnt work 2014-01-28 06:18:57 -05:00
xisi
f21f05e874 pushing to start core rebuild 2014-01-28 06:18:57 -05:00
xisi
7393f21d01 just pushing so I can rebase zzz 2014-01-28 06:18:57 -05:00
Sebastian Grewe
56f995c86f Merge pull request #1617 from HerrKauwer/pwcheck 
Cleaned up pwcheck.js
 2014-01-28 00:28:32 -08:00
Sebastian Grewe
5f65904431 [FIX] HTTPS detecion on Template 2014-01-28 09:25:50 +01:00
Sebastian Grewe
967c1cc48f [FIX] Proper HTTPS detection 
Fixes #1618 once merged
 2014-01-28 09:25:20 +01:00
Sebastian Grewe
b783237c2e Merge pull request #1457 from MPOS/issue-1332 
Issue 1332
 2014-01-28 00:18:56 -08:00
Sebastian Grewe
f83c88aae6 Merge pull request #1603 from MPOS/double-payouts 
Double payouts
 2014-01-27 22:25:44 -08:00
HerrKauwer
095ee2e40a Cleaned up pwcheck.js 2014-01-27 23:56:39 +01:00
Sebastian Grewe
ecfa741223 [FIX] Do not assign smarty vars if caching hits 2014-01-27 13:43:33 +01:00
Sebastian Grewe
b5cb8171ba Merge branch 'master-read-only-check' into next 2014-01-27 13:26:14 +01:00
Sebastian Grewe
f183b586a8 [ADDED] Check if master is read-only 
Just to ensure we can run at all.
 2014-01-27 12:58:41 +01:00
Sebastian Grewe
fab3c44e90 [ADDED] THash/second modifier 2014-01-27 12:45:46 +01:00
Sebastian Grewe
1cd9352952 [FIX] Transaction ID and RPC Transaction ID 2014-01-27 10:31:18 +01:00
Sebastian Grewe
d4557982ba [FIX] API call for transactions 
Fixes #1602 once merged.
 2014-01-27 09:13:09 +01:00
Sebastian Grewe
b87691371f [SECURITY] Path disclosure and redirects 
* [SECURITY] Do not disclose paths with wrong query arguments in API
* [SECURITY] Removed $to redirect after login

Fixes #1596 once merged.
 2014-01-26 17:41:27 +01:00
Sebastian Grewe
7c8d7701f2 [FIX] Lock state 2 for admin locks 2014-01-26 11:17:33 +01:00
Sebastian Grewe
702ed49704 [ADDED] Account lock status 
* Lock 1: user confirmation/unlock pending, count shares
* Lock 2: Admin disabled, ignore shares

This further addresses #1332 and should allow proper dropping of shares
for banned accounts.
 2014-01-26 11:17:33 +01:00
Sebastian Grewe
e4627fc51d [IMPROVED] Ignore locked account shares 
* Updated getRoundShares to honor locked accounts
* Updated getSharesForAccounts and getArchiveShares

This will fix #1332 and ignore locked user accounts in share
calculations for payouts.
 2014-01-26 11:17:33 +01:00
Sebastian Grewe
816fb783ce Merge pull request #1589 from joebauers/next 
Update user.class.php
 2014-01-25 23:50:25 -08:00
joebauers
48ce68e612 Update user.class.php 
No need to show world if valid account.
 2014-01-26 02:44:30 -05:00
Sebastian Grewe
a343ac4047 Merge pull request #1568 from MPOS/payout-fail-bail 
[FIX] Bail payouts on failed sendtoaddress calls
 2014-01-25 08:38:56 -08:00
Sebastian Grewe
768d193793 Merge pull request #1576 from xisi/csrf-backend-only 
[FIXES] More CSRF improvements
 2014-01-25 06:59:08 -08:00
Sebastian Grewe
9e6a2a3bea [FIX] Do not treat disabled notification as error 
Fixes #1582 once merged.
 2014-01-25 13:10:38 +01:00
xisi
8fbda49fd1 Don't even need the suppression 2014-01-24 16:33:55 -05:00
xisi
a043e5ed19 Fixes #1561, which happened to me even with the API key in the correct format 2014-01-24 16:32:00 -05:00
xisi
c81aec4c64 fixed bug in registration form 2014-01-24 15:38:56 -05:00
xisi
0f88f70fcf fixes bug in registration form, thanks @Zen00 2014-01-24 15:34:01 -05:00
xisi
4e18ff318b cleaned up tabbing and sessions in index 2014-01-24 15:07:00 -05:00
xisi
c192cbb0bd Token failure condition fix 2014-01-24 14:46:50 -05:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
Sebastian Grewe
a586cc36ab [FIX] Honor cache flag for getUserSharerate 2014-01-24 12:32:21 +01:00
Sebastian Grewe
2891a07637 [FIX] Bail payouts on failed sendtoaddress calls 
* [WORKAROUND] Helps for coins that run a bad RPC implementation
* Addresses #1406 and wil at least stop double payouts
 2014-01-24 12:15:23 +01:00
Sebastian Grewe
70a09811ec [FIX] PHP Notice on Mobile Template 2014-01-24 11:29:19 +01:00
Sebastian Grewe
481c8dd980 [FIX] Round donations on donor page 2014-01-24 10:52:13 +01:00
Sebastian Grewe
a1a3d7e873 [IMPROVED] Added donation minimum and rounding 
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template

