Merge pull request #2738 from MPOS/development

UPDATE : Development to Master

.gitignore

@@ -37,4 +37,10 @@
 
 /vendor/
 
-tests/_output/*
+tests/_output/*
+
+# NetBeans Project Directory
+/nbproject/*
+
+# No need for composer.lock
+/composer.lock

.travis.yml

@@ -18,7 +18,7 @@ branches:
 
 install:
   - wget http://selenium-release.storage.googleapis.com/2.42/selenium-server-standalone-2.42.2.jar
-  - composer global require "fxp/composer-asset-plugin:1.0.0-beta2"
+  - composer global require "fxp/composer-asset-plugin:~1.1.1"
   - composer install
 
 
@@ -34,8 +34,9 @@ before_script:
   - nohup php -S bone:8000 public/index.php &
 
 script:
+  - php vendor/bin/codecept build
   - php vendor/bin/codecept run unit --coverage --coverage-html --coverage-xml --env travis
 
 after_script:
   - wget https://scrutinizer-ci.com/ocular.phar
-  - php ocular.phar code-coverage:upload --format=php-clover tests/_output/coverage.xml
+  - php ocular.phar code-coverage:upload --format=php-clover tests/_output/coverage.xml

CHANGELOG.md

@@ -1,3 +1,60 @@
+1.0.5 (XXX XXth XXXX)
+---------------------
+
+* Fixed worker name scaling issues on mobile devices (Thanks @nrpatten)
+* Fixed user information table formatting (Thanks @pokari1986)
+* Fixed empty auto-payout threshold value for accounts page
+* Removed config disable check popup for admins on all pages
+* Added blockchain download status for admin feedback (admin setup check)
+* Added peer state to wallet info state if no peers are connected
+
+1.0.4 (Jun 19th 2015)
+---------------------
+
+* Honor anonymous attribute when sending block finder mails
+* Display admin warning if no transfer fees are set
+* Moved admin_checks.php into the admin panel/system/setup
+ * Checks are now loaded individually from pages/admin/checks
+
+1.0.3 (Apr 29th 2015)
+---------------------
+
+* HOTFIX: Database upgrade from `1.0.0` to `1.0.1` did not work as
+  intended
+
+1.0.2 (Apr 28th 2015)
+---------------------
+
+* Allow SSO accross MPOS pools
+  * Added a new config options
+    * `$config['db']['shared']['acounts']`, defaults to `$config['db']['name']`
+    * `$config['db']['shared']['workers']`, defaults to `$config['db']['name']`
+    * `$config['db']['shared']['news']`, defaults to `$config['db']['name']`
+  * Will access `accounts`, `pool_workers` and `news` on shared table
+  * Does not allow splitting `accounts` and `pool_woker` across database hosts
+  * Required `$config['cookie']['domain']` to be set
+    * You need to use the top domain shared between hosts as the setting
+    * e.g. `ltc.thepool.com` and `btc.thepool.com` it has to be `.thepool.com` (NOTE the leading .)
+* Increased information on `Admin -> Wallet Info`
+  * Added block count to Wallet Status
+  * Added number of accounts to Wallet Status
+  * Added Peer information
+  * Added last 25 transactions
+    * Can be changed via Admin System Settings -> Wallet
+  * Always show all accounts
+* Updated Auto Payout Threshold to be stored in `coin_address` table
+  * Existing thresholds will be migrated when upgrading
+  * Update to `1.0.1` for the database using the upgrade script supplied in MPOS
+* Updated Bootstrap to 3.3.4
+* Updated MorrisJS to 0.5.1
+* Updated RaphaelJS to 2.1.2
+* Updated Bootstrap Switch to 3.3.2
+* Updated CLEditor to 1.4.5
+* Removed unneeded JS files
+* Removed unneeded CSS files
+* Fixed ding for block notifications not playing on Safari
+* Fixed manual payout warning to show when account balance is too low
+
 1.0.1 (Apr 15th 2015)
 ---------------------
 

README.md

@@ -1,48 +1,24 @@
-[![Build Status](https://travis-ci.org/MPOS/php-mpos.png?branch=master)](https://travis-ci.org/MPOS/php-mpos) [![Code Coverage](https://scrutinizer-ci.com/g/MPOS/php-mpos/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/MPOS/php-mpos/?branch=master) [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/MPOS/php-mpos/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/MPOS/php-mpos/?branch=master) master<br />
+[![Build Status](https://travis-ci.org/MPOS/php-mpos.png?branch=master)](https://travis-ci.org/MPOS/php-mpos) [![Code Climate](https://codeclimate.com/github/MPOS/php-mpos/badges/gpa.svg)](https://codeclimate.com/github/MPOS/php-mpos) [![Code Coverage](https://scrutinizer-ci.com/g/MPOS/php-mpos/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/MPOS/php-mpos/?branch=master) [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/MPOS/php-mpos/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/MPOS/php-mpos/?branch=master) master<br />
 [![Build Status](https://travis-ci.org/MPOS/php-mpos.png?branch=development)](https://travis-ci.org/MPOS/php-mpos) [![Code Coverage](https://scrutinizer-ci.com/g/MPOS/php-mpos/badges/coverage.png?b=development)](https://scrutinizer-ci.com/g/MPOS/php-mpos/?branch=development) [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/MPOS/php-mpos/badges/quality-score.png?b=development)](https://scrutinizer-ci.com/g/MPOS/php-mpos/?branch=development)  development
 
-
 Description
 ===========
 
-MPOS is a web based Mining Portal for various crypto currencies. It was created by [TheSerapher](https://github.com/TheSerapher) and has hence grown quite large. Recently it was migrated into a Github Organization to make development easier. It's a community driven open source project. Support can be requested on IRC at https://webchat.freenode.net/?channels=#mpos - Be **PATIENT** ... People listed in this channel may currently be inactive but most users there have offline logging of messages. They **will** see your questions and answer if they can. Don't join, ask the question and leave. Sit around if you want answers to your questions!
+MPOS is a web based Mining Portal for various crypto currencies. It was originally created by [TheSerapher](https://github.com/TheSerapher) and has hence grown quite large. It's now used by many pools out there and is a good starting point to learn more about mining and running pools in general. There is no active development done on the project by the orignal developers but we still merge PRs!
 
 Donations
 =========
 
 Donations to this project are going directly to [TheSerapher](https://github.com/TheSerapher), the original author of this project:
 
-* LTC address: `Lge95QR2frp9y1wJufjUPCycVsg5gLJPW8`
 * BTC address: `1HuYK6WPU8o3yWCrAaADDZPRpL5QiXitfv`
-* DOGE address: `DANk8bnc3vHEf7Jthaxq1Xgn1BSiArNdjG`
-* 42Coin address: `4VxA6Ht59Mj6ikhA4gDXLiHuAaDCJEvYTZ`
-* FST address: `fiRqMgZyhjTN1GSEB3ZxV35JXsE5bjEaQ2`
-* FRK address: `FDcgGZjX2B29qevSuiuQVwXhkNhtQT4cEW`
-* Cryptsy Trade Key: `6ff7292142463b7b80cbbbdfc52334ba89727b11`
+* LTC address: `Lge95QR2frp9y1wJufjUPCycVsg5gLJPW8`
 
 Website Footer
 ==============
 
 When you decide to use `MPOS` please be so kind and leave the footer intact. You are not the author of the software and should honor those that have worked on it. Keeping the footer intact helps spreading the word. Leaving the donation address untouched allows miners to donate to the author.
 
