* [ADDED] More methods to our transaction class
* `createDebitAPRecord` and `createDebitMPRecord`, will handle the
* entire debit process
* Adds Debit transaction
* Adds TXFee transaction
* mark transactions as archived
* validate user is fully paid out
* send notification to user
* `getMPQueue` was added to unify the process of getting payout queues
* [MOVED] Only one mail template for both payout methods
* [ADDED] Some minor calls to user class
* [ADDED] Full address validation to bitcoin class
* [SQL] New SQL upgrade and Version Increment
* Adding UNIQUE index to coin_address in accounts table
* preperation for `sendmany` implementation
switched that in all places used (class loads mostly)
moved all includes at the beginning of index into bootstrap
moves *_PATH defines from config to bootstrap
config now uses defaults first, then user config
fixed csrf token check for a few pages where it mightve been broken
session manager now can be bound to base user class and used, like in login
logout now pushes you to login regardless, no longer has param to push to custom url
fixed validate client, hijacking sessions no longer works
* Lock 1: user confirmation/unlock pending, count shares
* Lock 2: Admin disabled, ignore shares
This further addresses #1332 and should allow proper dropping of shares
for banned accounts.
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template
Fixes#1475 once merged
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.
Fixes#1345 once merged.
* Adds config options for disabling, timeout lead time, and forms
* Adds another salt in config that's used in the token
* Adds protection for login form by default
* [RENAMED] sessionTimeoutStamp to last_login
* [UPDATE] user class to store login time after successful login
* [ADDED] SQL Upgrade file for new column
* [UPDATE] Updated base SQL file
Fixes#1162 once merged.
* Added new token type: account_unlock
* Added update SQL File
* Updated base structure with new token type
* Added empty template
* Updated user class to send mail on failed passwords
* Added unlock account page to use tokens
Addresses #670
When an account is edited and no payment address has been set, the following non-sense message appears:
Unable to connect to RPC server for coin address validation
This patch fixes the issue and allows profile to be edited with no payment address