Fixes #1475 once merged
 2014-01-24 10:06:13 +01:00
Sebastian Grewe
659c203c06 Merge pull request #1551 from xisi/csrf-improvements 
[FIXES] CSRF tokens & login cleanup
 2014-01-23 23:27:31 -08:00
Sebastian Grewe
90d0ff1081 Merge pull request #1546 from ahmedbodi/patch-1 
Get Cronjob Status API
 2014-01-23 23:13:42 -08:00
Sebastian Grewe
f75200ce1e Merge pull request #1560 from raistlinthewiz/next 
Added reward_type and reward info to api/getpoolinfo
 2014-01-23 23:09:06 -08:00
Neozonz
2d607cca97 [FIX/ENHANCE] Session management 
@herrkauwer appreciate the code review and help
@xisi initial code pr
@add1ct3dd reporting the issue
 2014-01-23 16:52:29 -08:00
Hüseyin Uslu
b518ce0799 Tiny update. 2014-01-24 00:38:28 +02:00
Hüseyin Uslu
0639af54b3 Added reward_type and reward info to api/getpoolinfo 2014-01-24 00:37:50 +02:00
ahmedbodi
6d7d3f2026 Update getcronjobstatus.inc.php 2014-01-23 20:23:41 +00:00
Sebastian Grewe
207a8719fd Merge pull request #1558 from xisi/security-invalidsession-fix 
[FIX] Invalid session regeneration
 2014-01-23 11:52:00 -08:00
xisi
bb24b9cb2c Wrong spot 2014-01-23 14:45:11 -05:00
Joey
8b59e3d519 Merge pull request #1557 from xisi/security-invalidsession-fix 
[FIX] Invalid session regeneration
 2014-01-23 11:43:29 -08:00
xisi
4df4957ec5 Fixes invalid session bug 2014-01-23 14:32:28 -05:00
xisi
1fd0adf038 Removed unused config setting 2014-01-23 11:01:30 -05:00
xisi
a3314fa81e Cleaned up login page logic a bit more 
Fixed up CSRF tokens so rollover minutes/hours are now checked and valid
 2014-01-23 11:01:30 -05:00
Sebastian Grewe
33cfa5667d Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-23 16:59:46 +01:00
Sebastian Grewe
92e7f3e1e4 [FIX] Return floats for some statistics 
Fixes #1540
 2014-01-23 16:59:12 +01:00
Andrea Baccega
d6670508f7 Lets always use $this->table instead of hardcoding 2014-01-23 12:56:19 +01:00
ahmedbodi
ece8b3adf6 Create getcronjobstatus.inc.php 2014-01-23 10:29:01 +00:00
Sebastian Grewe
7acd3bc821 Merge pull request #1543 from Neozonz/issue-1542 
[BUG] FIX txfee in getpoolinfo API
 2014-01-23 01:13:00 -08:00
Sebastian Grewe
4b04df5d8a [FIX] Allow TAB to focus on email login 2014-01-23 10:11:37 +01:00
Sebastian Grewe
8a53e0319d [FIX] Missed file for admin maintenance 2014-01-23 10:01:35 +01:00
Sebastian Grewe
ac1bc4b2ce [FIX] Allow admin logins in maintenance mode 
Fixes #1489
 2014-01-23 08:58:25 +01:00
Neozonz
7a21b05a3d [BUG] Fix txfee API call with added support for old API calls 
[ADD] txfee_auto to API Calls
[ADD] txfee_manual to API Calls
[ADD] confirmations to API Calls
 2014-01-23 02:38:34 -05:00
Sebastian Grewe
cde6227692 Merge pull request #1539 from fspijkerman/next 
Use a full path instead of CWD set by PHP
 2014-01-22 22:17:24 -08:00
Frank Spijkerman
0d300581ff Use a full path instead of CWD set by PHP 2014-01-22 18:40:06 +01:00
freynder
952d5d979c Bugfix: shares and shares_archive values should be added up. 2014-01-22 14:18:38 +01:00
Sebastian Grewe
2a661b5e78 [FIX] Return proper data if memcache disabled 
If memcache option is disabled, the functions should return the data we
tried to set instead of false. At least we can ensure data is returned
as expected from any methods trying to use the memcache.
 2014-01-22 14:02:44 +01:00
Sebastian Grewe
593149742e Merge pull request #1491 from Neozonz/issue-1488 
[Optimize] SQL Queries : Remove joins from account table
 2014-01-22 04:56:16 -08:00
Neozonz
8b4ad00b1a [FIX] Fixed Data types for getHashrate 2014-01-22 07:33:01 -05:00
Neozonz
3de2fee57f [FIX] Updated function call to include account id as well 2014-01-22 07:10:05 -05:00
Sebastian Grewe
0d10079a2a [FIX] remove mail debug output 2014-01-22 12:48:03 +01:00
Sebastian Grewe
faf648d1d2 [FIX] Show username in Login Mails 2014-01-22 12:18:51 +01:00
Sebastian Grewe
3b13ea4990 [FIX] Properly show login details on mail notif. 
Fixes #1530 once merged
 2014-01-22 11:14:50 +01:00
Neozonz
0faf23027a [CACHE] Readded 2014-01-21 20:29:09 -05:00
Neozonz
a9853e2832 [Removed] Caching for testing 2014-01-21 20:18:38 -05:00
Neozonz
934825e8dc [FIX] Remove old query remnants 2014-01-21 20:14:44 -05:00
Neozonz
3222792533 [BUG FIX] Missing JSON 2014-01-21 20:14:13 -05:00
Neozonz
be8437e9dd [FIX] Missing User ID argument 2014-01-21 20:07:07 -05:00
Neozonz
f613cc6bfd [FIX] Set interval for sample size as well 2014-01-21 20:06:37 -05:00
Neozonz
2090247afb [COMMENT] Added commenting and fixed function descriptions 
[CLEAN] Clean Code
 2014-01-21 19:43:33 -05:00
Neozonz
02f085f2d7 [FIX] MySQLi Queries 2014-01-22 00:13:58 +00:00
Nonstopmine.com
ac7aed4bc4 Update mail.class.php 
PHP Notice
 2014-01-21 22:28:39 +02:00
Neozonz
34dfd4aefb [FIX] SQL Conditional Operator 2014-01-21 11:16:00 -08:00
Sebastian Grewe
971006b7a2 [FIX] Live stats not being done with global cache 
Fixes live stats not updating and always using the global cache instead.
 2014-01-21 17:16:26 +01:00
Sebastian Grewe
4d07efe61c Merge pull request #1519 from nrpatten/next 
[FIX] Align Checkbox
 2014-01-21 06:34:38 -08:00
Sebastian Grewe
0d367697e0 [FIX] Storing/showing wrong data from cache 
Fixes #1517
 2014-01-21 15:24:44 +01:00
nrpatten
151decb2b6 [FIX] Align Checkbox 
"Edit template" checkbox align closer to "Active"
 2014-01-22 00:39:42 +11:00
nrpatten
fc7a939b1e [FIX] Update github footer link 
Remove https://github.com/TheSerapher/php-mpos
Add https://github.com/MPOS/php-mpos
 2014-01-21 23:42:58 +11:00
Sebastian Grewe
af1e6e8e13 Merge pull request #1516 from MPOS/default-payout-block 
[UPDATE] Change payout by default to block
 2014-01-21 04:15:18 -08:00
Sebastian Grewe
10ba200df6 [UPDATE] Change payout by default to block 2014-01-21 13:14:53 +01:00
Neozonz
1630d85440 [FIX] Cache by Account_ID 
[FIX] Query by Username
 2014-01-21 06:58:28 -05:00
Sebastian Grewe
2eb53d8efc Merge pull request #1515 from xisi/security-typofix 
Typo in registration
 2014-01-21 03:56:18 -08:00
xisi
c88a14bac1 typo 2014-01-21 06:51:56 -05:00
Neozonz
0a5344cba0 Merge branch 'github.com/issue-1488' 
Conflicts:
	public/include/classes/statistics.class.php
 2014-01-21 06:44:10 -05:00
Neozonz
07e8af55f8 [FIX] Added back accound_ids for caching 
[FIX] SQL string termination
 2014-01-21 06:42:08 -05:00
Neozonz
df97e7a8ea [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
9e8841b1df [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
4d845c7c73 [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
4b98c09fb2 [Optimize] Switched calls to username from id 2014-01-21 06:41:00 -05:00
Neozonz
3d72da0ca4 [Optimize] Switched calls to username from id 2014-01-21 06:40:59 -05:00
Neozonz
d99ae5bab5 [Optimize] Switched calls to username from id 2014-01-21 06:40:59 -05:00
Neozonz
58df4ad1b2 [Optimize] Switched calls to username from id 2014-01-21 06:39:37 -05:00
Neozonz
4a4fd65ae2 [CLEAN] Clean spacing 2014-01-21 06:39:37 -05:00
Neozonz
ca0634929e [FIX] Whoopsie 2014-01-21 06:39:37 -05:00
Neozonz
a78141b5ce [Optimize] SQL Queries : Remove joins from account table 2014-01-21 06:36:07 -05:00
Sebastian Grewe
bf484c4be2 Merge pull request #1510 from xisi/security-pagecontrollerfix 
Fix issue #1508
 2014-01-21 03:20:38 -08:00
Neozonz
48cc7f7665 [FIX] Added back accound_ids for caching 
[FIX] SQL string termination
 2014-01-21 06:19:59 -05:00
Sebastian Grewe
7e93517552 Merge pull request #1513 from MPOS/static-caches 
Static caches
 2014-01-21 02:57:40 -08:00
Sebastian Grewe
6b46385584 [IMPROVED] non-auto expire caches added 2014-01-21 10:59:25 +01:00
Sebastian Grewe
fe9c706020 [IMPROVED] non-auto expire caches added 2014-01-21 10:56:08 +01:00
nrpatten
6b938a66d2 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:50:29 +11:00
nrpatten
dfd4d57361 [FIX] Unknown Pool 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:49:42 +11:00
nrpatten
35d6317ec2 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:48:48 +11:00
nrpatten
1c07abb2c0 [FIX] Unknown Pool Footer 
Remove <p>{$GLOBAL.website.name|default:"Unknown Pool"}</p>
Add <p>{$WEBSITENAME}</p>
 2014-01-21 20:47:37 +11:00
Sebastian Grewe
8ef419f795 [ADDED] Static cache with no auto-expiration 2014-01-21 10:16:17 +01:00
xisi
ac91d70c5f This should fix issue #1508 2014-01-21 04:04:53 -05:00
Sebastian Grewe
2d760c2934 Merge pull request #1504 from daygle/patch-6 
Update default.tpl
 2014-01-21 01:00:00 -08:00
Sebastian Grewe
3cb546cea5 [HOTFIX] Broken maill class 2014-01-21 09:49:57 +01:00
Sebastian Grewe
8cea4ec3ff Merge pull request #1494 from nonstopmine/patch-1 
Update edit.inc.php
 2014-01-21 00:18:44 -08:00
Sebastian Grewe
9520795e07 Merge pull request #1506 from nrpatten/next 
[FIX] input[type=email] in the wrong order and Overlap and Reposition TABS
 2014-01-21 00:07:58 -08:00
Sebastian Grewe
0edd964930 Merge pull request #1507 from xisi/security-js-pwstrength 
Simple javascript password strength/match
 2014-01-21 00:04:18 -08:00
nrpatten
b411f68d64 [FIX] Unknown Pool 
Remove From: {$GLOBAL.website.name|default:"Unknown Pool"}
Add From: ' . $this->setting->getValue('website_name')
 2014-01-21 18:37:19 +11:00
nrpatten
0cfc92bd2b [FIX] Overlap and Reposition TABS 
[FIX] "E-mail address for system error" Overlap and realign class="tabs" to fieldset
 2014-01-21 17:12:06 +11:00
nrpatten
ce37dc2147 [FIX] input[type=email] in the wrong order 
[FIX] fieldset input[type=email] was in the wrong order.
 2014-01-21 16:35:20 +11:00
xisi
a20c2324e2 Added pw strength/match to change password form 2014-01-21 00:02:57 -05:00
xisi
b0053b65e1 Added basic javascript password strength/match testing 
Added pw strength/match to registration form
 2014-01-20 23:57:07 -05:00
Glen
3a43ed4e42 Update default.tpl 
Getting started page modification suggestions for all users.

