RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,349 Commits 4 Branches 11 Tags 14 MiB
f3a4c8173f
Commit Graph

1586 Commits

Author SHA1 Message Date
xisi
5e5e751271 switched account edit csrf token to 1 min now that saving works on an incorrect entry 2014-01-20 04:40:38 -05:00
xisi
36f3a16cc3 gave password reset its own csrf token 2014-01-20 04:40:38 -05:00
xisi
bd2999526e fixed mobile templates, have not tested as they use same methods as main template 
fixed change pw templates; added csrf token
added csrf protection for password reset
fixed reset and change pass templates; were missing csrf token (form only tpl)
 2014-01-20 04:40:38 -05:00
xisi
7e3197246a fixed error response to not leak info to users 2014-01-20 04:40:38 -05:00
xisi
cc6e58084f Fixed an bug where a notice could be thrown on the edit page under the right conditions 
Cleaned up login page logic which should fix #1459 & #1461
Fixed a bug in tools class where an incorrect config setting could throw a notice
 2014-01-20 04:40:38 -05:00
xisi
dacadd8477 Fixed bug / undefined index when api settings are empty 2014-01-20 04:40:15 -05:00
xisi
62e341b877 finally cleaned up the edit account page to my liking 
fixed change I made to test a fix for someone who was having issues
 2014-01-20 04:38:53 -05:00
xisi
fed3981979 fixed isTokenValid, started work on edit fixes, recaptcha fix test 2014-01-20 04:38:25 -05:00
xisi
3b6a408c3f forget the check, the crons run 2014-01-20 04:33:28 -05:00
xisi
d3a7d4bdbf inc db version in version include 2014-01-20 04:32:54 -05:00
xisi
4be9330ca1 typo 2014-01-20 04:32:54 -05:00
xisi
18f808a85b After messing around for quite awhile now with the SQL NOW() and timestamp comparison, I've come to the conclusion it's much better for my sanity to do the expiration check in php - there seems to be some divergence between the way this is handled between SQL setups I've tested. So there you go. 2014-01-20 04:32:54 -05:00
xisi
bacbb8c36c after looking into this quite a bit, this is the correct way to do it after all 2014-01-20 04:30:17 -05:00
xisi
13e6c43ba5 add notify_email to accounts table and getUserNotifyEmail() method in user class 2014-01-20 04:30:17 -05:00
xisi
9ecd8d4d3e added signup_timestamp to accounts table 
added getSignupTime() method to user class
added 014_accounts_update.sql and updated 000_base_structure.sql
incremented db version
 2014-01-20 04:30:17 -05:00
xisi
15eca659b9 fixed a bug in edit account template 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
 2014-01-20 04:30:17 -05:00
xisi
a36a0c5b79 [UPDATE] CSRF protection + User/IP/Date & time added to login notification 
* Adds CSRF protection for multiple pages, see bottom
 * Adds User/IP/Date & time to successful login notification
 * New config option for sitewide CSRF protection
 * Fixed a bug in the contact form
 * Lots of cleanup related to CSRF stuff
 * Increments config version
