htaccess to block access to the logs
by default, only log warnings
simple config check to see if that folder is writable
warning if changeNoFee is used
warning if setLocked is used
warning if changeAdmin is used
warning if when logging in that IP is different than saved IP
info if a login fails with bad user or password
warning if a user is locked via failed logins
info if an update/etc fails with bad pin
warning if a user is locked via failed pins
info when a pin request is sent
warning when a pin request email doesn't send
warning when trying to request pin reset and incorrect password
info when a twofactor token sent
warning if twofactor email doesn't send
warning when a user tries to request multiple of the same type of token
info when a twofactor token is deleted
warning if a twofactor token fails to delete
warning when an invalid change password token is used
info on successful account update
warning when reset password is called and IP doesn't match saved IP, info otherwise
warning if isAuthenticated falls through and kills a session
* Check DB structure version, config file version and MPOS core version
* Added new Admin Dashboard to show this core information
* Cronjobs will be disabled if SQL files are not imported
* SQL files must re-set the db_upgrade_required setting
* Cronjobs will disabled if config files are not updated
* Simple config file update and version string update will fix this
* Added MPOS status overview
* Cronjobs and Wallet information for now, others may be added later
* Added new navigation link for Admin Panel Dashboard
* Added new version file
* Will require updates whenever DB or configs are updated
* Update SQL file that adds the DB_VERSION setting
This will address #1242 and already includes a huge chunk of changes
required to make this work.
This will lock a user account if a password or PIN has been entered
wrong for multiple times in a row. When unlocking the account via admin
panel, both counters are reset so the user can log in again.
This should fix issues with brute force attacks to access user accounts.
Please see configuration dist file for new config options.
Please import SQL upgrade 007 to add new column to user accounts table.
Addresses #670 and should be merged once tested.
* [ADDED] More error codes
* [MODIFIED] Class updates to use Base Class all the time
* [MODIFIED] Cronjobs have been slightly adjusted
* [ADDED] More base class features
* [ADDED] new monitoring method : endCronjob
* [IMPROVED] Use newly added error codes
* [ADDED] mail notifications, enabled by default
* [ADDED] cron disable on fatal errors with exit code != 0
* [ADDED] Command line swtich: -f = Force running crons even if disabled
* [ADDED] Disabled status in monitoring site
This will improve error handling in our cronjobs. Fatal errors now
require manual intervention by explicityly running crons with the force
option (`-f`). Until they are forced to run, crons will stay disabled.
Fixes#773 once merged
* [ADDED] New Config Option: Algorithm
* scrypt and sha256d supported right now
* might add SHA coin support across MPOS
* Compatible with previous implementation
* [REMOVED] config option: pps_target
* Replaced by config option: algorithm
* Please update your config, defaults to srypt now!
* [ADDED] Unpaid Shares in Dashboard
* [MODIFIED] User estshares from DB query instead template math
* Adjusted mmcfe-ng occurences in code
* Adjusted Database strucutre to only supply the full structure
* Adjusted default template to MPOS
Addresses #643
* [FEATURE] Allow in-class checking for user permissions
* [FEATURE] Allow in-class creation of the JSON data for coherence
* [FEATURE} Added API version in JSON data for client side checks
* [IMPROVEMENT] Adjusted all API calls to use the new JSON layout
**NOTE**: This is breaking backwads compatibility with the old API!
Please adjust your client application to support this new version.
The data array should not change much more other than added features.
* Migrated configuration options to admin panel
* Removed configuration options from config file
* Added help text for each configuration option into panel
Addresses #622 and needs extensive testing by pools. A lot has changed
so pool owners might have to adjust their own templates to match this
new system.
This will avoid double payouts via the website. Payouts will be
requested by users and processed by a cron. If, for whatever reason,
users do add two requests (it is checked if a payout exists) they would
only have one successful payout until their account balance is back up
to a save value to trigger the payout.
This should fix any issues with manual payouts being exploited through
the website. Will require some testing by others to ensure things work
as expected.
This will allow users to send invitations to other people via email.
Each account will still need to confirm the email address if the option
is enabled.
Addresses #330, will need to allow pool operators to enable this feature
even with registrations turned off.
* Adding mail verification during account registration
* Added new dist file option for mail verification
* Added account confirmation page using tokens
* Added mail class into user class for password resets
* Moved password reset template
* Adjusted account registration page
* Adjusted user class for email confirmation
Also fixed a bug with smarty_cache_key not being used properly if smarty
is disabled. Key still needs to be available even if caching is disabled
Addresses #330 and prepare the ticket for invitation only system.
* Added token type class
* Storing Token Type as ID not varchar
* Added new system to user class and fixed issues with it
* Started on mail verification process in user class
* Updated autoloader
* Updated change password template
Addresses #330
* Added monitoring class to deal with monitoring events
* Added event calls to all important cronjobs
* Added cron_end include file for monitoring cleanups on successful runs
* Added Monitoring to autoloader
* Modified account page to check for running auto_payout in monitoring
* Added monitoring to Navigation bar
* Added monitoring controller page
Fixes#415
This will allow us to start checking a blockhash against a solution
submitted to the database.
Details on this in the ticket. Just a WIP to save file states.
Addresses #405
* Added 3rd party logger library KLogger
* Adjusted all cronjobs from verbose output to logging
* Added new logs folder for crons to write to
* Added new .gitignore for logs folder data
* Updated blocks class to only fetch blocks with no share_id
* Adjusted findblocks to use no blocks class method
This will allow any admin to enable or disable a pool maintenance mode.
Regular users that are still logged in will not be kicked out (yet). New
users that are trying to login and are not admins will be denied access.
Also added registration option to Admin Settings via WebUI. You can now
disable new accounts via web option or configuration setting.
Fixes#259 but also adds an additional feature.
* Added mobile device detection PHP library
* Call PHP library to decide which theme to use
* Added theme as a configuration option into global config
* Selectable Desktop theme (default: mmcFE)
* Selectable Mobile theme (default: mobile)
* Disable mobile theme support entirely
**NOTE**: This requires updates to the `global.inc.php` so please check
the dist file and update your config before filing a new issue!
Addresses #25
* Adding dynamic news posts from DB
* Support Adding, Editing, Activating, Deactivating through admin panel
* Display all active posts on news page
* Implemented Markdown Library by Michelf
Fixes#61
* Added main mail class
* notification class extends mail class
* Added mail template for IDLE workers
* Added notification table to SQL structure
This works already but once notified the status is not reset as soon as
a worker is active again. Need to think of a system to do that
automatically.
Addresses #116
* Use tickerupdate.php cron to update setting value
* Added new configuration variables for ticket updates
* Added some missing configuration vars for some URLs