-Donors
-======
-
-These people have supported this project with a donation:
-
-* [obigal](https://github.com/obigal)
-* [vias](https://github.com/vias79)
-* [WKNiGHT](https://github.com/WKNiGHT-)
-* [ZC](https://github.com/zccopwrx)
-* Nutnut
-* Caberhagen (http://litecoin-pool.ch)
-* Mining4All (https://www.mining4all.eu/)
-* [xisi](https://github.com/xisi)
-* [PCFiL](https://github.com/PCFiL)
-* [rog1121](https://github.com/rog1121)(https://rapidhash.net)
-* [Wow, Much Pool](http://www.wowmuchpool.com/)
-* webxassDE (https://www.suchcoins.com/)
-
 Pools running MPOS
 ==================
 
@@ -145,39 +121,27 @@ on non-existing features in `MPOS`. For the vast majority, adjusting themes shou
 
 In all that, I humbly ask to keep the `MPOS` author reference and Github URL intact.
 
-Related Software
-================
-
-There are a few other projects out there that take advantage of MPOS and it's included API. Here a quick list that you can check out for yourself:
-
-* [MPOS IRC Bot](https://github.com/WKNiGHT-/mpos-bot) written in Python, standalone bot, using the MPOS API
-* [MPOS Eggdrop Module](https://github.com/iAmShorty/mpos-eggdrop-tcl) written in TCL, adding MPOS commands to this bot, using the MPOS API
-* [Windows Phone Pool App](http://www.windowsphone.com/en-us/store/app/meeneminermonitor/7ec6eac7-a642-409b-96c8-57b5cfdf45cf)
-* [iPhone iMPOS App](https://itunes.apple.com/us/app/impos/id742179239?mt=8)
-* [Other Windows Phone App](http://www.windowsphone.com/en-us/store/app/mining-info/952f1137-eb62-4613-8057-34576d3c9c44)
-
 Contributing
 ============
 
 You can contribute to this project in different ways:
 
 * Report outstanding issues and bugs by creating an [Issue][1]
-* Suggest feature enhancements also via [Issues][1]
-* Fork the project, create a branch and file a pull request to improve the code itself
-
-If you wish to participate contact the team on IRC: https://webchat.freenode.net/?channels=#mpos - we will point you to the proper channels!
+* Fork the project, create a branch and file a pull request **against development** to improve the code itself
 
 Contact
 =======
 
-You can find the team on Freenode.net, #MPOS.
+This product is not actively developed anymore. For setup and installation support, please find help in other channels.
+This projects issue tracker is used for bugs and issues with the core code, not for general help in setting up and running 
+pool.
 
 Team Members
 ============
 
 Author and Project Owner: [TheSerapher](https://github.com/TheSerapher) aka Sebastian Grewe
 
-Developers:
+Past developers that helped on MPOS in the early days:
 
 * [nrpatten](https://github.com/nrpatten)
 * [Aim](https://github.com/fspijkerman)

composer.json

@@ -1,14 +1,16 @@
 {
-    "name": "delboy1978uk/mpos",
+    "name": "MPOS/php-mpos",
     "description": "MPOS stands for Mining Portal Open Source. A unified mining interface for various Scrypt and SHA256d Crypto-currencies!",
     "require-dev": {
         "codeception/codeception": "~2.0"
     },
     "authors": [
         {
-            "name": "Derek Stephen McLean",
-            "email": "delboy1978uk@gmail.com"
+            "name": "Sebastian Grewe",
+            "email": "sebastian.grewe@gmail.com"
         }
     ],
-    "require": {}
+    "require": {
+        "google/recaptcha": "~1.1"
+    }
 }

cronjobs/blockupdate.php

@@ -80,4 +80,3 @@ foreach ($aAllBlocks as $iIndex => $aBlock) {
 }
 
 require_once('cron_end.inc.php');
-?>

cronjobs/cron_end.inc.php

@@ -22,4 +22,3 @@ limitations under the License.
 $monitoring->endCronjob($cron_name, 'OK', 0, false, false);
 $monitoring->setStatus($cron_name . "_runtime", "time", microtime(true) - $cron_start[$cron_name]);
 $monitoring->setStatus($cron_name . "_endtime", "date", time());
-?>

cronjobs/findblock.php

@@ -28,7 +28,13 @@ require_once('shared.inc.php');
 // Fetch our last block found from the DB as a starting point
 $aLastBlock = @$block->getLastValid();
 $strLastBlockHash = $aLastBlock['blockhash'];
-if (!$strLastBlockHash) $strLastBlockHash = '';
+if (!$strLastBlockHash) {
+  try {
+    $strLastBlockHash = $bitcoin->getblockhash(1);
+  } catch (Exception $e) {
+    $strLastBlockHash = "";
+  }
+}
 
 // Fetch all transactions since our last block
 if ( $bitcoin->can_connect() === true ){
@@ -157,8 +163,12 @@ if (empty($aAllBlocks)) {
         // Notify users
         $aAccounts = $notification->getNotificationAccountIdByType('new_block');
         if (is_array($aAccounts)) {
-		
-          $finder = $user->getUserName($iAccountId);
+          if ($user->getUserNameAnon($iAccountId) == 1) {
+                $finder = "Anonymous";
+          } else {
+               $finder = $user->getUserName($iAccountId);
+          }
+
           foreach ($aAccounts as $aData) {
             $aMailData['height'] = $aBlock['height'];
             $aMailData['subject'] = 'New Block';
@@ -178,4 +188,3 @@ if (empty($aAllBlocks)) {
 }
 
 require_once('cron_end.inc.php');
-?>

cronjobs/notifications.php

@@ -75,4 +75,3 @@ if ($setting->getValue('notifications_disable_idle_worker') != 1) {
 }
 
 require_once('cron_end.inc.php');
-?>

cronjobs/pplns_payout.php

@@ -289,4 +289,3 @@ foreach ($aAllBlocks as $iIndex => $aBlock) {
 }
 
 require_once('cron_end.inc.php');
-?>

cronjobs/pps_payout.php

@@ -200,4 +200,3 @@ if ($aAllBlocks = $block->getAllUnaccounted('ASC')) {
 $log->logInfo("Completed PPS Payout");
 
 require_once('cron_end.inc.php');
-?>

cronjobs/proportional_payout.php

@@ -169,4 +169,3 @@ foreach ($aAllBlocks as $iIndex => $aBlock) {
 }
 
 require_once('cron_end.inc.php');
-?>

cronjobs/run-maintenance.sh

@@ -47,16 +47,25 @@ fi
 ME=$( basename $0 )
 