 * CSRF protection: register, contact, account edit, workers, notifications, and invites
 2014-01-20 04:29:45 -05:00
xisi
8756036646 cleaned up account edit csrf slightly 
added csrf protection to workers under sitewide config
added csrf protection to notifications under sitewide config
added csrf protection to invitations under sitewide config
cleaned up login page csrf
cleaned up contactform/contactform page
cleaned up register/register page
moved config->csrf->forms->register to sitewide
added login ip/user/time to notification on login
 2014-01-20 04:29:45 -05:00
xisi
e5c9720174 Finished cleanup of account edit page 
added csrf protection to account edit page under sitewide config
escaped all instances of CTOKEN for csrf in smarty templates
 2014-01-20 04:29:13 -05:00
xisi
9ccb5e15bc refactored old token usage in account edit page 2014-01-20 04:27:58 -05:00
xisi
d83542e03e Added method to get description image of csrf token with name 
moved sitewide into options portion of the config option
csrf protection for contact form under sitewide config option
changed register to 1 hour token
 2014-01-20 04:27:58 -05:00
xisi
58529547e0 Cleaned up logic of login page csrf protection 
added csrf protection to register page
 2014-01-20 04:27:22 -05:00
xisi
6da5510035 clean up pages that use csrftokens 2014-01-20 04:26:04 -05:00
xisi
42d93f5beb specific timing for csrf tokens 2014-01-20 04:26:04 -05:00
xisi
a56140ca84 Moved csrftoken stuff into a class 
added getCurrentIP method to user class
added config option for sitewide csrf protection
 2014-01-20 04:26:04 -05:00
xisi
19a0945be2 no config version inc 2014-01-20 04:26:04 -05:00
xisi
6afc876d19 Merge changes from TheSerapher's pull/1404 Added re-Captcha to Login Page 2014-01-20 04:26:04 -05:00
Sebastian Grewe
954459b897 Merge branch 'next' of github.com:MPOS/php-mpos into next 2014-01-20 09:58:33 +01:00
Sebastian Grewe
56fbf205b7 [ADDED] Comment for DEBUG levels 2014-01-20 09:58:06 +01:00
Sebastian Grewe
2dab915d6e Merge pull request #1472 from MPOS/issue-1471 
Issue 1471
 2014-01-20 00:42:35 -08:00
Sebastian Grewe
24e24576af [FIX] E-Mail login location 2014-01-20 09:16:38 +01:00
rog1121
77a0287c7f Update default.tpl 2014-01-19 12:37:54 -07:00
Sebastian Grewe
5b7cf6ab93 [FIX] SQL again, sigh 2014-01-19 17:28:34 +01:00
Sebastian Grewe
8a983835c6 [FIX] Whoopsie SQL 2014-01-19 17:25:55 +01:00
Sebastian Grewe
d4db477c2d [FIX] Also honor diff for share difficulties if unset 2014-01-19 17:22:00 +01:00
Sebastian Grewe
b905089a01 [FIX] Removed debug output 2014-01-19 17:18:09 +01:00
Sebastian Grewe
0fb543c3ed [FIX] Honor target_bits for hashrate 2014-01-19 17:17:24 +01:00
Sebastian Grewe
cf49db4535 [IMPROVED] Cronbased global Hash-/Sharerate cache 
* [ADDED] New statistic method to fetch all user mining stats
* [ADDED] New global cache to getUserHash/Sharerate calls
* [ADDED] New memcache key for new global cache

