The way this now works is, if csrf is enabled:
* Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
* Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template
Fixes#1475 once merged
* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* Merge manual and auto-payout into single cronjob
* Update template/code to reflect single payout cron
* Update monitoring page
* Update disable payouts option in admin panel settings
* Update account payout page to use new option
This will fix#967 once merged.
This will lock a user account if a password or PIN has been entered
wrong for multiple times in a row. When unlocking the account via admin
panel, both counters are reset so the user can log in again.
This should fix issues with brute force attacks to access user accounts.
Please see configuration dist file for new config options.
Please import SQL upgrade 007 to add new column to user accounts table.
Addresses #670 and should be merged once tested.
This will avoid double payouts via the website. Payouts will be
requested by users and processed by a cron. If, for whatever reason,
users do add two requests (it is checked if a payout exists) they would
only have one successful payout until their account balance is back up
to a save value to trigger the payout.
This should fix any issues with manual payouts being exploited through
the website. Will require some testing by others to ensure things work
as expected.
* Added anonymous flag to accounts table
* Added checkbox for anonymous flag in edit account page
* Updated user class to support new flag
* Updated statistics class to support anonymous and donations
* Updated all templates showing usernames to show anonymous instead
* Added new SQL `ALTER TABLE` file for upgrading the table
Fixes#419 once merged.
* Added monitoring class to deal with monitoring events
* Added event calls to all important cronjobs
* Added cron_end include file for monitoring cleanups on successful runs
* Added Monitoring to autoloader
* Modified account page to check for running auto_payout in monitoring
* Added monitoring to Navigation bar
* Added monitoring controller page
Fixes#415
Since plenty scrypt based currencies are supported, changed error
message to say `wallet` instead of `litecoind` when failing to connect
to RPC service.
This will add back the transaction fees. Prior to this commit the pool
had to cover the transaction fees. Now for each transaction the full
balance is transferred (RPC Daemon will remove the TX Fee) but two
transactions are added. One for the Debig and one TXFee.
Fixes#203.
**Requires database upgrade with supplied SQL file**
* Currently no GUI, use DB access to change the row entry
* Upgraded Database table `accounts` with upgrade SQL
* Updated `admin` field to `is_admin` as boolean
* Modified pages, classes, templates to support is_admin and is_locked
Addresses #147
* Added SQL code to support both balances
* Added sidebar entries
* Modified auto_payout to use new index
* Mofified account page to use new index
Addresses #140 but needs to be tested!
* Mark manual payout active
* Run payout logics
* Reset manual payout
This ensures only one manual transaction can be run at a time.
If any users starts a manual payout others have to wait until the site
completed loading and finished the transaction process.
As long as we don't have too many users doing a manual payout at the
same time this should not be an issue. Best for users is using auto
payouts anyway.
This addresses #149