 # Overwrite some settings via command line arguments
-while getopts "hfvp:d:" opt; do
+while getopts "hfvt:p:d:" opt; do
   case "$opt" in
     h|\?)
-      echo "Usage: $0 [-v] [-p PHP_BINARY] [-d SUBFOLDER]";
+      echo "Usage: $0 [-v] [-f] [-t TIME_IN_SEC] [-p PHP_BINARY] [-d SUBFOLDER]";
       exit 0
       ;;
     v) VERBOSE=1 ;;
     f) PHP_OPTS="$PHP_OPTS -f";;
     p) PHP_BIN=$OPTARG ;;
     d) SUBFOLDER=$OPTARG ;;
+    t)
+      if [[ $OPTARG =~ ^[0-9]+$ ]]; then
+        TIMEOUT=$OPTARG
+        PHP_OPTS="$PHP_OPTS -t $OPTARG"
+      else
+        echo "Option -t requires an integer" >&2
+        exit 1
+      fi
+    ;;
     :)
       echo "Option -$OPTARG requires an argument." >&2
       exit 1
@@ -102,6 +111,16 @@ fi
 # Our PID of this shell
 PID=$$
 
+# If $PIDFILE exists and older than the time specified by -t, remove it.
+if [[ -e $PIDFILE ]]; then
+  if [[ -n $TIMEOUT ]] && \
+     [[ $(( $(date +%s) - $(stat -c %Y $PIDFILE) )) -gt $TIMEOUT ]]; then
+    echo "$PIDFILE exists but older than the time you specified in -t option ($TIMEOUT sec)."
+    echo "Removing PID file."
+    rm $PIDFILE
+  fi
+fi
+
 if [[ -e $PIDFILE ]]; then
   echo "Cron seems to be running already"
   RUNPID=$( cat $PIDFILE )

cronjobs/run-payout.sh

@@ -46,17 +46,25 @@ fi
 # My own name
 ME=$( basename $0 )
 
-# Overwrite some settings via command line arguments
-while getopts "hfvp:d:" opt; do
+while getopts "hfvt:p:d:" opt; do
   case "$opt" in
     h|\?)
-      echo "Usage: $0 [-v] [-p PHP_BINARY] [-d SUBFOLDER]";
+      echo "Usage: $0 [-v] [-f] [-t TIME_IN_SEC] [-p PHP_BINARY] [-d SUBFOLDER]";
       exit 0
       ;;
     v) VERBOSE=1 ;;
     f) PHP_OPTS="$PHP_OPTS -f";;
     p) PHP_BIN=$OPTARG ;;
     d) SUBFOLDER=$OPTARG ;;
+    t)
+      if [[ $OPTARG =~ ^[0-9]+$ ]]; then
+        TIMEOUT=$OPTARG
+        PHP_OPTS="$PHP_OPTS -t $OPTARG"
+      else
+        echo "Option -t requires an integer" >&2
+        exit 1
+      fi
+    ;;
     :)
       echo "Option -$OPTARG requires an argument." >&2
       exit 1
@@ -102,6 +110,16 @@ fi
 # Our PID of this shell
 PID=$$
 
+# If $PIDFILE exists and older than the time specified by -t, remove it.
+if [[ -e $PIDFILE ]]; then
+  if [[ -n $TIMEOUT ]] && \
+     [[ $(( $(date +%s) - $(stat -c %Y $PIDFILE) )) -gt $TIMEOUT ]]; then
+    echo "$PIDFILE exists but older than the time you specified in -t option ($TIMEOUT sec)."
+    echo "Removing PID file."
+    rm $PIDFILE
+  fi
+fi
+
 if [[ -e $PIDFILE ]]; then
   echo "Cron seems to be running already"
   RUNPID=$( cat $PIDFILE )

cronjobs/run-statistics.sh

@@ -47,16 +47,25 @@ fi
 ME=$( basename $0 )
 
 # Overwrite some settings via command line arguments
-while getopts "hfvp:d:" opt; do
+while getopts "hfvt:p:d:" opt; do
   case "$opt" in
     h|\?)
-      echo "Usage: $0 [-v] [-p PHP_BINARY] [-d SUBFOLDER]";
+      echo "Usage: $0 [-v] [-f] [-t TIME_IN_SEC] [-p PHP_BINARY] [-d SUBFOLDER]";
       exit 0
       ;;
     v) VERBOSE=1 ;;
     f) PHP_OPTS="$PHP_OPTS -f";;
     p) PHP_BIN=$OPTARG ;;
     d) SUBFOLDER=$OPTARG ;;
+    t)
+      if [[ $OPTARG =~ ^[0-9]+$ ]]; then
+        TIMEOUT=$OPTARG
+        PHP_OPTS="$PHP_OPTS -t $OPTARG"
+      else
+        echo "Option -t requires an integer" >&2
+        exit 1
+      fi
+    ;;
     :)
       echo "Option -$OPTARG requires an argument." >&2
       exit 1
@@ -102,6 +111,16 @@ fi
 # Our PID of this shell
 PID=$$
 
+# If $PIDFILE exists and older than the time specified by -t, remove it.
+if [[ -e $PIDFILE ]]; then
+  if [[ -n $TIMEOUT ]] && \
+     [[ $(( $(date +%s) - $(stat -c %Y $PIDFILE) )) -gt $TIMEOUT ]]; then
+    echo "$PIDFILE exists but older than the time you specified in -t option ($TIMEOUT sec)."
+    echo "Removing PID file."
+    rm $PIDFILE
+  fi
+fi
+
 if [[ -e $PIDFILE ]]; then
   echo "Cron seems to be running already"
   RUNPID=$( cat $PIDFILE )

cronjobs/shared.inc.php

@@ -51,24 +51,50 @@ $cron_name = basename($_SERVER['PHP_SELF'], '.php');
 require_once(BASEPATH . '../include/bootstrap.php');
 require_once(BASEPATH . '../include/version.inc.php');
 