1. Add BFGMiner details.
2. Remove bullet points for steps.
3. Add additional line for BFGMiner command line.
 2014-01-21 14:38:10 +11:00
Neozonz
bfaf30fd2c [FIX] FFS 2014-01-20 16:05:41 -08:00
Neozonz
7f2268dfb1 [Optimize] Switched calls to username from id 2014-01-20 16:02:08 -08:00
Neozonz
056387bc27 [Optimize] Switched calls to username from id 2014-01-20 16:01:42 -08:00
Neozonz
49418ccc6b [Optimize] Switched calls to username from id 2014-01-20 16:01:29 -08:00
Neozonz
bdb704fbe2 [Optimize] Switched calls to username from id 2014-01-20 16:01:22 -08:00
Neozonz
8f207bfe76 [Optimize] Switched calls to username from id 2014-01-20 16:01:09 -08:00
Neozonz
9ba717c080 [Optimize] Switched calls to username from id 2014-01-20 16:00:58 -08:00
Neozonz
e275676bf6 [FIX] Double whoopsie 2014-01-20 16:00:37 -08:00
Neozonz
0ef487187f [Optimize] Switched calls to username from id 2014-01-20 16:00:22 -08:00
Neozonz
99a1c87722 [CLEAN] Clean spacing 2014-01-20 14:37:44 -08:00
Neozonz
9b74a1592b [FIX] Whoopsie 2014-01-20 14:32:19 -08:00
Neozonz
5b4a15454c [Optimize] SQL Queries : Remove joins from account table 2014-01-20 14:26:10 -08:00
Neozonz
c42a9f55b7 [FIX] Math fart 2014-01-20 12:55:32 -08:00
xisi
d782038d0f stupid rebase 2014-01-20 15:38:46 -05:00
nonstopmine
bab002d9f8 Update edit.inc.php 
txfee is old variable, replaced with txfee_manual
 2014-01-20 22:32:04 +02:00
Neozonz
f7d9ca2777 [Optimize] By default only sample 3 minutes worth of shares 2014-01-20 12:01:13 -08:00
rog1121
0a6ab8748b Mail Titles 2014-01-20 09:33:21 -07:00
Sebastian Grewe
eb6692b31c Merge pull request #1481 from raistlinthewiz/next 
tx fee's shouldn't be %
 2014-01-20 07:46:45 -08:00
Hüseyin Uslu
51d0879f8d Wording fix for index.php?page=account&action=edit - tx fee's shouldn't be % 2014-01-20 17:44:45 +02:00
xisi
200e115ee6 forgot to move this to the new config setting, oops 2014-01-20 06:21:42 -05:00
xisi
c8d7d67c96 forgot login in csrf protection disable comment 2014-01-20 05:19:32 -05:00
xisi
ffda9dbae1 rebase + fix bug in overview tpl that could throw a notice 2014-01-20 04:53:00 -05:00
xisi
11b8b554f1 thanks, eclipse 2014-01-20 04:42:08 -05:00
xisi
befc5b9276 cleanup 2014-01-20 04:42:08 -05:00
xisi
fd49e0eb78 disabled is actually correct to use in cash out form, we want the css props 
slightly optimization
 2014-01-20 04:41:13 -05:00
xisi
03e0b2e51d request fiddling 2014-01-20 04:41:13 -05:00
xisi
1993ff604f Fixed undefined property in news class found by @neozonz 2014-01-20 04:41:13 -05:00
xisi
97835f33ca fixed explicit time check for token validity 2014-01-20 04:41:13 -05:00
xisi
a987878c8e removed extraneous disabling of a field in edit account page, thanks @rog1121 2014-01-20 04:41:13 -05:00
xisi
b0413226b4 removed extraneous disabling of a field in edit account page, thanks @rog1121 2014-01-20 04:41:13 -05:00
xisi
76a67cb71a Changed the config options for CSRF/disabling forms 
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
 2014-01-20 04:41:13 -05:00
xisi
163e5de1f0 cleaned up & updated config options 2014-01-20 04:40:38 -05:00
xisi
5e5e751271 switched account edit csrf token to 1 min now that saving works on an incorrect entry 2014-01-20 04:40:38 -05:00
xisi
36f3a16cc3 gave password reset its own csrf token 2014-01-20 04:40:38 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
xisi
7e3197246a fixed error response to not leak info to users 2014-01-20 04:40:38 -05:00
xisi
cc6e58084f Fixed an bug where a notice could be thrown on the edit page under the right conditions 
Cleaned up login page logic which should fix #1459 & #1461
Fixed a bug in tools class where an incorrect config setting could throw a notice
 2014-01-20 04:40:38 -05:00
xisi
dacadd8477 Fixed bug / undefined index when api settings are empty 2014-01-20 04:40:15 -05:00
xisi
62e341b877 finally cleaned up the edit account page to my liking 
fixed change I made to test a fix for someone who was having issues
 2014-01-20 04:38:53 -05:00
xisi
fed3981979 fixed isTokenValid, started work on edit fixes, recaptcha fix test 2014-01-20 04:38:25 -05:00
xisi
3b6a408c3f forget the check, the crons run 2014-01-20 04:33:28 -05:00
xisi
d3a7d4bdbf inc db version in version include 2014-01-20 04:32:54 -05:00
xisi
4be9330ca1 typo 2014-01-20 04:32:54 -05:00
xisi
18f808a85b After messing around for quite awhile now with the SQL NOW() and timestamp comparison, I've come to the conclusion it's much better for my sanity to do the expiration check in php - there seems to be some divergence between the way this is handled between SQL setups I've tested. So there you go. 2014-01-20 04:32:54 -05:00
xisi
bacbb8c36c after looking into this quite a bit, this is the correct way to do it after all 2014-01-20 04:30:17 -05:00
xisi
13e6c43ba5 add notify_email to accounts table and getUserNotifyEmail() method in user class 2014-01-20 04:30:17 -05:00
xisi
9ecd8d4d3e added signup_timestamp to accounts table 
added getSignupTime() method to user class
added 014_accounts_update.sql and updated 000_base_structure.sql
incremented db version
 2014-01-20 04:30:17 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
a36a0c5b79 [UPDATE] CSRF protection + User/IP/Date & time added to login notification 
* Adds CSRF protection for multiple pages, see bottom
 * Adds User/IP/Date & time to successful login notification
 * New config option for sitewide CSRF protection
 * Fixed a bug in the contact form
 * Lots of cleanup related to CSRF stuff
 * Increments config version
 * CSRF protection: register, contact, account edit, workers, notifications, and invites
 2014-01-20 04:29:45 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
xisi
9ccb5e15bc refactored old token usage in account edit page 2014-01-20 04:27:58 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00
xisi
58529547e0 Cleaned up logic of login page csrf protection 
added csrf protection to register page
 2014-01-20 04:27:22 -05:00
xisi
6da5510035 clean up pages that use csrftokens 2014-01-20 04:26:04 -05:00
xisi
42d93f5beb specific timing for csrf tokens 2014-01-20 04:26:04 -05:00
xisi
a56140ca84 Moved csrftoken stuff into a class 
added getCurrentIP method to user class
added config option for sitewide csrf protection
 2014-01-20 04:26:04 -05:00
xisi
19a0945be2 no config version inc 2014-01-20 04:26:04 -05:00
xisi
6afc876d19 Merge changes from TheSerapher's pull/1404 Added re-Captcha to Login Page 2014-01-20 04:26:04 -05:00
Sebastian Grewe
954459b897 Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-20 09:58:33 +01:00
Sebastian Grewe
56fbf205b7 [ADDED] Comment for DEBUG levels 2014-01-20 09:58:06 +01:00
Sebastian Grewe
2dab915d6e Merge pull request #1472 from MPOS/issue-1471 
Issue 1471
 2014-01-20 00:42:35 -08:00
Sebastian Grewe
24e24576af [FIX] E-Mail login location 2014-01-20 09:16:38 +01:00
rog1121
77a0287c7f Update default.tpl 2014-01-19 12:37:54 -07:00
Sebastian Grewe
5b7cf6ab93 [FIX] SQL again, sigh 2014-01-19 17:28:34 +01:00
Sebastian Grewe
8a983835c6 [FIX] Whoopsie SQL 2014-01-19 17:25:55 +01:00
Sebastian Grewe
d4db477c2d [FIX] Also honor diff for share difficulties if unset 2014-01-19 17:22:00 +01:00
Sebastian Grewe
b905089a01 [FIX] Removed debug output 2014-01-19 17:18:09 +01:00
Sebastian Grewe
0fb543c3ed [FIX] Honor target_bits for hashrate 2014-01-19 17:17:24 +01:00
Sebastian Grewe
cf49db4535 [IMPROVED] Cronbased global Hash-/Sharerate cache 
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache

Addresses #1471 and may fix it already if no other changes are required.
 2014-01-19 17:05:27 +01:00
Sebastian Grewe
10e3fcab7e Merge pull request #1468 from Neozonz/issue-1467 
MySQL Optimization: always use order by when using limits
 2014-01-19 06:39:13 -08:00
Neozonz
44e0fa6745 Reverted 2014-01-19 09:35:39 -05:00
Metice
e665552c05 Update default.tpl 
Remove username of placeholder
 2014-01-19 15:01:11 +01:00
Neozonz
73e3bb2284 Removed ORDER BY for single queries 2014-01-19 06:05:55 -05:00
Neozonz
773286bd06 ORDER BY for Updates/Deletes 2014-01-19 06:00:29 -05:00
Neozonz
38f5daba6b Search blocks by desc and order by for deletes 2014-01-19 06:00:14 -05:00
Neozonz
47eb9f7fa0 Allow getWorkerHashRate to set invervals 2014-01-19 05:56:31 -05:00
Sebastian Grewe
48a344ed25 [SECURITY] Dropped small login form 
Since we are adding more security realted features, we drop the small
login in the header. It will need more workarounds than we'd like and is
already dropped when re-Captcha is enabled.

Security > Convenience :D
 2014-01-17 15:43:58 +01:00
Joey
0309886645 What a stupid thing of me to miss 
UNIX_TIMESTAMP() for time comparison, oops
 2014-01-17 03:53:09 -05:00
Sebastian Grewe
a572d0cea0 Merge pull request #1351 from TheSerapher/issue-1345 
Issue 1345
 2014-01-16 23:46:40 -08:00
Sebastian Grewe
1dfbeea5f7 Merge pull request #1420 from TheSerapher/issue-1343 
[IMPROVED] jsonRPC Error Handling with CURL
 2014-01-16 06:15:42 -08:00
Sebastian Grewe
12399a9c43 [REMOVED] Old code 2014-01-16 15:01:25 +01:00
obigal
75729c6592 pplns payouts speed improvements / reworked insert method 2014-01-16 14:42:05 +01:00
Jesse Collier
bc833eb40b [IMPROVED] Adds Email label and removes maxlength 
When logging in from mobile, there currently is not an indicater to
use email or username. This labels it correctly.

Removed maxlength to allow for lengthier email addresses.
 2014-01-16 14:42:05 +01:00
Sebastian Grewe
d9f591e7c8 [UPDATE] MPOS version due to major change 2014-01-16 14:41:44 +01:00
Sebastian Grewe
2829f6a746 [IMPROVED] Dropped username from login 2014-01-16 14:40:51 +01:00
Sebastian Grewe
63960e2e62 [IMPROVED] Allow e-mails only for login 
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.

Fixes #1345 once merged.
 2014-01-16 14:40:51 +01:00
Sebastian Grewe
63f062af9d [UPDATE] CSRF to Mobile template 2014-01-16 14:33:04 +01:00
Sebastian Grewe
bef4298e1f [ADDED] Default re-Captcha HTML to mobile 2014-01-16 14:14:29 +01:00
Sebastian Grewe
d5bff56f6f [ADDED] re-Captha admin options 2014-01-16 14:14:29 +01:00
Sebastian Grewe
b9d36bcfc9 [IMPROVED] Added re-Captcha to Login Page 
* Enable re-captcha to use it
* Disables the mini-login box in header
* Requires re-Captcha to be setup in Admin Panel

Fixes #1400 once merged.
 2014-01-16 14:13:50 +01:00
xisi
050a068d05 fix versioning 2014-01-16 06:05:29 -05:00
xisi
b613182dfb what fix, nothing to see here 2014-01-16 05:55:57 -05:00
xisi
e7725399c2 change function name for sending 2f emails 2014-01-16 05:55:57 -05:00
xisi
8736123df2 improved bad csrf token error message 
cleaned up wording of config
improved leadtime defaults in getCSRFToken
 2014-01-16 05:55:57 -05:00
xisi
764be9f0b7 fixed verbiage 2014-01-16 05:55:57 -05:00
xisi
2d0938b35b [ADDED] Simple CSRF protection tokens 
* Adds config options for disabling, timeout lead time, and forms
 * Adds another salt in config that's used in the token
 * Adds protection for login form by default
 2014-01-16 05:55:57 -05:00
xisi
bae30b2e4f fixed success_login tpl verbiage 2014-01-16 05:55:57 -05:00
xisi
9d14902bb5 fix nocache in account/edit template 2014-01-16 05:55:57 -05:00
xisi
dc984aca63 fixed gitignore for eclipse, added templates/compile/mpos folder and a blank file to fix issues with setup guide/chowning compile dir 2014-01-16 05:53:36 -05:00
xisi
8ed8338b3e fixed my incorrect use of notif settings array 2014-01-16 05:53:36 -05:00
xisi
f3a6d65eab send notifications on successful login when active 2014-01-16 05:53:36 -05:00
xisi
741b6464ef success_login tpl for new notification 2014-01-16 05:53:36 -05:00
xisi
802930cba1 save old token to use in case we error out 2014-01-16 05:53:36 -05:00
xisi
ed8349ef50 works as far as I can tell 2014-01-16 05:53:36 -05:00
xisi
40d09a4ee4 oops, forgot to make sure we're auth'ed 2014-01-16 05:53:36 -05:00
xisi
a598eec924 fix sync changes done in edit.inc.php at the end of request 2014-01-16 05:53:36 -05:00
xisi
1b1f552567 fix cosmetic issue #2 2014-01-16 05:53:36 -05:00
xisi
a0ecbd0294 fix cosmetic issue 2014-01-16 05:53:36 -05:00
xisi
96b734edaa fix how late we delete tokens for 2fa 2014-01-16 05:53:36 -05:00
xisi
d9d678be61 retooled most of the email confirmation setup 2014-01-16 05:53:36 -05:00
xisi
69eec05cb7 simplified notifications with index, updated the settings method, and fixed up template, sql fixes 2014-01-16 05:42:43 -05:00
xisi
bfd803ec28 Incremented version, moved config options, return vals fixed in 2f checks 2014-01-16 05:42:43 -05:00
xisi
ef904858ae [Addition] E-mail confirmations for user actions 
* If enabled, sends e-mail to confirm user withdraws, edits and pw changes
 * Adds 4 config options, enabled + individual settings
 * Adds 3 new token_types
 2014-01-16 05:42:43 -05:00
Sebastian Grewe
409f41bc35 Merge pull request #1437 from nrpatten/next 
[FIX] Issue #1423
 2014-01-16 02:42:05 -08:00
Sebastian Grewe
24a7085519 Merge pull request #1428 from nicoschtein/patch-16 
Added User Last Login column to Admin User Info section
 2014-01-16 01:01:21 -08:00
nrpatten
6b8953c048 Update default.tpl 
[FIX] Alignment of text and image.
 2014-01-16 19:54:12 +11:00
nrpatten
43117e555d Update default.tpl 
[FIX] Me being an idiot :)
 2014-01-16 19:36:30 +11:00
nrpatten
415461fe32 Update default.tpl 
[FIX] Issue #1423 Add mouse over explanation for TX fee for auto payouts and manual payouts.
 2014-01-16 12:28:57 +11:00
rog1121
33763e12a6 Fix Dashboard 2014-01-15 18:01:51 -07:00
nicoschtein
ced8a16a66 [Fix] Wrong var name and Align 2014-01-15 18:04:22 -02:00
nicoschtein
5c0decee41 Added date formatting to Last Login column 2014-01-15 17:57:57 -02:00
nicoschtein
14ad54a8ed Added last_login table column to getAllUserStats 2014-01-15 17:51:10 -02:00
nicoschtein
a55da151a0 Added Last Login column to User Info section 2014-01-15 17:43:28 -02:00
Fred
41e89f7830 Version 3 
New additions some clean up
 2014-01-15 10:40:06 -06:00
Sebastian Grewe
610e564c2f [IMPROVED] Further improvements on error handling 2014-01-15 16:28:26 +01:00
Sebastian Grewe
f2f539ef53 [IMPROVED] Payout logging and indent 2014-01-15 16:12:00 +01:00
Sebastian Grewe
c42fc60742 [FIX] Proper response string for debug output 2014-01-15 16:11:59 +01:00
Sebastian Grewe
aa27e8dfde [IMPROVED] jsonRPC Error Handling with CURL 
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled

It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.

Fixes #1343 once merged.
 2014-01-15 16:11:59 +01:00
Sebastian Grewe
290ac36729 [FIX] Config Version check 2014-01-15 15:33:00 +01:00
Sebastian Grewe
7d8d5d3c04 Merge pull request #1412 from nicoschtein/patch-13 
Issue 875 - Manual and Auto TXFee (REBASED again..)
 2014-01-15 06:31:49 -08:00
Sebastian Grewe
a496a37159 [FIX] MMinor on mobile template 2014-01-15 11:37:09 +01:00
nicoschtein
19b969650f Bump global.inc.dist.php version to 0.0.3 
Changes from 0.0.2:
Added $config['txfee_auto']
Added $config['txfee_manual']
Removed $config['txfee']
 2014-01-14 19:19:37 -02:00
nicoschtein
064dfe09df Changed txfee to txfee_manual in account/edit.inc.php 2014-01-14 19:16:27 -02:00
nicoschtein
f3a2812cac Added txfee_manual and txfee_auto to smary_globals config array 
removed txfee
 2014-01-14 19:15:08 -02:00
nicoschtein
451d57cbce Changed txfee to txfee_manual in edit account manual payout request 2014-01-14 19:14:11 -02:00
nicoschtein
501e127747 Added txfee_manual and txfee_auto to config file 
Added txfee_manual and txfee_auto to config file so you can set two different transaction fees for manual and auto payouts
 2014-01-14 19:07:49 -02:00
Sebastian Grewe
adf2d4782b [FIX] Potential caching issue 2014-01-14 17:14:41 +01:00
Sebastian Grewe
58e23975b7 [FIX] Anon worker_name on getblocksfound API 
Forgot that.
 2014-01-14 17:10:08 +01:00
Sebastian Grewe
98f2a2d61a [FIX] Honor anon flag on API getblocksfound 
Fixes #1407 once merged
 2014-01-14 17:04:59 +01:00
Sebastian Grewe
57eed58a47 [FIX] Caching issues for popups 2014-01-14 13:26:58 +01:00
Sebastian Grewe
2b3a3edf3c [FIX] Do not filter reCaptcha HTML 2014-01-14 11:15:16 +01:00
Sebastian Grewe
78beb8b674 [UPDATE] Added index call checks where missing 2014-01-14 11:05:41 +01:00
Sebastian Grewe
9f7e81748e Merge pull request #1391 from raistlinthewiz/next 
Added two brand new api calls; getblockstats and getpoolinfo
 2014-01-13 21:51:25 -08:00
Sebastian Grewe
ef462bebf1 Merge pull request #1395 from Neozonz/issue-1392 
Mobile template changes/updates
 2014-01-13 21:48:25 -08:00
Neozonz
d9b8f11f67 [FIX] Password change for mobile users 
[FIX] Allow unlock via mobile phone
 2014-01-13 17:42:23 -05:00
Neozonz
1be228812d [FIX] Type Success on notifications 2014-01-13 17:27:50 -05:00
Hüseyin Uslu
0340bf523d added two brand new api calls; getblockstats and getpoolinfo 2014-01-13 23:57:26 +02:00
Sebastian Grewe
175402fa85 [FIX] Illegal offset 
Fixes #1382 once merged.
 2014-01-13 12:42:55 +01:00
Sebastian Grewe
4be76130cb [FIX] Show cron status in admin dashboard 
Removing duplicate version box

Fixes #1379 once merged.
 2014-01-12 17:49:20 +01:00
Sebastian Grewe
141556d77a [UPDATE] Moved notice to footer 2014-01-12 10:25:50 +01:00
Sebastian Grewe
cc67decd28 [FIX] Ignore master template on template editor 
Don't use SQL templates for large amount of changes. Create your own
file based theme then!

This fixes #1375 once merged
 2014-01-12 10:15:37 +01:00
Sebastian Grewe
9da944c61e [FIX] Day in seconds wrong 2014-01-12 09:15:51 +01:00
Sebastian Grewe
20305026e8 [ADDED] User login overview to admin dashboard 
Fixes #1374 once merged
 2014-01-12 09:05:59 +01:00
Sebastian Grewe
20ef443ae1 [FIX] Custom smarty code HTML 2014-01-12 08:50:24 +01:00
Sebastian Grewe
4fe46cbd2a [ADDED] last_login timestamp 
* [RENAMED] sessionTimeoutStamp to last_login
* [UPDATE] user class to store login time after successful login
* [ADDED] SQL Upgrade file for new column
* [UPDATE] Updated base SQL file

Fixes #1162 once merged.
 2014-01-11 20:32:45 +01:00
Sebastian Grewe
2417ee7c4f [FIX] Log SQL errors on invalid checkUserPassword 
Fixes #1366 once merged.
 2014-01-11 19:28:37 +01:00
Sebastian Grewe
f98d08df83 [SECURITY] Fixing XSS in PHP_SELF 
Fixes #1364 once merged.
 2014-01-11 19:01:14 +01:00
Sebastian Grewe
9526cf0093 [IMPROVED] Show static nav hashrate if live off 
Fixes #1362 once merged.
 2014-01-11 18:37:55 +01:00
Sebastian Grewe
1485a02528 [ADDED] Invitation overview to admin dashboard 
* Split up dashboard default template into subfiles
* Added new invitation overview
* Updated page file

Fixes #1357 once merged.
 2014-01-11 13:45:55 +01:00
Sebastian Grewe
9a959164a6 [FIX] wrong percentage calculations in API 2014-01-11 13:18:46 +01:00
Sebastian Grewe
fb3f527e86 [FIX] Typo in modifier 2014-01-11 13:15:44 +01:00
Sebastian Grewe
93dd7c92a6 Merge pull request #1356 from TheSerapher/issue-1354 
[CLEANUP] Missed two values
 2014-01-11 04:13:40 -08:00
Sebastian Grewe
1ca8144ad5 [CLEANUP] Missed two values 2014-01-11 13:13:20 +01:00
Sebastian Grewe
c1d08895cf Merge pull request #1355 from TheSerapher/issue-1354 
[CLEANUP] Dashboard number formatting
 2014-01-11 04:11:49 -08:00
Sebastian Grewe
5f942d9ba7 [CLEANUP] Dashboard number formatting 
Cleans up some Ajax data on the dashboard to match the static template
data format. No more jumpy numbers.

