RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,284 Commits 4 Branches 11 Tags 14 MiB
cc6e58084f
Commit Graph

578 Commits

Author SHA1 Message Date
xisi
cc6e58084f Fixed an bug where a notice could be thrown on the edit page under the right conditions 
Cleaned up login page logic which should fix #1459 & #1461
Fixed a bug in tools class where an incorrect config setting could throw a notice
 2014-01-20 04:40:38 -05:00
xisi
dacadd8477 Fixed bug / undefined index when api settings are empty 2014-01-20 04:40:15 -05:00
xisi
fed3981979 fixed isTokenValid, started work on edit fixes, recaptcha fix test 2014-01-20 04:38:25 -05:00
xisi
3b6a408c3f forget the check, the crons run 2014-01-20 04:33:28 -05:00
xisi
4be9330ca1 typo 2014-01-20 04:32:54 -05:00
xisi
18f808a85b After messing around for quite awhile now with the SQL NOW() and timestamp comparison, I've come to the conclusion it's much better for my sanity to do the expiration check in php - there seems to be some divergence between the way this is handled between SQL setups I've tested. So there you go. 2014-01-20 04:32:54 -05:00
xisi
bacbb8c36c after looking into this quite a bit, this is the correct way to do it after all 2014-01-20 04:30:17 -05:00
xisi
13e6c43ba5 add notify_email to accounts table and getUserNotifyEmail() method in user class 2014-01-20 04:30:17 -05:00
xisi
9ecd8d4d3e added signup_timestamp to accounts table 
added getSignupTime() method to user class
added 014_accounts_update.sql and updated 000_base_structure.sql
incremented db version
 2014-01-20 04:30:17 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
9ccb5e15bc refactored old token usage in account edit page 2014-01-20 04:27:58 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00
xisi
6da5510035 clean up pages that use csrftokens 2014-01-20 04:26:04 -05:00
xisi
42d93f5beb specific timing for csrf tokens 2014-01-20 04:26:04 -05:00
xisi
a56140ca84 Moved csrftoken stuff into a class 
added getCurrentIP method to user class
added config option for sitewide csrf protection
 2014-01-20 04:26:04 -05:00
Sebastian Grewe
5b7cf6ab93 [FIX] SQL again, sigh 2014-01-19 17:28:34 +01:00
Sebastian Grewe
8a983835c6 [FIX] Whoopsie SQL 2014-01-19 17:25:55 +01:00
Sebastian Grewe
d4db477c2d [FIX] Also honor diff for share difficulties if unset 2014-01-19 17:22:00 +01:00
Sebastian Grewe
b905089a01 [FIX] Removed debug output 2014-01-19 17:18:09 +01:00
Sebastian Grewe
0fb543c3ed [FIX] Honor target_bits for hashrate 2014-01-19 17:17:24 +01:00
Sebastian Grewe
cf49db4535 [IMPROVED] Cronbased global Hash-/Sharerate cache 
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache

Addresses #1471 and may fix it already if no other changes are required.
 2014-01-19 17:05:27 +01:00
Sebastian Grewe
10e3fcab7e Merge pull request #1468 from Neozonz/issue-1467 
MySQL Optimization: always use order by when using limits
 2014-01-19 06:39:13 -08:00
Neozonz
44e0fa6745 Reverted 2014-01-19 09:35:39 -05:00
Neozonz
73e3bb2284 Removed ORDER BY for single queries 2014-01-19 06:05:55 -05:00
Neozonz
773286bd06 ORDER BY for Updates/Deletes 2014-01-19 06:00:29 -05:00
Neozonz
38f5daba6b Search blocks by desc and order by for deletes 2014-01-19 06:00:14 -05:00
Neozonz
47eb9f7fa0 Allow getWorkerHashRate to set invervals 2014-01-19 05:56:31 -05:00
Joey
0309886645 What a stupid thing of me to miss 
UNIX_TIMESTAMP() for time comparison, oops
 2014-01-17 03:53:09 -05:00
Sebastian Grewe
a572d0cea0 Merge pull request #1351 from TheSerapher/issue-1345 
Issue 1345
 2014-01-16 23:46:40 -08:00
Sebastian Grewe
1dfbeea5f7 Merge pull request #1420 from TheSerapher/issue-1343 
[IMPROVED] jsonRPC Error Handling with CURL
 2014-01-16 06:15:42 -08:00
obigal
75729c6592 pplns payouts speed improvements / reworked insert method 2014-01-16 14:42:05 +01:00
Sebastian Grewe
63960e2e62 [IMPROVED] Allow e-mails only for login 
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.

Fixes #1345 once merged.
 2014-01-16 14:40:51 +01:00
xisi
e7725399c2 change function name for sending 2f emails 2014-01-16 05:55:57 -05:00
xisi
8736123df2 improved bad csrf token error message 
cleaned up wording of config
improved leadtime defaults in getCSRFToken
 2014-01-16 05:55:57 -05:00
xisi
2d0938b35b [ADDED] Simple CSRF protection tokens 
* Adds config options for disabling, timeout lead time, and forms
 * Adds another salt in config that's used in the token
 * Adds protection for login form by default
 2014-01-16 05:55:57 -05:00
xisi
8ed8338b3e fixed my incorrect use of notif settings array 2014-01-16 05:53:36 -05:00
xisi
f3a6d65eab send notifications on successful login when active 2014-01-16 05:53:36 -05:00
xisi
96b734edaa fix how late we delete tokens for 2fa 2014-01-16 05:53:36 -05:00
xisi
d9d678be61 retooled most of the email confirmation setup 2014-01-16 05:53:36 -05:00
xisi
69eec05cb7 simplified notifications with index, updated the settings method, and fixed up template, sql fixes 2014-01-16 05:42:43 -05:00
xisi
bfd803ec28 Incremented version, moved config options, return vals fixed in 2f checks 2014-01-16 05:42:43 -05:00
xisi
ef904858ae [Addition] E-mail confirmations for user actions 
* If enabled, sends e-mail to confirm user withdraws, edits and pw changes
 * Adds 4 config options, enabled + individual settings
 * Adds 3 new token_types
 2014-01-16 05:42:43 -05:00
nicoschtein
14ad54a8ed Added last_login table column to getAllUserStats 2014-01-15 17:51:10 -02:00
Sebastian Grewe
610e564c2f [IMPROVED] Further improvements on error handling 2014-01-15 16:28:26 +01:00
Sebastian Grewe
aa27e8dfde [IMPROVED] jsonRPC Error Handling with CURL 
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled

It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.

Fixes #1343 once merged.
 2014-01-15 16:11:59 +01:00
Sebastian Grewe
78beb8b674 [UPDATE] Added index call checks where missing 2014-01-14 11:05:41 +01:00
Sebastian Grewe
20305026e8 [ADDED] User login overview to admin dashboard 
Fixes #1374 once merged
 2014-01-12 09:05:59 +01:00
Sebastian Grewe
4fe46cbd2a [ADDED] last_login timestamp 
* [RENAMED] sessionTimeoutStamp to last_login
* [UPDATE] user class to store login time after successful login
* [ADDED] SQL Upgrade file for new column
* [UPDATE] Updated base SQL file

Fixes #1162 once merged.
 2014-01-11 20:32:45 +01:00
Sebastian Grewe
2417ee7c4f [FIX] Log SQL errors on invalid checkUserPassword 
Fixes #1366 once merged.
 2014-01-11 19:28:37 +01:00