+// Load 3rd party logging library for running crons
+$log = KLogger::instance( BASEPATH . '../logs/' . $cron_name, KLogger::INFO );
+
 // Command line switches
 array_shift($argv);
-foreach ($argv as $option) {
+foreach ($argv as $index => $option) {
   switch ($option) {
   case '-f':
     $monitoring->setStatus($cron_name . "_disabled", "yesno", 0);
     $monitoring->setStatus($cron_name . "_active", "yesno", 0);
     break;
+  case '-t':
+    // When `-t TIME_IN_SEC` is specified, we ignore the cron active flag
+    // if the time elapsed `TIME_IN_SEC` seconds after the last job started.
+
+    // Check the next argument is the value for -t option.
+    if (!($index + 1 < count($argv)) || // check if '-t' is not the last argument.
+        !(ctype_digit($argv[$index + 1]))) { // check the next argument is numeric string
+      $log->logFatal('Option -t requires an integer.');
+      $monitoring->endCronjob($cron_name, 'E0085', 3, true, false);
+    }
+
+    $timeout = intval($argv[$index + 1]);
+    $timeElapsedFromLastStart = $dStartTime - $monitoring->getLastCronStarted($cron_name);
+
+    if ($timeElapsedFromLastStart > $timeout) {
+      $log->logWarn("Previous cronjob `$cron_name` is started before than you specified by -t. Re-run forced.");
+      $monitoring->setStatus($cron_name . "_active", "yesno", 0);
+    }
+    break;
   }
 }
 
-// Load 3rd party logging library for running crons
-$log = KLogger::instance( BASEPATH . '../logs/' . $cron_name, KLogger::INFO );
 $log->LogDebug('Starting ' . $cron_name);
 
 // Load the start time for later runtime calculations for monitoring
 $cron_start[$cron_name] = microtime(true);
 
+// Skip all crons if admin enabled pool maintenance
+if ($setting->getValue('maintenance')) {
+  $log->logInfo('Cronjobs disabled due to pool maintenance');
+  $monitoring->endCronjob($cron_name, 'E0083', 2, true, false);
+}
+
 // Check if our cron is activated
 if ($monitoring->isDisabled($cron_name)) {
   $log->logFatal('Cronjob is currently disabled due to errors, use -f option to force running cron.');
@@ -87,5 +113,3 @@ if ($setting->getValue('DB_VERSION') != DB_VERSION || $config['version'] != CONF
   $log->logFatal('Cronjob is currently disabled due to required upgrades. Import any outstanding SQL files and check your configuration file.');
   $monitoring->endCronjob($cron_name, 'E0075', 0, true, false);
 }
-
-?>

cronjobs/statistics.php

@@ -55,4 +55,3 @@ $statistics->getCurrentHashrate() ? $status = 'OK' : $status = 'ERROR';
 $log->logInfo(sprintf($strLogMask, 'getTopContributors(shares)', number_format(microtime(true) - $start, 3), $status));
 
 require_once('cron_end.inc.php');
-?>

cronjobs/tables_cleanup.php

@@ -59,7 +59,7 @@ if ($oToken->cleanupTokens()) {
 }
 $log->logInfo(sprintf($strLogMask, 'cleanupTokens', $affected, number_format(microtime(true) - $start, 3), $status, $message));
 
-// Clenaup shares archive
+// Cleanup shares archive
 $start = microtime(true);
 $status = 'OK';
 $message = '';
@@ -73,7 +73,7 @@ if ($affected === false) {
 }
 $log->logInfo(sprintf($strLogMask, 'purgeArchive', $affected, number_format(microtime(true) - $start, 3), $status, $message));
 
-// Clenaup shares archive
+// Cleanup shares archive
 $start = microtime(true);
 $status = 'OK';
 $message = '';
@@ -89,4 +89,3 @@ $log->logInfo(sprintf($strLogMask, 'purgeUserStats', $affected, number_format(mi
 
 // Cron cleanup and monitoring
 require_once('cron_end.inc.php');
-?>

cronjobs/tickerupdate.php

@@ -76,4 +76,3 @@ if ($api_keys = $setting->getValue('monitoring_uptimerobot_api_keys')) {
 $log->logInfo(sprintf($strLogMask, 'Uptime Robot', 'n/a', number_format(microtime(true) - $start, 3), $status, $message));
 