Fixes #1354
 2014-01-11 13:10:44 +01:00
Sebastian Grewe
6baad2dd06 [UPDATE] Added active workers to admin dashboard 
* Using lower time range for shares: 120 seconds
* Updated worker class with new time range for active workers
* Added statistics, active users call with 120 seconds time range
* Updated admin panel dashboard template

Fixes #1352 once merged.
 2014-01-11 12:37:39 +01:00
Sebastian Grewe
88c962266f [IMPROVED] Wrapper for contributor stats 
Fixes a small alignment issue with unbalance table heights.
 2014-01-11 12:04:48 +01:00
Sebastian Grewe
41defc88fa Merge pull request #1338 from cpo/next 
issue-1336
 2014-01-10 23:17:31 -08:00
Sebastian Grewe
07cc791d83 Merge pull request #1350 from rog1121/next 
Add Custom Stratum URL
 2014-01-10 22:21:10 -08:00
rog1121
412807b7a8 Add Stratum URL 2014-01-10 18:40:06 -07:00
Glen
bbb82ccd69 Update global.inc.dist.php 
Just thought I would fix a couple of spelling errors for next global.inc.dist.php release :)
 2014-01-11 10:49:59 +11:00
Sebastian Grewe
af15e45632 Merge pull request #1346 from TheSerapher/issue-1341 
[FIX] No filter on admin news pages
 2014-01-10 11:00:32 -08:00
Sebastian Grewe
7a1a917af0 [FIX] No filter on admin news pages 2014-01-10 20:00:09 +01:00
Sebastian Grewe
aa716c274c Merge pull request #1342 from TheSerapher/issue-1315 
Issue 1315
 2014-01-10 10:38:01 -08:00
Sebastian Grewe
67b2ce6bff [FIX] News formatting 2014-01-10 19:23:38 +01:00
Sebastian Grewe
9fbc36f9ac [FIX] Re-added simple error to jsonRPC 2014-01-10 17:08:11 +01:00
Sebastian Grewe
43bd1beeb8 [FIX] Surpress any URL info 2014-01-10 17:00:58 +01:00
Sebastian Grewe
6aefea6b6f [FIX] Better error handling 2014-01-10 16:41:05 +01:00
Sebastian Grewe
0b43c66e67 [CLEANUP] Removed newline 2014-01-10 16:34:36 +01:00
Sebastian Grewe
90a8404bab [CLEANUP] Code cleanup, error checking 
Fixes #1315 once merged.
 2014-01-10 16:34:36 +01:00
myrinx
fca7bd7b3d Update global.inc.dist.php 
removed wallet address :)
 2014-01-10 16:34:36 +01:00
myrinx
be77b05b12 Update global.inc.dist.php 
added config variabled for the liquid_payout.php cronjob
 2014-01-10 16:34:36 +01:00
myrinx
a37ebd2db8 Update version.inc.php 
changed config to 0.0.2 to support liquid_payout.php cron
 2014-01-10 16:34:36 +01:00
Sebastian Grewe
627b7a17ff [FIX] Catch jsonRPC exceptions 
Fixes #1339 once merged.
 2014-01-10 16:20:24 +01:00
Chris Polderman
5981489925 issue-1336 2014-01-10 14:15:41 +01:00
Sebastian Grewe
10dbcd471d [IMPROVE] Enable SSL on recaptcha_get_html 
Fixes #1334 once merged.
 2014-01-10 11:00:00 +01:00
Sebastian Grewe
d16b5a1067 Merge pull request #1327 from rog1121/next 
Add CLEditor to News
 2014-01-10 00:27:54 -08:00
Sebastian Grewe
8498692f2b [FIX] Properly un-escape Google Analytics code 2014-01-10 09:15:08 +01:00
Sebastian Grewe
691fa28cc0 Update master.tpl 
Fixed analytical code position.
 2014-01-10 07:53:36 +01:00
Sebastian Grewe
19094e73e3 Merge pull request #1271 from drainx/next 
JSON-RPC
 2014-01-09 22:11:35 -08:00
Sebastian Grewe
c16945d564 Merge pull request #1313 from TheSerapher/issue-1233 
[IMPROVED] Auto-escape all used smarty variables
 2014-01-09 22:11:12 -08:00
Sebastian Grewe
8e356d1eaf Merge pull request #1311 from TheSerapher/issue-1281 
[FIX] Number formatting on pages
 2014-01-09 22:10:22 -08:00
rog1121
8e06c41a90 CLEditor 2014-01-09 21:13:47 -07:00
Glen
748a3d48c3 Update default.tpl 
Suggestion to remove 'account' column from user 'transactions' page to allow more real estate on the page.

The 'account' really is a waste of space anyway for the user view on the other hand the transactions in the Admin panel the account column is useful.
 2014-01-10 13:17:45 +11:00
Sebastian Grewe
b12a45ed2a Merge pull request #1306 from TheSerapher/issue-1300 
Issue 1300
 2014-01-09 08:41:30 -08:00
Sebastian Grewe
a2a6f36c1f [IMPROVED] Auto-escape all used smarty variables 
http://www.smarty.net/docs/en/variable.escape.html.tpl

Addresses #1233
 2014-01-09 11:10:47 +01:00
Sebastian Grewe
02cd098099 [FIX] #1245 Typo 2014-01-09 11:05:06 +01:00
Sebastian Grewe
3645a23333 Merge pull request #1312 from TheSerapher/issue-1061-deleteuser 
[UPDATE] Allow deletion of accounts
 2014-01-09 01:33:12 -08:00
Sebastian Grewe
b82e500379 [FIX] Number formatting on pages 
* Added new global js library to convert number_format similar to PHP
 * Does some rounding, so not 100% perfect but does the trick
* Added new library to master template
* Updated dashboard to use this library for all numbers in question

Fixes #1276
 2014-01-09 10:25:48 +01:00
Sebastian Grewe
fcbf153bd9 [FIX] Do not show xaxis ticks 
Ticks take too much room and don't convey enough information. They are
now removed.

Fixes #1276 once merged.
 2014-01-09 09:16:50 +01:00
Sebastian Grewe
eafb241bde [REMOVED] Support page code 2014-01-09 09:11:33 +01:00
Sebastian Grewe
6e99806479 [REMOVE] Uneeded, useless support page 
* Removed support page templates
* Changed navigation to contact
* Modified contact form behaviour on enable/disable events

This fixes #1300. It wasn't clear which templates needed to be edited
for the contact form to work.
 2014-01-09 09:09:14 +01:00
Sebastian Grewe
146cf94a5e [CLEANUP] Registration page 2014-01-08 09:23:42 +01:00
Andrea Baccega
7fd258fab4 Fixed documentation typos. 2014-01-07 15:56:47 +01:00
Sebastian Grewe
937bf56c18 Merge pull request #1279 from raistlinthewiz/next 
Updated max lenght of username field in password-reset form
 2014-01-07 04:13:11 -08:00
Hüseyin Uslu
b69991e129 Increased password-reset form username size to 100 
Increased the accepted max-length to 100 as requested:  https://github.com/TheSerapher/php-mpos/pull/1279#issuecomment-31732351
 2014-01-07 14:11:26 +02:00
Hüseyin Uslu
748e4796c1 Updated max lenght of username field in password-reset form 
As the password reset form can also accept emails, increased the max-length size to 50 - so that we can accept long emails too.
 2014-01-07 14:04:21 +02:00
Sebastian Grewe
549477a7ad [ADDED] User overview in admin dashboard 
* Total users
* Locked users
* Admin users
* No Fees users

Thanks @daygle for the suggestion!

