RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,683 Commits 4 Branches 11 Tags 14 MiB
eb40e4080a
Commit Graph

1801 Commits

Author SHA1 Message Date
Sebastian Grewe
b05f87ab5d [FIX] Invalid CSRF error on password reset form 
Fixes #1675
 2014-02-06 10:49:04 +01:00
Sebastian Grewe
2f1d68448f [FIX] CSRF/Re-captcha on Contactform 
Fixes #1666
 2014-02-06 10:19:58 +01:00
Sebastian Grewe
837a8c58ea [FIX] Smarty caching cross-sessions 
Fixes #1691 and fixes #1684
 2014-02-06 09:17:09 +01:00
Sebastian Grewe
ed6c302c57 [FIX] Duplicate Conditionals 
Fixes #1690
 2014-02-06 08:56:38 +01:00
Sebastian Grewe
0e968c90a6 [FIX] Manual PPS Payouts 
Fixes #1692
 2014-02-06 08:53:18 +01:00
Sebastian Grewe
bea6477cb0 [UPDATE] Cache getmininginfo too 2014-02-05 17:21:13 +01:00
Sebastian Grewe
af2e34a1c6 [FIX] No manual-payout on empty coin address 2014-02-05 17:02:21 +01:00
Sebastian Grewe
bdaa4933fa [FIX] Cron error code for monitoring 2014-02-05 16:16:23 +01:00
Sebastian Grewe
bfbb8c83b7 [FIX] Account Update with same coin address 2014-02-05 15:29:52 +01:00
Sebastian Grewe
06eee145bf [FIX] Validate cold wallet address 2014-02-05 09:31:51 +01:00
Sebastian Grewe
c0618dd598 [VERSION] 0.0.4 MPOS for Payout overhaul 2014-02-05 09:02:36 +01:00
Sebastian Grewe
bc0d340bf3 Merge pull request #1642 from MPOS/payout-overhaul 
[IMPROVED] Payout logics
 2014-02-04 21:59:22 -08:00
Sebastian Grewe
43e1c44def Merge pull request #1646 from xisi/security-logging 
[ADDITION] Basic security logging
 2014-02-04 08:05:13 -08:00
Sebastian Grewe
30af8e83c5 Merge pull request #1657 from HerrKauwer/zxcvbn 
Used zxcvbn for password strength determination
 2014-02-02 23:53:22 -08:00
Sebastian Grewe
c677295447 [FIX] Network hashrate in khash before checks 2014-02-03 08:20:42 +01:00
Sebastian Grewe
e59d3a8e25 [FIX] Address Validation in user class 2014-02-03 08:16:59 +01:00
Sebastian Grewe
c00b6d6757 [IMPROVED] Payout logics 
* [ADDED] More methods to our transaction class
 * `createDebitAPRecord` and `createDebitMPRecord`, will handle the
 * entire debit process
  * Adds Debit transaction
  * Adds TXFee transaction
  * mark transactions as archived
  * validate user is fully paid out
  * send notification to user
 * `getMPQueue` was added to unify the process of getting payout queues
* [MOVED] Only one mail template for both payout methods
* [ADDED] Some minor calls to user class
* [ADDED] Full address validation to bitcoin class
* [SQL] New SQL upgrade and Version Increment
 * Adding UNIQUE index to coin_address in accounts table
 * preperation for `sendmany` implementation
 2014-02-03 08:16:58 +01:00
Sebastian Grewe
d61e6a7243 [FIX] Cron compile folder permission issue 2014-02-03 07:58:06 +01:00
xisi
18c7565e5c cleanup 2014-02-02 13:34:41 -05:00
xisi
ca1ae6ba2c wrapped KLogger 2014-02-02 11:57:06 -05:00
HerrKauwer
70e8b27085 Used zxcvbn for password strength determination 2014-02-02 15:04:55 +01:00
Sebastian Grewe
9da7af8a5e [FIX] 24 Hour Account Graphs 2014-02-02 11:35:08 +01:00
Sebastian Grewe
656a92d286 Merge pull request #1651 from rog1121/patch-4 
Locked Account Message
 2014-02-01 13:14:22 -08:00
rog1121
07d49b0956 Locked Account Message 2014-02-01 12:35:48 -07:00
xisi
cf8a8cc4d8 fixes #1639 2014-01-31 17:34:48 -05:00
xisi
e7bace5550 basic logging, adds logs folder to root dir 
htaccess to block access to the logs
by default, only log warnings
simple config check to see if that folder is writable