 require_once('cron_end.inc.php');
-?>

include/admin_checks.php

@@ -1,152 +0,0 @@
-<?php
-$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
-
-if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA']['id'])) {
-  if (!include_once(INCLUDE_DIR . '/lib/jsonRPCClient.php')) die('Unable to load libs');
-  $notice = array();
-  $enotice = array();
-  $error = array();
-
-  // setup some basic stuff for checking - getuid/getpwuid not available on mac/windows
-  $apache_user = 'unknown';
-  if (substr_count(strtolower(PHP_OS), 'nix') > 0 || substr_count(strtolower(PHP_OS), 'linux') > 0) {
-    $apache_user = (function_exists('posix_getuid')) ? posix_getuid() : 'unknown';
-    $apache_user = (function_exists('posix_getpwuid')) ? posix_getpwuid($apache_user) : $apache_user;
-  }
-
-  // setup checks
-  // logging
-  if ($config['logging']['enabled']) {
-    if (!is_writable($config['logging']['path'])) {
-      $error[] = "Logging is enabled but we can't write in the logfile path";
-    }
-  }
-
-  // check if memcache isn't available but enabled in config -> error
-  if (!class_exists('Memcached') && $config['memcache']['enabled']) {
-    $error[] = "You have memcached enabled in your config and it's not available as a PHP module. Install the package on your system.";
-  }
-
-  // if it's not enabled, test it if it exists, if it works -> error tell them to enable, -> otherwise notice it's disabled
-  if (!$config['memcache']['enabled']) {
-    if (PHP_OS == 'WINNT') {
-      require_once(CLASS_DIR . 'memcached.class.php');
-    }
-    if (class_exists('Memcached')) {
-      $memcache_test = @new Memcached();
-      if ($config['memcache']['sasl'] === true) {
-        $memcache_test->setOption(Memcached::OPT_BINARY_PROTOCOL, true);
-        $memcache_test->setSaslAuthData($config['memcache']['sasl']['username'], $config['memcache']['sasl']['password']);
-      }
-      $memcache_test_add = @$memcache_test->addServer($config['memcache']['host'], $config['memcache']['port']);
-      $randmctv = rand(5,10);
-      $memcache_test_set = @$memcache_test->set('test_mpos_setval', $randmctv);
-      $memcache_test_get = @$memcache_test->get('test_mpos_setval');
-    }
-    if (class_exists('Memcached') && $memcache_test_get == $randmctv) {
-      $error[] = "You have memcache disabled in the config but it's available and works! Enable it for best performance.";
-    } else {
-      $notice[] = "Memcache is disabled; Almost every linux distro has packages for it, you should be using it if you can.";
-    }
-  }
-
-  // check if htaccess exists
-  if (!file_exists(BASEPATH.".htaccess")) {
-    $htaccess_link = "<a href='https://github.com/MPOS/php-mpos/blob/next/public/.htaccess'>.htaccess</a>";
-    $notice[] = "You don't seem to have a .htaccess in your public folder, if you're using Apache set it up: $htaccess_link";
-  }
-
-  // check if we can write templates/cache and templates/compile -> error
-  if (!is_writable(TEMPLATE_DIR . '/cache')) {
-    $error[] = "templates/cache folder is not writable for uid {$apache_user['name']}";
-  }
-  if (!is_writable(TEMPLATE_DIR . '/compile')) {
-    $error[] = "templates/compile folder is not writable for uid {$apache_user['name']}";
-  }
-
-  // check if we can write the config files, we should NOT be able to -> error
-  if (is_writable(INCLUDE_DIR.'/config/global.inc.php') || is_writable(INCLUDE_DIR.'/config/global.inc.dist.php') ||
-      is_writable(INCLUDE_DIR.'/config/security.inc.php') || is_writable(INCLUDE_DIR.'/config/security.inc.dist.php')) {
-    $error[] = "Your config files <b>SHOULD NOT be writable to this user</b>!";
-  }
-
-  // check if daemon can connect -> error
-  try {
-    if ($bitcoin->can_connect() !== true) {
-      $error[] = "Unable to connect to coin daemon using provided credentials";
-    }
-    else {
-      // validate that the wallet service is not in test mode
-      if ($bitcoin->is_testnet() == true) {
-        $error[] = "The coin daemon service is running as a testnet. Check the TESTNET setting in your coin daemon config and make sure the correct port is set in the MPOS config.";
-      }
-
-      // if coldwallet is not empty, check if the address is valid -> error
-      if (!empty($config['coldwallet']['address'])) {
-        if (!$bitcoin->validateaddress($config['coldwallet']['address']))
-          $error[] = "Your cold wallet address is <u>SET and INVALID</u>";
-      }
-
-      // check if there is more than one account set on wallet
-      $accounts = $bitcoin->listaccounts();
-      if (count($accounts) > 1 && $accounts[''] <= 0) {
-        $error[] = "There are " . count($accounts) . " Accounts set in local Wallet and Default Account has no liquid funds to pay your miners!";
-      }
-    }
-  } catch (Exception $e) {
-  }
-  // check anti DOS protection, we need memcache for that
-  if ($config['mc_antidos'] && !$config['memcache']['enabled']) {
-    $error[] = "mc_antidos is enabled and memcache is not, <u>memcache is required</u> to use this";
-  }
-
-  // poke stratum using gettingstarted details -> enotice
-  if (function_exists('socket_create')) {
-    $host = @gethostbyname($config['gettingstarted']['stratumurl']);
-    $port = $config['gettingstarted']['stratumport'];
-    
-    if (isset($host) and
-      isset($port) and
-      ($socket=socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) and
-      (socket_set_option($socket, SOL_SOCKET, SO_SNDTIMEO, array('sec' => 3, 'usec' => 0))) and
-      (@socket_connect($socket, $host, $port)))
-    {
-      socket_close($socket);
-    } else {
-      $enotice[] = 'We tried to poke your Stratum server using your $config[\'gettingstarted\'] settings but it didn\'t respond - ' . socket_strerror(socket_last_error());
-    }
-  } else {
-    // Connect via fsockopen as fallback
-    if (! $fp = @fsockopen($config['gettingstarted']['stratumurl'], $config['gettingstarted']['stratumport'], $errCode, $errStr, 1)) {
-      $enotice[] = 'We tried to poke your Stratum server using your $config[\'gettingstarted\'] settings but it didn\'t respond';
-    }
-    @fclose($fp);
-  }
-
-  // security checks
-  // salts too short -> notice, salts default -> error
-  if ((strlen($config['SALT']) < 24) || (strlen($config['SALTY']) < 24) || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
-    if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
-      $error[] = "You absolutely <u>SHOULD NOT leave your SALT or SALTY default</u> changing them will require registering again";
-    } else {
-      $notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again";
-    }
-  }
-
-  // display the errors
-  foreach ($enotice as $en) {
-    $_SESSION['POPUP'][] = array('CONTENT' => $en, 'TYPE' => 'alert alert-info');
-  }
-  if (!count($notice) && !count($error)) {
-    $_SESSION['POPUP'][] = array('CONTENT' => 'The config options we checked seem OK', 'TYPE' => 'alert alert-success');
-  } else {
-    foreach ($notice as $n) {
-      $_SESSION['POPUP'][] = array('CONTENT' => $n, 'TYPE' => 'alert alert-warning');
-    }
-    foreach ($error as $e) {
-      $_SESSION['POPUP'][] = array('CONTENT' => $e, 'TYPE' => 'alert alert-danger');
-    }
-  }
-}
-
-?>

include/autoloader.inc.php

@@ -2,6 +2,12 @@
 (SECURITY == "*)WT#&YHfd" && SECHASH_CHECK) ? die("public/index.php -> Set a new SECURITY value to continue") : 0;
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
+if (file_exists(INCLUDE_DIR . '/../vendor/autoload.php')) {
+  require_once(INCLUDE_DIR . '/../vendor/autoload.php');
+} else {
+  die("Unable to load vendor libraries, please run `php composer.phar install` in root folder.");
+}
+
 // Default classes
 require_once(INCLUDE_DIR . '/lib/KLogger.php');
 require_once(CLASS_DIR . '/logger.class.php');
@@ -9,6 +15,7 @@ require_once(CLASS_DIR . '/debug.class.php');
 if ($config['mysql_filter']) {
   require_once(CLASS_DIR . '/strict.class.php');
 }
+require_once(INCLUDE_DIR . '/classes/mysqlims.class.php');
 require_once(INCLUDE_DIR . '/database.inc.php');
 require_once(INCLUDE_DIR . '/config/memcache_keys.inc.php');
 require_once(INCLUDE_DIR . '/config/error_codes.inc.php');
@@ -78,7 +85,8 @@ require_once(CLASS_DIR . '/transaction.class.php');
 require_once(CLASS_DIR . '/roundstats.class.php');
 require_once(CLASS_DIR . '/news.class.php');
 require_once(CLASS_DIR . '/api.class.php');
+require_once(CLASS_DIR . '/usersettings.class.php');
+require_once(CLASS_DIR . '/ipushnotification.interface.php');
+require_once(CLASS_DIR . '/pushnotification.class.php');
 require_once(INCLUDE_DIR . '/lib/Michelf/Markdown.php');
 require_once(INCLUDE_DIR . '/lib/scrypt.php');
-
-?>

include/bootstrap.php

@@ -14,6 +14,16 @@ $quickstartlink = "<a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Gu
 if (!include_once(INCLUDE_DIR . '/config/global.inc.dist.php')) die('Unable to load base global config from ['.INCLUDE_DIR. '/config/global.inc.dist.php' . '] - '.$quickstartlink);
 if (!@include_once(INCLUDE_DIR . '/config/global.inc.php')) die('Unable to load your global config from ['.INCLUDE_DIR. '/config/global.inc.php' . '] - '.$quickstartlink);
 
