added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache
Addresses #1471 and may fix it already if no other changes are required.
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.
Fixes#1345 once merged.
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled
It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.
Fixes#1343 once merged.
* [RENAMED] sessionTimeoutStamp to last_login
* [UPDATE] user class to store login time after successful login
* [ADDED] SQL Upgrade file for new column
* [UPDATE] Updated base SQL file
Fixes#1162 once merged.
* Using lower time range for shares: 120 seconds
* Updated worker class with new time range for active workers
* Added statistics, active users call with 120 seconds time range
* Updated admin panel dashboard template
Fixes#1352 once merged.