Addresses #1471 and may fix it already if no other changes are required.
 2014-01-19 17:05:27 +01:00
Sebastian Grewe
10e3fcab7e Merge pull request #1468 from Neozonz/issue-1467 
MySQL Optimization: always use order by when using limits
 2014-01-19 06:39:13 -08:00
Neozonz
44e0fa6745 Reverted 2014-01-19 09:35:39 -05:00
Metice
e665552c05 Update default.tpl 
Remove username of placeholder
 2014-01-19 15:01:11 +01:00
Neozonz
73e3bb2284 Removed ORDER BY for single queries 2014-01-19 06:05:55 -05:00
Neozonz
773286bd06 ORDER BY for Updates/Deletes 2014-01-19 06:00:29 -05:00
Neozonz
38f5daba6b Search blocks by desc and order by for deletes 2014-01-19 06:00:14 -05:00
Neozonz
47eb9f7fa0 Allow getWorkerHashRate to set invervals 2014-01-19 05:56:31 -05:00
Sebastian Grewe
48a344ed25 [SECURITY] Dropped small login form 
Since we are adding more security realted features, we drop the small
login in the header. It will need more workarounds than we'd like and is
already dropped when re-Captcha is enabled.

Security > Convenience :D
 2014-01-17 15:43:58 +01:00
Joey
0309886645 What a stupid thing of me to miss 
UNIX_TIMESTAMP() for time comparison, oops
 2014-01-17 03:53:09 -05:00
Sebastian Grewe
a572d0cea0 Merge pull request #1351 from TheSerapher/issue-1345 
Issue 1345
 2014-01-16 23:46:40 -08:00
Sebastian Grewe
1dfbeea5f7 Merge pull request #1420 from TheSerapher/issue-1343 
[IMPROVED] jsonRPC Error Handling with CURL
 2014-01-16 06:15:42 -08:00
Sebastian Grewe
12399a9c43 [REMOVED] Old code 2014-01-16 15:01:25 +01:00
obigal
75729c6592 pplns payouts speed improvements / reworked insert method 2014-01-16 14:42:05 +01:00
Jesse Collier
bc833eb40b [IMPROVED] Adds Email label and removes maxlength 
When logging in from mobile, there currently is not an indicater to
use email or username. This labels it correctly.

Removed maxlength to allow for lengthier email addresses.
 2014-01-16 14:42:05 +01:00
Sebastian Grewe
d9f591e7c8 [UPDATE] MPOS version due to major change 2014-01-16 14:41:44 +01:00
Sebastian Grewe
2829f6a746 [IMPROVED] Dropped username from login 2014-01-16 14:40:51 +01:00
Sebastian Grewe
63960e2e62 [IMPROVED] Allow e-mails only for login 
This is a major change in MPOS. Usernames will not be allowed anymore.
This will avoid a lot of brute force issues since usernames are not a
valid login method anymore.

Fixes #1345 once merged.
 2014-01-16 14:40:51 +01:00
Sebastian Grewe
63f062af9d [UPDATE] CSRF to Mobile template 2014-01-16 14:33:04 +01:00
Sebastian Grewe
bef4298e1f [ADDED] Default re-Captcha HTML to mobile 2014-01-16 14:14:29 +01:00
Sebastian Grewe
d5bff56f6f [ADDED] re-Captha admin options 2014-01-16 14:14:29 +01:00
Sebastian Grewe
b9d36bcfc9 [IMPROVED] Added re-Captcha to Login Page 
* Enable re-captcha to use it
* Disables the mini-login box in header
* Requires re-Captcha to be setup in Admin Panel