+// Check for a shared account database and set to default DB if unset
+if (!isset($config['db']['shared']['accounts']))
+  $config['db']['shared']['accounts'] = $config['db']['name'];
+// Check for a shared worker database and set to default DB if unset
+if (!isset($config['db']['shared']['workers']))
+  $config['db']['shared']['workers'] = $config['db']['name'];
+// Check for a shared news database and set to default DB if unset
+if (!isset($config['db']['shared']['news']))
+  $config['db']['shared']['news'] = $config['db']['name'];
+
 // load our security configs
 if (!include_once(INCLUDE_DIR . '/config/security.inc.dist.php')) die('Unable to load base security config from ['.INCLUDE_DIR. '/config/security.inc.dist.php' . '] - '.$quickstartlink);
 if (@file_exists(INCLUDE_DIR . '/config/security.inc.php')) include_once(INCLUDE_DIR . '/config/security.inc.php');
@@ -22,7 +32,6 @@ if (@file_exists(INCLUDE_DIR . '/config/security.inc.php')) include_once(INCLUDE
 session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
 $session_start = @session_start();
 if (!$session_start) {
-  $log->log("info", "Forcing session id regeneration, session failed to start [hijack attempt?]");
   session_destroy();
   session_regenerate_id(true);
   session_start();
@@ -43,5 +52,3 @@ $master_template = 'master.tpl';
 // Load Classes, they name defines the $ variable used
 // We include all needed files here, even though our templates could load them themself
 require_once(INCLUDE_DIR . '/autoloader.inc.php');
-
-?>

include/classes/base.class.php

@@ -16,6 +16,8 @@ class Base {
   public function getTableName() {
     return $this->table;
   }
+  
+  protected $debug;
   public function setDebug($debug) {
     $this->debug = $debug;
   }
@@ -25,9 +27,13 @@ class Base {
   public function setCoinAddress($coin_address) {
     $this->coin_address = $coin_address;
   }
+  
+  public $log;
   public function setLog($log) {
     $this->log = $log;
   }
+  
+  protected $mysqli;
   public function setMysql($mysqli) {
     $this->mysqli = $mysqli;
   }
@@ -40,6 +46,10 @@ class Base {
   public function setSalty($salt) {
     $this->salty = $salt;
   }
+  /**
+   * @var Smarty
+   */
+  var $smarty;
   public function setSmarty($smarty) {
     $this->smarty = $smarty;
   }
@@ -52,6 +62,8 @@ class Base {
   public function setConfig($config) {
     $this->config = $config;
   }
+  
+  protected $aErrorCodes;
   public function setErrorCodes(&$aErrorCodes) {
     $this->aErrorCodes =& $aErrorCodes;
   }
@@ -241,8 +253,9 @@ class Base {
       $this->setErrorMessage(call_user_func_array(array($this, 'getErrorMsg'), func_get_args()));
     }
     // Default to SQL error for debug and cron errors
-    $this->debug->append($this->getErrorMsg('E0019', $this->mysqli->error));
-    $this->setCronMessage($this->getErrorMsg('E0019', $this->mysqli->error));
+    $this->debug->append($this->getErrorMsg('E0019', $this->mysqli->lastused->errno));
+    $this->setCronMessage($this->getErrorMsg('E0019', $this->mysqli->lastused->errno));
+    
     return false;
   }
 
@@ -284,4 +297,3 @@ class Base {
     return $array;
   }
 }
-?>

include/classes/bitcoin.class.php

@@ -284,13 +284,15 @@ class BitcoinClient extends jsonRPCClient {
    * The check is done by calling the server's getinfo() method and checking
    * for a fault.
    *
+   * To turn code compatible with BTC >= 0.16, getmininginfo() method used instead of getinfo()
+   *
    * @return mixed boolean TRUE if successful, or a fault string otherwise
    * @access public
    * @throws none
    */
   public function can_connect() {
     try {
-      $r = $this->getinfo();
+      $r = $this->getmininginfo();
     } catch (Exception $e) {
       return $e->getMessage();
     }

include/classes/bitcoinwrapper.class.php

@@ -24,13 +24,29 @@ class BitcoinWrapper extends BitcoinClient {
   public function getinfo() {
     $this->oDebug->append("STA " . __METHOD__, 4);
     if ($data = $this->memcache->get(__FUNCTION__)) return $data;
-    return $this->memcache->setCache(__FUNCTION__, parent::getinfo(), 30);
+    try {
+      return $this->memcache->setCache(__FUNCTION__, parent::getnetworkinfo()+parent::getmininginfo()+parent::getwalletinfo(), 30);
+    } catch (Exception $e) {
+      $this->oDebug->append("DEPRECATED : RPC version < 0.16, fallback to `getinfo` RPC call", 2);
+      return $this->memcache->setCache(__FUNCTION__, parent::getinfo(), 30);
+    }
   }
+
+  public function is_testnet() {
+    $this->oDebug->append("STA " . __METHOD__, 4);
+    if ($data = $this->memcache->get(__FUNCTION__)) return $data;
+    if (!(parent::getblockchaininfo()))
+      return $this->memcache->setCache(__FUNCTION__, parent::is_testnet(), 30);
+    else
+      return $this->memcache->setCache(__FUNCTION__, parent::getblockchaininfo()['chain'] == 'test', 30);
+  }
+  
   public function getmininginfo() {
     $this->oDebug->append("STA " . __METHOD__, 4);
     if ($data = $this->memcache->get(__FUNCTION__)) return $data;
     return $this->memcache->setCache(__FUNCTION__, parent::getmininginfo(), 30);
   }
+
   public function getblockcount() {
     $this->oDebug->append("STA " . __METHOD__, 4);
     if ($data = $this->memcache->get(__FUNCTION__)) return $data;
@@ -66,6 +82,19 @@ class BitcoinWrapper extends BitcoinClient {
     $dDifficulty = $this->getdifficulty();
     return $this->memcache->setCache(__FUNCTION__, $dDifficulty * pow(2,32) / $iCurrentPoolHashrate, 30);
   }
+  public function getblockchaindownload() {
+    $aPeerInfo = $this->getpeerinfo();
+    $aInfo = $this->getinfo();
+    $iStartingHeight = 0;
+    foreach ($aPeerInfo as $aPeerData) {
+      if ($iStartingHeight < $aPeerData['startingheight']) $iStartingHeight = $aPeerData['startingheight'];
+    }
+    if ($iStartingHeight > $aInfo['blocks']) {
+      return number_format(round($aInfo['blocks'] / $iStartingHeight * 100, 2), 2);
+    } else {
+      return false;
+    }
+  }
   public function getnetworkhashps() {
     $this->oDebug->append("STA " . __METHOD__, 4);
     if ($data = $this->memcache->get(__FUNCTION__)) return $data;

include/classes/block.class.php

@@ -237,7 +237,7 @@ class Block extends Base {
    * @return bool
    **/
   public function setShares($block_id, $shares=NULL) {
-    $field = array( 'name' => 'shares', 'value' => $shares, 'type' => 'i');
+    $field = array( 'name' => 'shares', 'value' => $shares, 'type' => 'd');
     return $this->updateSingle($block_id, $field);
   }
 

include/classes/coin_address.class.php

@@ -3,7 +3,17 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class CoinAddress extends Base {
   protected $table = 'coin_addresses';
-  private $cache = array();
+
+  /**
+   * We allow changing the database for shared accounts across pools
+   * Load the config on construct so we can assign the DB name
+   * @param config array MPOS configuration
+   * @return none
+   **/
+  public function __construct($config) {
+    $this->setConfig($config);
+    $this->table = $this->config['db']['shared']['accounts'] . '.' . $this->table;
+  }
 