Fixes #1277 once merged
 2014-01-07 10:32:34 +01:00
Sebastian Grewe
ef28547940 Merge branch 'next' of https://github.com/TheSerapher/php-mpos into next 2014-01-07 09:40:02 +01:00
Sebastian Grewe
727b082059 [FIX] Registration password lenght, API class default time 2014-01-07 09:39:43 +01:00
drainx
f7b087df98 Small human error fix. 2014-01-06 18:29:23 -06:00
drainx
5a1c693fa6 Move from XML-RPC to JSON-RPC. 2014-01-06 17:34:54 -06:00
Sebastian Grewe
5ce2662ae5 Merge pull request #1246 from TheSerapher/issue-1242 
[INITIAL] Working version checks
 2014-01-06 08:05:32 -08:00
Sebastian Grewe
fe31737576 Merge pull request #1264 from TheSerapher/issue-1016 
[FIX] Caching issues with hybrid templates
 2014-01-06 03:27:56 -08:00
Sebastian Grewe
418728071b [UPDATE] Allow deletion of accounts 
Updated backend and theme to be able to deal with deleted accounts

    * Backends will skip any users that have no account_id associated with
      their shares
    * Updated round stats theme to show users as unknown if none can be found

    This will not fully address the issue of account deletion but at least
    wont break the system anymore.
 2014-01-06 12:26:57 +01:00
Sebastian Grewe
d0e899b7d0 [FIX] Empty / no template detection 2014-01-06 12:00:48 +01:00
Sebastian Grewe
cfe47ed787 [FIX] Caching issues with hybrid templates 
* Create subfolders for cache/compiled files for themes

Fixes #1016 once merged.
 2014-01-06 10:52:21 +01:00
Sebastian Grewe
766032fbdb Merge pull request #1259 from TheSerapher/issue-1255 
[FIX] Closing nocache tags
 2014-01-05 22:26:03 -08:00
Sebastian Grewe
64958782a4 [FIX] Closing nocache tags 
Fixes #1255 once merged.
 2014-01-06 07:25:09 +01:00
Sebastian Grewe
3f1e74e381 [UPSTREAM] Upgraded smarty libraries 
Fixes #1249 once merged.
 2014-01-05 13:41:41 +01:00
Sebastian Grewe
2568ced4d4 [INITIAL] Working version checks 
* Check DB structure version, config file version and MPOS core version
* Added new Admin Dashboard to show this core information
* Cronjobs will be disabled if SQL files are not imported
 * SQL files must re-set the db_upgrade_required setting
* Cronjobs will disabled if config files are not updated
 * Simple config file update and version string update will fix this
* Added MPOS status overview
 * Cronjobs and Wallet information for now, others may be added later
* Added new navigation link for Admin Panel Dashboard
* Added new version file
 * Will require updates whenever DB or configs are updated
* Update SQL file that adds the DB_VERSION setting

This will address #1242 and already includes a huge chunk of changes
required to make this work.
 2014-01-05 11:19:09 +01:00
Sebastian Grewe
017a56549d Merge pull request #1213 from TheSerapher/issue-670-unlocks 
[IMPROVED] Unlock notification mails on auto-locks
 2014-01-04 00:11:28 -08:00
Sebastian Grewe
8fcd59eeea [ADDED] Account unlock mail on failed PIN 2014-01-02 13:28:33 +01:00
Sebastian Grewe
8c2912a7df Merge branch 'next' of https://github.com/TheSerapher/php-mpos into next 2014-01-02 12:25:46 +01:00
Sebastian Grewe
11c417230b [FIX] Reset pin button 2014-01-02 12:25:22 +01:00
Sebastian Grewe
878fa1c1c8 [IMPROVED] Unlock notification mails on auto-locks 
* Added new token type: account_unlock
* Added update SQL File
* Updated base structure with new token type
* Added empty template
* Updated user class to send mail on failed passwords
* Added unlock account page to use tokens

Addresses #670
 2014-01-02 11:51:22 +01:00
Sebastian Grewe
80d0467c2d Merge pull request #1211 from TheSerapher/issue-1040 
[CHANGE] Moved from bar shares to pie shares
 2014-01-02 02:09:34 -08:00
Sebastian Grewe
5c5db8dc93 Merge pull request #1191 from TheSerapher/issue-1181 
Issue 1181
 2014-01-02 02:08:19 -08:00
Sebastian Grewe
e8d460cfe6 [UPDATE] Removed debug echo output 2014-01-02 11:05:49 +01:00
Sebastian Grewe
67a6d9aff4 [UPDATE] Coding style 2014-01-02 11:05:07 +01:00
Sebastian Grewe
4c3421cc8a Merge pull request #1165 from Neozonz/issue-1164 
Initial commit for pin reset functionality
 2014-01-02 02:02:37 -08:00
rog1121
494a3a2714 Fix Hardcoded blockchain 2014-01-01 15:08:39 -07:00
Sebastian Grewe
dc81ad3123 Merge pull request #1166 from TheSerapher/issue-1159 
Issue 1159
 2014-01-01 02:11:02 -08:00
Sebastian Grewe
e762bb0391 [IMPROVED] Use data interval on getuserworkers 2014-01-01 09:08:09 +01:00
Sebastian Grewe
020905679a [FIX] Display TX Fee in account panel 
Fixes #1196 once merged.
 2014-01-01 08:43:53 +01:00
Sebastian Grewe
6656e47fdc [FIX] Spelling error 
Fixes #1192 once merged
 2014-01-01 08:39:49 +01:00
Sebastian Grewe
4fa4259932 [CHANGE] Moved from bar shares to pie shares 
The cake is a lie! It's a pie!

Addresses #1040
 2013-12-31 23:51:39 +01:00
Sebastian Grewe
731985b30f [IMPROVED] Token expiration timers 
* Added new SQL file to update tokentypes table
* Added new function to base class
* Renamed function in base class used in shares class
* Added new error code
* Added new cronjob to delete expired tokens
* Added new cronjob to run-cron scripts and monitoring page
* Added new function to tokentype class
* Added new function to token class

Will address #1181 once merged.
 2013-12-31 22:31:47 +01:00
Sebastian Grewe
82efbb4609 Merge branch 'issue-1185' into next 
Conflicts:
	public/templates/mpos/global/navigation.tpl
 2013-12-31 17:11:03 +01:00
Sebastian Grewe
2675a9573f [FIX] Better version 2013-12-31 16:34:37 +01:00
Sebastian Grewe
e9c780f2ee [FIX] Don not show decimals > 0.0001 fee 2013-12-31 16:32:57 +01:00
Sebastian Grewe
9c2e6fa30b [FIX] Properly display pool fee in dashboard 
Fixes #1178 once merged.
 2013-12-31 16:28:53 +01:00
Sebastian Grewe
ee02445b7d Merge branch 'issue-965' into next 
Conflicts:
	public/templates/mpos/master.tpl
 2013-12-31 16:27:16 +01:00
Sebastian Grewe
4026eec570 Merge pull request #1187 from TheSerapher/issue-1159-dashboardsplit 
[IMPROVED]
 2013-12-31 07:19:11 -08:00
Sebastian Grewe
4a98724fc5 [FIX] Disallow to post messages for guests 
* Disallow to post messages if guest forms are disabled
 2013-12-31 16:17:02 +01:00
Sebastian Grewe
a8a7d2c52f [IMPROVED] Allow contactform for guests 
* Added admin option to disable access to contactform for guests
* Propagated new option to templates

Fixes #1185
 2013-12-31 16:14:56 +01:00
Frederick Behrends
f333bdcc0e moved blockchainsettings to extra page in admin settings 2013-12-31 04:39:27 +01:00
Frederick Behrends
3b980cbf5d [IMPROVMENT] Added option to link transaction-ids to transaction on blockchainwebsite 2013-12-31 04:25:47 +01:00
Neozonz
33b06946f4 PIN Reset email template 2013-12-30 11:45:39 -08:00
Sebastian Grewe
8e4c56d597 [IMPROVED] 
Splitting dashboard calls up instead of using one single API call:

* Use getuserbalance for Balance updates
* Use getuserworkers for Worker updates

For those and potential other SQL intensive Ajax calls I have added a
long ajax refresh interval setting. It can be set via admin panel and
will change the refresh time on the JS file on the dashboard for those
two calls.

Should help a bit with high worker and transaction volume pools.