warning if changeNoFee is used
warning if setLocked is used
warning if changeAdmin is used
warning if when logging in that IP is different than saved IP
info if a login fails with bad user or password
warning if a user is locked via failed logins
info if an update/etc fails with bad pin
warning if a user is locked via failed pins
info when a pin request is sent
warning when a pin request email doesn't send
warning when trying to request pin reset and incorrect password
info when a twofactor token sent
warning if twofactor email doesn't send
warning when a user tries to request multiple of the same type of token
info when a twofactor token is deleted
warning if a twofactor token fails to delete
warning when an invalid change password token is used
info on successful account update
warning when reset password is called and IP doesn't match saved IP, info otherwise
warning if isAuthenticated falls through and kills a session
 2014-01-31 13:11:38 -05:00
Sebastian Grewe
255b9e1f56 [FIX] API Timeout added 
Fixes #1643
 2014-01-31 16:27:03 +01:00
Sebastian Grewe
319d9439a4 Merge pull request #1621 from xisi/sessions-mclimiter-fixes 
[UPDATE] Security updates and fixes
 2014-01-31 05:55:09 -08:00
xisi
afdf3abb29 ripped out all the memcache session stuff, not worth it with the side effects of caching things 
cleaned up config/checks
 2014-01-30 18:41:56 -05:00
xisi
8487a8d462 respect client validation settings for failures 2014-01-30 09:38:41 -05:00
xisi
3d414e9ffa I think this is a good midway between hardcoding it in and allowing configurability 2014-01-29 23:35:07 -05:00
xisi
0643cf4b87 fixed crons, tested on 2 boxes 2014-01-29 18:33:34 -05:00
xisi
53a8b4adf1 .htaccess check for @ahmedbodi 2014-01-29 15:43:09 -05:00
xisi
51818421d8 weird problem, strict for isAuthenticated 2014-01-29 14:46:21 -05:00
xisi
5d017f60c3 how this worked before is beyond me 2014-01-29 13:28:38 -05:00
Yefta Sutanto
0bd1606207 Update sidebar_prop.tpl 
Fixing "Your Invalid" percentage calculation
 2014-01-30 00:17:20 +07:00
Yefta Sutanto
0a9398b99e Update sidebar_pps.tpl 2014-01-30 00:16:45 +07:00
Yefta Sutanto
016da6cd61 Update sidebar_pplns.tpl 
Fixing "Your Invalid" percentage calculation
 2014-01-30 00:12:34 +07:00
xisi
ae47437ab7 fixed worker delete csrf thing I stubbed earlier 
took to field out of the rest of the login forms
 2014-01-29 09:41:50 -05:00
xisi
c36413d70c tests not checks 2014-01-29 09:17:58 -05:00
xisi
f298c60260 little more cleanup 
put version check/config check after sessions/rate limiter so it works correctly & only uses 1 db hit
 2014-01-29 09:16:03 -05:00
xisi
568445845a changes DEBUG SALT and SALTY from defines to variables 
switched that in all places used (class loads mostly)
moved all includes at the beginning of index into bootstrap
moves *_PATH defines from config to bootstrap
config now uses defaults first, then user config
 2014-01-29 07:34:50 -05:00
xisi
c2b1c68699 added check if we can write config files to admin_checks, we shouldnt be able to 2014-01-29 05:20:06 -05:00
Sebastian Grewe
923795c23b [FIX] Ignore AP for empty/NULL addresses 2014-01-29 09:58:18 +01:00
xisi
56ad9266d3 last login time not this login time 2014-01-29 03:55:51 -05:00
Sebastian Grewe
d84018763d [FIX] Admin Panel Users: Show user shares 
Fixes #1624
 2014-01-29 09:27:34 +01:00
Sebastian Grewe
d3aa7ad1d5 Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-29 08:52:39 +01:00