   /**
    * Fetch users coin address for a currency
@@ -27,6 +37,29 @@ class CoinAddress extends Base {
     return $this->sqlError();
   }
 
+  /**
+   * Fetch users Auto Payout Threshold for a currency
+   * @param UserID int UserID
+   * @return mixed Float value for threshold, false on error
+   **/
+  public function getAPThreshold($userID, $currency=NULL) {
+    if ($currency === NULL) $currency = $this->config['currency'];
+    $this->debug->append("STA " . __METHOD__, 4);
+    $stmt = $this->mysqli->prepare("
+      SELECT ap_threshold
+      FROM " . $this->getTableName() . "
+      WHERE account_id = ? AND currency = ?
+      ");
+    if ( $this->checkStmt($stmt) && $stmt->bind_param('is', $userID, $currency) && $stmt->execute() && $result = $stmt->get_result()) {
+      if ($result->num_rows == 1) {
+        return $result->fetch_object()->ap_threshold;
+      }
+    }
+    $this->debug->append("Unable to fetch users auto payout threshold for " . $currency);
+    return $this->sqlError();
+  }
+
+
   /**
    * Check if a coin address is already set
    * @param address string Coin Address to check for
@@ -76,23 +109,24 @@ class CoinAddress extends Base {
    * Update a coin address record for a user and a currency
    * @param userID int Account ID
    * @param address string Coin Address
+   * @param ap_threshold float Threshold for auto payouts for this currency
    * @param currency string Currency short handle, defaults to config option
    * @return bool true or false
    **/
-  public function update($userID, $address, $currency=NULL) {
+  public function update($userID, $address, $ap_threshold, $currency=NULL) {
     if ($currency === NULL) $currency = $this->config['currency'];
     if ($address != $this->getCoinAddress($userID) && $this->existsCoinAddress($address)) {
       $this->setErrorMessage('Unable to update coin address, address already exists');
       return false;
     }
     if ($this->getCoinAddress($userID) != NULL) {
-      $stmt = $this->mysqli->prepare("UPDATE " . $this->getTableName() . " SET coin_address = ? WHERE account_id = ? AND currency = ?");
-      if ( $this->checkStmt($stmt) && $stmt->bind_param('sis', $address, $userID, $currency) && $stmt->execute()) {
+      $stmt = $this->mysqli->prepare("UPDATE " . $this->getTableName() . " SET coin_address = ?, ap_threshold = ? WHERE account_id = ? AND currency = ?");
+      if ( $this->checkStmt($stmt) && $stmt->bind_param('sdis', $address, $ap_threshold, $userID, $currency) && $stmt->execute()) {
         return true;
       }
     } else {
-      $stmt = $this->mysqli->prepare("INSERT INTO " . $this->getTableName() . " (coin_address, account_id, currency) VALUES (?, ?, ?)");
-      if ( $this->checkStmt($stmt) && $stmt->bind_param('sis', $address, $userID, $currency) && $stmt->execute()) {
+      $stmt = $this->mysqli->prepare("INSERT INTO " . $this->getTableName() . " (coin_address, ap_threshold, account_id, currency) VALUES (?, ?, ?, ?)");
+      if ( $this->checkStmt($stmt) && $stmt->bind_param('sdis', $address, $ap_threshold, $userID, $currency) && $stmt->execute()) {
         return true;
       }
     }
@@ -100,8 +134,7 @@ class CoinAddress extends Base {
   }
 }
 
-$coin_address = new CoinAddress();
+$coin_address = new CoinAddress($config);
 $coin_address->setDebug($debug);
-$coin_address->setConfig($config);
 $coin_address->setMysql($mysqli);
 $coin_address->setErrorCodes($aErrorCodes);

include/classes/coins/coin_base.class.php

@@ -60,7 +60,7 @@ class CoinBase extends Base {
    * according to our configuration difficulty
    **/
   public function calcEstaimtedShares($dDifficulty) {
-    return (int)round(pow(2, (32 - $this->target_bits)) * $dDifficulty, 0);
+    return (float)round(pow(2, (32 - $this->target_bits)) * $dDifficulty, $this->share_difficulty_precision);
   }
 
   /**
@@ -85,5 +85,3 @@ class CoinBase extends Base {
     }
   }
 }
-
-?>

include/classes/coins/coin_neoscrypt.class.php

@@ -0,0 +1,11 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+/**
+ * We extend our CoinBase class
+ * No need to change anything, base class supports
+ * scrypt and sha256d
+ **/
+class Coin extends CoinBase {
+  protected $target_bits = 16;
+}

include/classes/coins/coin_scrypt.class.php

@@ -9,5 +9,3 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 class Coin extends CoinBase {
   protected $target_bits = 16;
 }
-
-?>

include/classes/coins/coin_scryptn.class.php

@@ -12,5 +12,3 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 class Coin extends CoinBase {
   protected $target_bits = 16;
 }
-
-?>

include/classes/coins/coin_sha256d.class.php

@@ -10,5 +10,3 @@ class Coin extends CoinBase {
   protected $target_bits = 32;
   protected $coin_value_precision = 20;
 }
-
-?>

include/classes/coins/coin_x11.class.php

@@ -10,5 +10,3 @@ class Coin extends CoinBase {
   protected $target_bits = 24;
   protected $share_difficulty_precision = 4;
 }
-
-?>

include/classes/coins/coin_x13.class.php

@@ -0,0 +1,11 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+/**
+ * We extend our CoinBase class
+ * No need to change anything, base class supports
+ * scrypt and sha256d
+ **/
+class Coin extends CoinBase {
+  protected $target_bits = 24;
+  protected $share_difficulty_precision = 4;
+}

include/classes/coins/coin_x15.class.php

@@ -0,0 +1,11 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+/**
+ * We extend our CoinBase class
+ * No need to change anything, base class supports
+ * scrypt and sha256d
+ **/
+class Coin extends CoinBase {
+  protected $target_bits = 24;
+  protected $share_difficulty_precision = 4;
+}

include/classes/csrftoken.class.php

@@ -16,19 +16,22 @@ class CSRFToken Extends Base {
   }
   
   /**
-   * Returns +1 min and +1 hour rollovers hashes
+   * Returns +1 min up to +15 min rollovers hashes
    * @param string $user user or IP/host address
    * @param string $type page name or other unique per-page identifier
-   * @return array 1min and 1hour hashes
+   * @return array 1 minute ago up to 15 minute ago hashes
    */
+  
   public function checkAdditional($user, $type) {
     $date = date('m/d/y/H/i');
     $d = explode('/', $date);
-    // minute may have rolled over
-    $seed1 = $this->buildSeed($user.$type, $d[0], $d[1], $d[2], $d[3], ($d[4]-1));
-    // hour may have rolled over
-    $seed2 = $this->buildSeed($user.$type, $d[0], $d[1], $d[2], ($d[3]-1), 59);
-    return array($this->getHash($seed1), $this->getHash($seed2));
+    $hashes = array();
+    for ($x = 1; $x < 16; $x++){
+        for ($y = 4;$d[$y]-- == 0;$y--);
+        if ($d[4] < 0) { $d[4] = 59; }
+        $hashes[$x-1] = $this->getHash($this->buildSeed($user.$type, $d[0], $d[1], $d[2], $d[3], $d[4]));
+    }
+    return $hashes;
   }
   