Fixes #1400 once merged.
 2014-01-16 14:13:50 +01:00
xisi
050a068d05 fix versioning 2014-01-16 06:05:29 -05:00
xisi
b613182dfb what fix, nothing to see here 2014-01-16 05:55:57 -05:00
xisi
e7725399c2 change function name for sending 2f emails 2014-01-16 05:55:57 -05:00
xisi
8736123df2 improved bad csrf token error message 
cleaned up wording of config
improved leadtime defaults in getCSRFToken
 2014-01-16 05:55:57 -05:00
xisi
764be9f0b7 fixed verbiage 2014-01-16 05:55:57 -05:00
xisi
2d0938b35b [ADDED] Simple CSRF protection tokens 
* Adds config options for disabling, timeout lead time, and forms
 * Adds another salt in config that's used in the token
 * Adds protection for login form by default
 2014-01-16 05:55:57 -05:00
xisi
bae30b2e4f fixed success_login tpl verbiage 2014-01-16 05:55:57 -05:00
xisi
9d14902bb5 fix nocache in account/edit template 2014-01-16 05:55:57 -05:00
xisi
dc984aca63 fixed gitignore for eclipse, added templates/compile/mpos folder and a blank file to fix issues with setup guide/chowning compile dir 2014-01-16 05:53:36 -05:00
xisi
8ed8338b3e fixed my incorrect use of notif settings array 2014-01-16 05:53:36 -05:00
xisi
f3a6d65eab send notifications on successful login when active 2014-01-16 05:53:36 -05:00
xisi
741b6464ef success_login tpl for new notification 2014-01-16 05:53:36 -05:00
xisi
802930cba1 save old token to use in case we error out 2014-01-16 05:53:36 -05:00
xisi
ed8349ef50 works as far as I can tell 2014-01-16 05:53:36 -05:00
xisi
40d09a4ee4 oops, forgot to make sure we're auth'ed 2014-01-16 05:53:36 -05:00
xisi
a598eec924 fix sync changes done in edit.inc.php at the end of request 2014-01-16 05:53:36 -05:00
xisi
1b1f552567 fix cosmetic issue #2 2014-01-16 05:53:36 -05:00
xisi
a0ecbd0294 fix cosmetic issue 2014-01-16 05:53:36 -05:00
xisi
96b734edaa fix how late we delete tokens for 2fa 2014-01-16 05:53:36 -05:00
xisi
d9d678be61 retooled most of the email confirmation setup 2014-01-16 05:53:36 -05:00
xisi
69eec05cb7 simplified notifications with index, updated the settings method, and fixed up template, sql fixes 2014-01-16 05:42:43 -05:00
xisi
bfd803ec28 Incremented version, moved config options, return vals fixed in 2f checks 2014-01-16 05:42:43 -05:00
xisi
ef904858ae [Addition] E-mail confirmations for user actions 
* If enabled, sends e-mail to confirm user withdraws, edits and pw changes
 * Adds 4 config options, enabled + individual settings
 * Adds 3 new token_types
 2014-01-16 05:42:43 -05:00
Sebastian Grewe
409f41bc35 Merge pull request #1437 from nrpatten/next 
[FIX] Issue #1423
 2014-01-16 02:42:05 -08:00
Sebastian Grewe
24a7085519 Merge pull request #1428 from nicoschtein/patch-16 
Added User Last Login column to Admin User Info section
 2014-01-16 01:01:21 -08:00
nrpatten
6b8953c048 Update default.tpl 
[FIX] Alignment of text and image.
 2014-01-16 19:54:12 +11:00
nrpatten
43117e555d Update default.tpl 
[FIX] Me being an idiot :)
 2014-01-16 19:36:30 +11:00
nrpatten
415461fe32 Update default.tpl 
[FIX] Issue #1423 Add mouse over explanation for TX fee for auto payouts and manual payouts.
 2014-01-16 12:28:57 +11:00
rog1121
33763e12a6 Fix Dashboard 2014-01-15 18:01:51 -07:00
nicoschtein
ced8a16a66 [Fix] Wrong var name and Align 2014-01-15 18:04:22 -02:00
nicoschtein
5c0decee41 Added date formatting to Last Login column 2014-01-15 17:57:57 -02:00
nicoschtein
14ad54a8ed Added last_login table column to getAllUserStats 2014-01-15 17:51:10 -02:00
nicoschtein
a55da151a0 Added Last Login column to User Info section 2014-01-15 17:43:28 -02:00
Fred
41e89f7830 Version 3 
New additions some clean up
 2014-01-15 10:40:06 -06:00
Sebastian Grewe
610e564c2f [IMPROVED] Further improvements on error handling 2014-01-15 16:28:26 +01:00
Sebastian Grewe
f2f539ef53 [IMPROVED] Payout logging and indent 2014-01-15 16:12:00 +01:00
Sebastian Grewe
c42fc60742 [FIX] Proper response string for debug output 2014-01-15 16:11:59 +01:00
Sebastian Grewe
aa27e8dfde [IMPROVED] jsonRPC Error Handling with CURL 
* [ADDED] Use curl instead of fopen
* [ADDED] Error handling for various connection issues
* [MOVED] jsonRPC library into lib folder
* [UPDATED] Pools page for proper RPC errors with caching enabled

It's using the base RPC class but modified to support CURL. Simplified
some code since we won't need those features. Should make maintaining
that code a whole lot easier.

Fixes #1343 once merged.
 2014-01-15 16:11:59 +01:00
Sebastian Grewe
290ac36729 [FIX] Config Version check 2014-01-15 15:33:00 +01:00
Sebastian Grewe
7d8d5d3c04 Merge pull request #1412 from nicoschtein/patch-13 
Issue 875 - Manual and Auto TXFee (REBASED again..)
 2014-01-15 06:31:49 -08:00
Sebastian Grewe
a496a37159 [FIX] MMinor on mobile template 2014-01-15 11:37:09 +01:00