Sebastian Grewe
d007358710 [FIX] Ignore missing HTTP_REFERRER 
Fixes #1626
 2014-01-29 08:52:12 +01:00
xisi
74dec2796d Added last login time/ip address popup on login w/ close button 
Info/blue if your ip matches, warning/yellow if not
 2014-01-28 15:45:24 -05:00
xisi
3efe979ae3 Switch config over to wiki, yay 2014-01-28 14:24:48 -05:00
xisi
181ef0c6d2 security config mask 2014-01-28 10:31:53 -05:00
Zen00
0e8949c71d Linked Site-Title 
Seems that there was plans to make the site title a link, but the .tpl
was never updated.
 2014-01-28 08:16:31 -07:00
xisi
614b5b1dbb of all the pages to miss it on 2014-01-28 08:19:58 -05:00
xisi
9f6cf99aa3 small fixes 2014-01-28 08:08:53 -05:00
xisi
f56c18276a small fixes 2014-01-28 07:26:33 -05:00
xisi
6398e5dfec merged session manager/memcache limiter 
cleanup for PR
 2014-01-28 07:26:33 -05:00
Joey
63c3b96a29 now enforce client & server validity on login with strict on 
fixed csrf token check for a few pages where it mightve been broken
session manager now can be bound to base user class and used, like in login
logout now pushes you to login regardless, no longer has param to push to custom url
fixed validate client, hijacking sessions no longer works
 2014-01-28 07:26:32 -05:00
Joey
795e019d0d cleaned up config options a bit 2014-01-28 07:26:32 -05:00
Joey
493c43e0ed updated check in autoloader so default needs to be changed if SECHASH_CHECK is enabled 2014-01-28 07:26:32 -05:00
Joey
d5f1c97f82 fixed check against define like it used to even if SECHASH_CHECK is disabled 
fixed ajax calls in memcache limiter to use REQUEST page/action rather than QUERY_STRING
 2014-01-28 07:26:32 -05:00
xisi
b728b680ca blah blah 2014-01-28 07:26:08 -05:00
xisi
9dcb855b34 strict class, trying to figure out why edit account doesnt work 2014-01-28 06:18:57 -05:00
xisi
f21f05e874 pushing to start core rebuild 2014-01-28 06:18:57 -05:00
xisi
7393f21d01 just pushing so I can rebase zzz 2014-01-28 06:18:57 -05:00
Sebastian Grewe
56f995c86f Merge pull request #1617 from HerrKauwer/pwcheck 
Cleaned up pwcheck.js
 2014-01-28 00:28:32 -08:00
Sebastian Grewe
5f65904431 [FIX] HTTPS detecion on Template 2014-01-28 09:25:50 +01:00
Sebastian Grewe
967c1cc48f [FIX] Proper HTTPS detection 
Fixes #1618 once merged
 2014-01-28 09:25:20 +01:00
Sebastian Grewe
b783237c2e Merge pull request #1457 from MPOS/issue-1332 
Issue 1332
 2014-01-28 00:18:56 -08:00
Sebastian Grewe
f83c88aae6 Merge pull request #1603 from MPOS/double-payouts 
Double payouts
 2014-01-27 22:25:44 -08:00
HerrKauwer
095ee2e40a Cleaned up pwcheck.js 2014-01-27 23:56:39 +01:00
Sebastian Grewe
ecfa741223 [FIX] Do not assign smarty vars if caching hits 2014-01-27 13:43:33 +01:00
Sebastian Grewe
b5cb8171ba Merge branch 'master-read-only-check' into next 2014-01-27 13:26:14 +01:00
Sebastian Grewe
f183b586a8 [ADDED] Check if master is read-only 
Just to ensure we can run at all.
 2014-01-27 12:58:41 +01:00
Sebastian Grewe
fab3c44e90 [ADDED] THash/second modifier 2014-01-27 12:45:46 +01:00
Sebastian Grewe
1cd9352952 [FIX] Transaction ID and RPC Transaction ID 2014-01-27 10:31:18 +01:00
Sebastian Grewe
d4557982ba [FIX] API call for transactions 
Fixes #1602 once merged.
 2014-01-27 09:13:09 +01:00
Sebastian Grewe
b87691371f [SECURITY] Path disclosure and redirects 
* [SECURITY] Do not disclose paths with wrong query arguments in API
* [SECURITY] Removed $to redirect after login

