RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,659 Commits 4 Branches 11 Tags 14 MiB
caee4a7c8f
Commit Graph

290 Commits

Author SHA1 Message Date
Sebastian Grewe
6509cc6039 [ADDE] CSRF validation for Worker Deletion 
* [ADDED] CSRF token checks to worker page
* [CHANGED] Check for both _GET and _POST ctokens
* [ADDED] CSRF token to each delete call URL

Fixes #1702 once merged
 2014-02-07 12:24:48 +01:00
Sebastian Grewe
7cf3fb27fb [UPDATE] Allow global notification settings 
Fixes #1232 and allows further expansion in the future.
Addresses #1672 too.
 2014-02-06 11:13:22 +01:00
Sebastian Grewe
7673c34d80 Merge branch 'fix-contactform' into next 2014-02-06 10:57:49 +01:00
Sebastian Grewe
5196cc7448 [UPDATE] Highlight next/previous arrows on admin/user 2014-02-06 10:56:19 +01:00
Sebastian Grewe
2f1d68448f [FIX] CSRF/Re-captcha on Contactform 
Fixes #1666
 2014-02-06 10:19:58 +01:00
HerrKauwer
70e8b27085 Used zxcvbn for password strength determination 2014-02-02 15:04:55 +01:00
Sebastian Grewe
319d9439a4 Merge pull request #1621 from xisi/sessions-mclimiter-fixes 
[UPDATE] Security updates and fixes
 2014-01-31 05:55:09 -08:00
xisi
ae47437ab7 fixed worker delete csrf thing I stubbed earlier 
took to field out of the rest of the login forms
 2014-01-29 09:41:50 -05:00
Zen00
0e8949c71d Linked Site-Title 
Seems that there was plans to make the site title a link, but the .tpl
was never updated.
 2014-01-28 08:16:31 -07:00
xisi
6398e5dfec merged session manager/memcache limiter 
cleanup for PR
 2014-01-28 07:26:33 -05:00
xisi
b728b680ca blah blah 2014-01-28 07:26:08 -05:00
Sebastian Grewe
5f65904431 [FIX] HTTPS detecion on Template 2014-01-28 09:25:50 +01:00
Sebastian Grewe
768d193793 Merge pull request #1576 from xisi/csrf-backend-only 
[FIXES] More CSRF improvements
 2014-01-25 06:59:08 -08:00
xisi
8fbda49fd1 Don't even need the suppression 2014-01-24 16:33:55 -05:00
xisi
a043e5ed19 Fixes #1561, which happened to me even with the API key in the correct format 2014-01-24 16:32:00 -05:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
Sebastian Grewe
a1a3d7e873 [IMPROVED] Added donation minimum and rounding 
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template

Fixes #1475 once merged
 2014-01-24 10:06:13 +01:00
xisi
1fd0adf038 Removed unused config setting 2014-01-23 11:01:30 -05:00
Sebastian Grewe
4b04df5d8a [FIX] Allow TAB to focus on email login 2014-01-23 10:11:37 +01:00
nrpatten
151decb2b6 [FIX] Align Checkbox 
"Edit template" checkbox align closer to "Active"
 2014-01-22 00:39:42 +11:00
nrpatten
fc7a939b1e [FIX] Update github footer link 
Remove https://github.com/TheSerapher/php-mpos
Add https://github.com/MPOS/php-mpos
 2014-01-21 23:42:58 +11:00
Sebastian Grewe
bf484c4be2 Merge pull request #1510 from xisi/security-pagecontrollerfix 
Fix issue #1508
 2014-01-21 03:20:38 -08:00
xisi
ac91d70c5f This should fix issue #1508 2014-01-21 04:04:53 -05:00
Sebastian Grewe
2d760c2934 Merge pull request #1504 from daygle/patch-6 
Update default.tpl
 2014-01-21 01:00:00 -08:00
Sebastian Grewe
9520795e07 Merge pull request #1506 from nrpatten/next 
[FIX] input[type=email] in the wrong order and Overlap and Reposition TABS
 2014-01-21 00:07:58 -08:00
Sebastian Grewe
0edd964930 Merge pull request #1507 from xisi/security-js-pwstrength 
Simple javascript password strength/match
 2014-01-21 00:04:18 -08:00
nrpatten
0cfc92bd2b [FIX] Overlap and Reposition TABS 
[FIX] "E-mail address for system error" Overlap and realign class="tabs" to fieldset
 2014-01-21 17:12:06 +11:00
xisi
a20c2324e2 Added pw strength/match to change password form 2014-01-21 00:02:57 -05:00
xisi
b0053b65e1 Added basic javascript password strength/match testing 
Added pw strength/match to registration form
 2014-01-20 23:57:07 -05:00
Glen
3a43ed4e42 Update default.tpl 
Getting started page modification suggestions for all users.

1. Add BFGMiner details.
2. Remove bullet points for steps.
3. Add additional line for BFGMiner command line.
 2014-01-21 14:38:10 +11:00
Sebastian Grewe
eb6692b31c Merge pull request #1481 from raistlinthewiz/next 
tx fee's shouldn't be %
 2014-01-20 07:46:45 -08:00
Hüseyin Uslu
51d0879f8d Wording fix for index.php?page=account&action=edit - tx fee's shouldn't be % 2014-01-20 17:44:45 +02:00
xisi
ffda9dbae1 rebase + fix bug in overview tpl that could throw a notice 2014-01-20 04:53:00 -05:00
xisi
fd49e0eb78 disabled is actually correct to use in cash out form, we want the css props 
slightly optimization
 2014-01-20 04:41:13 -05:00
xisi
a987878c8e removed extraneous disabling of a field in edit account page, thanks @rog1121 2014-01-20 04:41:13 -05:00
xisi
b0413226b4 removed extraneous disabling of a field in edit account page, thanks @rog1121 2014-01-20 04:41:13 -05:00
xisi
76a67cb71a Changed the config options for CSRF/disabling forms 
* Now an array to disable with granularity
 * Fixed all CSRF tokens back to 1 min
 * Added CSRF protection for unlock account
 * Unified error message for all csrf tokens
 * Fixed a few issues with last commit
 2014-01-20 04:41:13 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00
xisi
58529547e0 Cleaned up logic of login page csrf protection 
added csrf protection to register page
 2014-01-20 04:27:22 -05:00
xisi
6afc876d19 Merge changes from TheSerapher's pull/1404 Added re-Captcha to Login Page 2014-01-20 04:26:04 -05:00
rog1121
77a0287c7f Update default.tpl 2014-01-19 12:37:54 -07:00
Metice
e665552c05 Update default.tpl 
Remove username of placeholder
 2014-01-19 15:01:11 +01:00
Sebastian Grewe
48a344ed25 [SECURITY] Dropped small login form 
Since we are adding more security realted features, we drop the small
login in the header. It will need more workarounds than we'd like and is
already dropped when re-Captcha is enabled.

Security > Convenience :D
 2014-01-17 15:43:58 +01:00
Sebastian Grewe
2829f6a746 [IMPROVED] Dropped username from login 2014-01-16 14:40:51 +01:00
Sebastian Grewe
d5bff56f6f [ADDED] re-Captha admin options 2014-01-16 14:14:29 +01:00
Sebastian Grewe
b9d36bcfc9 [IMPROVED] Added re-Captcha to Login Page 
* Enable re-captcha to use it
* Disables the mini-login box in header
* Requires re-Captcha to be setup in Admin Panel

Fixes #1400 once merged.
 2014-01-16 14:13:50 +01:00