Address #1159
 2013-12-30 19:23:27 +01:00
Neozonz
5e401bd6dd fixed indent 2013-12-30 09:17:22 -08:00
Sebastian Grewe
b2ac77d9a5 Merge pull request #1128 from nicoschtein/patch-12 
Make TXId & Address clickable on Transaction Lists
 2013-12-30 03:23:14 -08:00
Sebastian Grewe
2c18abf8be [SECURITY] Better token generator 2013-12-30 12:15:36 +01:00
Sebastian Grewe
abb3688e56 [FIX] Hardcoded confirms removed 2013-12-30 12:05:33 +01:00
Sebastian Grewe
48a4edad5b [FIX] Proper account summary 2013-12-30 12:02:38 +01:00
Sebastian Grewe
de302a03dc [IMPROVED] data gathering for Auto Payout 
* Using improved SQL query created by @feeleep75
* Adjusted the query to further cut down the data returned

Fixes #1159 once merged.
 2013-12-30 11:57:29 +01:00
Neozonz
e3db7e0a02 Initial commit for pin reset functionality 2013-12-30 03:29:20 -05:00
Sebastian Grewe
96d096f669 [MERGE] Fix merge conflict 2013-12-30 08:19:13 +01:00
Sebastian Grewe
f4a1110c48 Merge pull request #1089 from TheSerapher/issue-1043 
Issue 1043
 2013-12-28 12:23:23 -08:00
Sebastian Grewe
bac119dcc8 Merge pull request #1132 from poolpm/patch-1 
[FIX] Wrong behavior on Edit Account with no addy
 2013-12-28 12:18:05 -08:00
neonbunny
f94e48eb89 Fix for reflected XSS security issue. 2013-12-28 17:34:09 +00:00
poolpm
c9215475b0 [FIX] Wrong behavior on Edit Account with no addy 
When an account is edited and no payment address has been set, the following non-sense message appears:
Unable to connect to RPC server for coin address validation

This patch fixes the issue and allows profile to be edited with no payment address
 2013-12-27 16:21:25 +01:00
nicoschtein
9481eae316 Make TXId & Address clickable on Transaction Lists 
Added an alert box displaying full TXId and Address when clicked on Admin Transaction List
 2013-12-27 03:49:45 -02:00
nicoschtein
e5ffc85084 Make TXId & Address clickable on Transaction Lists 
Added an alert box displaying full TXId and Address when clicked on User Account Transaction List
 2013-12-27 03:47:36 -02:00
Sebastian Grewe
91e7413539 Merge pull request #1125 from TheSerapher/issue-1118 
[SECURITY] Fixed exploit in token types
 2013-12-26 15:40:00 -08:00
Sebastian Grewe
b16d9afcad [SECURITY] Fixed exploit in token types 
Fixes an exploit due to missing check of token type used.

Fixes #1118 once merged.
 2013-12-27 00:21:22 +01:00
Joey
39b8d78379 Breadcrumbs 
Bugfix for breadcrumbs tpl
 2013-12-26 17:38:17 -05:00
Andre Jochems
76655f87b9 gettransaction query not working 
The method gettransaction is not spelled correctly
 2013-12-26 14:06:52 -05:00
Sebastian Grewe
9572de451b [FIX] Fixes #1110 2013-12-26 16:10:04 +01:00
Sebastian Grewe
c935e7fc6c [ADDED] Warning for coin coinformation setting 2013-12-23 23:11:01 +01:00
Sebastian Grewe
2a24f90ed0 [ADDED] Pagination support on pool workers page 
Adds pagination support for the admin panel pool workers page. Will
greatly increase loading times of this page if working as intended.

Fixes another part of #1043.
 2013-12-23 23:04:13 +01:00
Sebastian Grewe
003b8c79b6 [FIX] Removed old paginator 2013-12-23 22:51:26 +01:00
Sebastian Grewe
065d10d2e0 [IMPROVED] User info pagination and filters 
This will add pagination and user filters to the Admin Panel User
Information page.

* Added various filter methods (combined with AND in SQL)
* Added pagination and limits to fetch only matching users

This will greatly increase efficiency on larger pools

Fixes #1043 once merged.
 2013-12-23 22:37:57 +01:00
Sebastian Grewe
9485b3f9d6 [ADDED] Possibility to disable navbar live updates 
* Added new admin options: disable_navbar and disable_navbar_api
* Removes LIVE STATS from navigation list
* Removes live updates on Pool General Statistics page
* Added system load checks to getnavbardata API call

This will help to decrease load on high-volume servers at the cost of
losing live status.

Fixes #1014 once merged.
 2013-12-23 21:38:21 +01:00
Sebastian Grewe
5cf9ed0b3a [ADDED] getusertransactions API call 
* Fetch last `n` transactions, default `5` max `30`
* Fetch transaction summary if enabled in admin panel

Fixes #1079 once merged.
 2013-12-23 21:20:39 +01:00
Sebastian Grewe
e2681fe5bf [UPDATE] Moved transactions into special API call 2013-12-23 21:20:33 +01:00
Sebastian Grewe
16636f6a39 [FIX] Display bug on mobile 2013-12-23 21:07:04 +01:00
Sebastian Grewe
96085cb683 [FIX] Minor display fix 2013-12-23 21:06:08 +01:00
Sebastian Grewe
51a996573d [IMPROVED] Transaction data handling 
This will improve loading times on large transaction tables. Thanks
@feeleep75 for helping with this one.

* Do not use SQL_CALC_NUM_ROWS since it will do a full table scan
* Allow admins to disable account transaction summaries to speed up page
  loads on large tables
* added new admin setting under system to Disable TX Summaries

Fixes #1065 once merged
 2013-12-23 10:48:12 +01:00
Frederick Behrends
a785d251e0 [FIX] fixed division by Zero for Coins without valid Network Hashrate 2013-12-23 09:58:47 +01:00
Sebastian Grewe
126dbae525 Merge pull request #1029 from TheSerapher/issue-1021 
Issue 1021
 2013-12-22 00:01:01 -08:00
headz
549fb9b6cb [FiX] Division by zero warning on $dNetworkHashrate 
When not connected to a wallet, the value of $dnetworkHashrate is set to 0, which causes a division by zero error.
 2013-12-20 19:56:27 -05:00
Sebastian Grewe
cda57db81f Merge pull request #1053 from Fredyy90/patch-6 
[FIX] fixed 3 Notices
 2013-12-20 07:27:06 -08:00
Frederick Behrends
a6d5b6e248 [FIX] fixed 3 Notices 2013-12-20 16:14:40 +01:00
Frederick Behrends
7e594324f3 Added one more Option to "Ajax Data Interval", for better performance management 2013-12-20 15:47:06 +01:00
Sean Hickey
5ddf30983e Undefined property: Notification::$mail 
I'm not 100% sure this is a bug, but I'm getting the following error from my crons.

> PHP Notice:  Undefined property: Notification::$mail in /var/www/MPOS/public/include/classes/notification.class.php on line 158

> PHP Fatal error:  Call to a member function getError() on a non-object in /var/www/MPOS/public/include/classes/notification.class.php on line 158

It appears the `Notification` class extends the `Mail` class instead of `Base`, in which case `$this->mail` does not exist.
 2013-12-20 05:10:09 -05:00
Sebastian Grewe
ab05eca651 [UPDATE] Mention Markdown on Newspost creation 2013-12-20 10:29:09 +01:00
Sebastian Grewe
464c6fc5c2 Merge pull request #1044 from Fredyy90/patch-1 
[FIX] use configured port for mysql connection
 2013-12-19 22:51:13 -08:00
Sebastian Grewe
6d7004e5ec Merge pull request #1047 from Fredyy90/patch-3 
added blocks until next difficulty change to EstNextDifficulty
 2013-12-19 22:48:28 -08:00
Frederick Behrends
8495fa3fc3 [FIX] calculation 2013-12-20 06:51:41 +01:00
Frederick Behrends
ccb14c37cd added blocks until next difficulty change to EstNextDifficulty 2013-12-20 03:59:47 +01:00
Frederick Behrends
4ec364f036 [FIX] enable Caching for ExpectedNextDifficulty and NetworkExpectedTimePerBlock 2013-12-20 03:38:53 +01:00
Frederick Behrends
fd66500a28 [FIX] use configured port for mysql connection 2013-12-20 02:02:38 +01:00
xisi
fd98a9bfaa Actually fixing the code this time? 2013-12-19 09:25:20 -05:00