Payouts did not work very well and caused more issues for pools than
being worth having this cron. We revert this and let them use
sendtoaddress again whenever they wish to deduct payouts from their pool
at their own discretion.
We may add this thing back in sometime later with a proper and working
implementation but no promises.
* [ADDED] Smarty acl_check function
* [ADDED] Optional default return value for getValue calls
* [UPDATE] ACL Checks in page controllers
* [UPDATE] Navigation template to use check_acl from Smarty
* [ADDED] New ACL options where needed
* [REMOVED] Disable pages from System Settings Tab
* [ADDED] Above removed pages into ACL Settings Tab
This will make usage of ACLs a bit easier and transparent.
Also fixes#1731 once merged.
* [ADDED] Abort if we don't have enough shares to calculate PPS from
* [FIXED] Proper calculations for account shares, we dropped a share
each run
* [ADDED] Error code if no new shares available
* [ADDED] Admin Panel Setting for max age for notifications
* [ADDED] Cronjob to clean out old notifications
* [ADDED] New cron to scripts and monitoring
Fixes#1672 once merged.
* Added IP address to all log output
* Added Page and Action to all log output
* Modified log messages
* Added Error and Fatal handlers
* Raised failed logins to Error
* Added KLogger default log levels
* Made it most verbose
htaccess to block access to the logs
by default, only log warnings
simple config check to see if that folder is writable
warning if changeNoFee is used
warning if setLocked is used
warning if changeAdmin is used
warning if when logging in that IP is different than saved IP
info if a login fails with bad user or password
warning if a user is locked via failed logins
info if an update/etc fails with bad pin
warning if a user is locked via failed pins
info when a pin request is sent
warning when a pin request email doesn't send
warning when trying to request pin reset and incorrect password
info when a twofactor token sent
warning if twofactor email doesn't send
warning when a user tries to request multiple of the same type of token
info when a twofactor token is deleted
warning if a twofactor token fails to delete
warning when an invalid change password token is used
info on successful account update
warning when reset password is called and IP doesn't match saved IP, info otherwise
warning if isAuthenticated falls through and kills a session
switched that in all places used (class loads mostly)
moved all includes at the beginning of index into bootstrap
moves *_PATH defines from config to bootstrap
config now uses defaults first, then user config
The way this now works is, if csrf is enabled:
* Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
* Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template
Fixes#1475 once merged
* Now an array to disable with granularity
* Fixed all CSRF tokens back to 1 min
* Added CSRF protection for unlock account
* Unified error message for all csrf tokens
* Fixed a few issues with last commit
* Adds CSRF protection for multiple pages, see bottom
* Adds User/IP/Date & time to successful login notification
* New config option for sitewide CSRF protection
* Fixed a bug in the contact form
* Lots of cleanup related to CSRF stuff
* Increments config version
* CSRF protection: register, contact, account edit, workers, notifications, and invites
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