Fixes #1596 once merged.
 2014-01-26 17:41:27 +01:00
Sebastian Grewe
7c8d7701f2 [FIX] Lock state 2 for admin locks 2014-01-26 11:17:33 +01:00
Sebastian Grewe
702ed49704 [ADDED] Account lock status 
* Lock 1: user confirmation/unlock pending, count shares
* Lock 2: Admin disabled, ignore shares

This further addresses #1332 and should allow proper dropping of shares
for banned accounts.
 2014-01-26 11:17:33 +01:00
Sebastian Grewe
e4627fc51d [IMPROVED] Ignore locked account shares 
* Updated getRoundShares to honor locked accounts
* Updated getSharesForAccounts and getArchiveShares

This will fix #1332 and ignore locked user accounts in share
calculations for payouts.
 2014-01-26 11:17:33 +01:00
Sebastian Grewe
816fb783ce Merge pull request #1589 from joebauers/next 
Update user.class.php
 2014-01-25 23:50:25 -08:00
joebauers
48ce68e612 Update user.class.php 
No need to show world if valid account.
 2014-01-26 02:44:30 -05:00
Sebastian Grewe
a343ac4047 Merge pull request #1568 from MPOS/payout-fail-bail 
[FIX] Bail payouts on failed sendtoaddress calls
 2014-01-25 08:38:56 -08:00
Sebastian Grewe
768d193793 Merge pull request #1576 from xisi/csrf-backend-only 
[FIXES] More CSRF improvements
 2014-01-25 06:59:08 -08:00
Sebastian Grewe
9e6a2a3bea [FIX] Do not treat disabled notification as error 
Fixes #1582 once merged.
 2014-01-25 13:10:38 +01:00
xisi
8fbda49fd1 Don't even need the suppression 2014-01-24 16:33:55 -05:00
xisi
a043e5ed19 Fixes #1561, which happened to me even with the API key in the correct format 2014-01-24 16:32:00 -05:00
xisi
c81aec4c64 fixed bug in registration form 2014-01-24 15:38:56 -05:00
xisi
0f88f70fcf fixes bug in registration form, thanks @Zen00 2014-01-24 15:34:01 -05:00
xisi
4e18ff318b cleaned up tabbing and sessions in index 2014-01-24 15:07:00 -05:00
xisi
c192cbb0bd Token failure condition fix 2014-01-24 14:46:50 -05:00
xisi
3006cb544f Reworked csrf tokens, now enabled globally 
The way this now works is, if csrf is enabled:
 * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates
 * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
 2014-01-24 13:00:24 -05:00
Sebastian Grewe
a586cc36ab [FIX] Honor cache flag for getUserSharerate 2014-01-24 12:32:21 +01:00
Sebastian Grewe
2891a07637 [FIX] Bail payouts on failed sendtoaddress calls 
* [WORKAROUND] Helps for coins that run a bad RPC implementation
* Addresses #1406 and wil at least stop double payouts
 2014-01-24 12:15:23 +01:00
Sebastian Grewe
70a09811ec [FIX] PHP Notice on Mobile Template 2014-01-24 11:29:19 +01:00
Sebastian Grewe
481c8dd980 [FIX] Round donations on donor page 2014-01-24 10:52:13 +01:00
Sebastian Grewe
a1a3d7e873 [IMPROVED] Added donation minimum and rounding 
* [ADDED] Config option `$config['donate_threshold']['min'] = 1;`
* [VERSION] Incremented config file version to `0.0.6`
* [CHANGED] Round donations to at least two digits
* [CHANGED] Honor minimum set pool donation percentage
* [UPDATED] Account edit template

Fixes #1475 once merged
 2014-01-24 10:06:13 +01:00
Sebastian Grewe
659c203c06 Merge pull request #1551 from xisi/csrf-improvements 
[FIXES] CSRF tokens & login cleanup
 2014-01-23 23:27:31 -08:00
Sebastian Grewe
90d0ff1081 Merge pull request #1546 from ahmedbodi/patch-1 
Get Cronjob Status API
 2014-01-23 23:13:42 -08:00
Sebastian Grewe
f75200ce1e Merge pull request #1560 from raistlinthewiz/next 
Added reward_type and reward info to api/getpoolinfo
 2014-01-23 23:09:06 -08:00