   /**
@@ -104,4 +107,3 @@ $csrftoken->setUser($user);
 $csrftoken->setToken($oToken);
 $csrftoken->setConfig($config);
 $csrftoken->setErrorCodes($aErrorCodes);
-?>

include/classes/debug.class.php

@@ -111,4 +111,3 @@ class Debug {
 
 // Instantiate this class
 $debug = new Debug($log, $config['DEBUG']);
-?>

include/classes/invitation.class.php

@@ -139,4 +139,3 @@ $invitation->setUser($user);
 $invitation->setToken($oToken);
 $invitation->setConfig($config);
 $invitation->setErrorCodes($aErrorCodes);
-?>

include/classes/ipushnotification.interface.php

@@ -0,0 +1,6 @@
+<?php
+	interface IPushNotification {
+		public static function getName();
+		public static function getParameters();
+		public function notify($message, $severity, $event);
+	}

include/classes/logger.class.php

@@ -57,4 +57,3 @@ class Logger {
   }
 }
 $log = new Logger($config);
-?>

include/classes/mail.class.php

@@ -14,18 +14,10 @@ class Mail extends Base {
   **/
   public function contactform($senderName, $senderEmail, $senderSubject, $senderMessage) {
     $this->debug->append("STA " . __METHOD__, 4);
-    if (preg_match('/[^a-z_\.\!\?\-0-9\\s ]/i', $senderName)) {
-      $this->setErrorMessage($this->getErrorMsg('E0024'));
-      return false;
-    }
     if (empty($senderEmail) || !filter_var($senderEmail, FILTER_VALIDATE_EMAIL)) {
       $this->setErrorMessage($this->getErrorMsg('E0023'));
       return false;
     }
-    if (preg_match('/[^a-z_\.\!\?\-0-9\\s ]/i', $senderSubject)) {
-      $this->setErrorMessage($this->getErrorMsg('E0034'));
-      return false;
-    }
     if (strlen(strip_tags($senderMessage)) < strlen($senderMessage)) {
       $this->setErrorMessage($this->getErrorMsg('E0024'));
       return false;
@@ -117,4 +109,3 @@ $mail->setSmarty($smarty);
 $mail->setConfig($config);
 $mail->setSetting($setting);
 $mail->setErrorCodes($aErrorCodes);
-?>

include/classes/memcache_ad.class.php

@@ -81,5 +81,3 @@ class MemcacheAntiDos
     return $new;
   }
 }
-
-?>

include/classes/monitoring.class.php

@@ -12,7 +12,7 @@ class Monitoring extends Base {
   public function storeUptimeRobotStatus() {
     if ($api_keys = $this->setting->getValue('monitoring_uptimerobot_api_keys')) {
       $aJSONData = array();
-      $url = 'http://api.uptimerobot.com';
+      $url = 'https://api.uptimerobot.com';
       $aMonitors = explode(',', $api_keys);
       foreach ($aMonitors as $aData) {
         $temp = explode('|', $aData);
@@ -60,6 +60,16 @@ class Monitoring extends Base {
     return $aStatus['value'];
   }
 
+  /**
+   * Get the timestamp that last time a cronjob started
+   * @param name string Cronjob name
+   * @return int unix timestamp of last time the cronjob started
+   **/
+  public function getLastCronStarted($name) {
+    $aStatus = $this->getStatus($name . '_starttime');
+    return $aStatus['value'];
+  }
+
   /**
    * Fetch a value from our table
    * @param name string Setting name
@@ -131,7 +141,7 @@ class Monitoring extends Base {
         $this->setErrorMessage('Failed to send mail notification');
     }
     if ($fatal) {
-      if ($exitCode != 0) $this->setStatus($cron_name . "_disabled", "yesno", 1);
+      if ($exitCode == 1) $this->setStatus($cron_name . "_disabled", "yesno", 1);
       exit($exitCode);
     }
   }

include/classes/mysqlims.class.php

@@ -0,0 +1,91 @@
+<?php
+/*
+ * This class will run queries on master/slave servers depending on the query itself.
+ */
+class mysqlims extends mysqli
+{
+    private $mysqliW;
+    private $mysqliR = null;
+    private $slave = false;
+    public $lastused = null;
+    
+    /*
+     * Pass main and slave connection arrays to the constructor, and strict as true/false
+     *
+     * @param array $main
+     * @param array $slave
+     * @param boolean $strict
+     *
+     * @return void
+     */
+    public function __construct($main, $slave = false, $strict = false)
+    {
+        if ($strict) {
+            $this->mysqliW = new mysqli_strict($main['host'],
+                $main['user'], $main['pass'],
+                $main['name'], $main['port']);
+            if ($slave && is_array($slave) && isset($slave['enabled']) && $slave['enabled']
+                === true) {
+                $this->mysqliR = new mysqli_strict($slave['host'],
+                    $slave['user'], $slave['pass'],
+                    $slave['name'], $slave['port']);
+                $this->slave = true;
+            }
+        } else {
+            $this->mysqliW = new mysqli($main['host'],
+                $main['user'], $main['pass'],
+                $main['name'], $main['port']);
+            if ($slave && is_array($slave) && isset($slave['enabled']) && $slave['enabled']
+                === true) {
+                $this->mysqliR = new mysqli($slave['host'],
+                    $slave['user'], $slave['pass'],
+                    $slave['name'], $slave['port']);
+                $this->slave = true;
+            }
+        }
+
+        if ($this->mysqliW->connect_errno) {
+            throw new Exception("Failed to connect to MySQL: (".$this->mysqliW->connect_errno.") ".$this->mysqliW->connect_error);
+        }
+
+        if ($this->slave === true && $this->mysqliR->connect_errno) {
+            throw new Exception("Failed to connect to MySQL: (".$this->mysqliR->connect_errno.") ".$this->mysqliR->connect_error);
+        }
+    }
+
+    /*
+     * Override standard mysqli_prepare to select master/slave server
+     * @param $string query
+     *
+     * @return mysqli_stmt
+     */
+    public function prepare($query)
+    {
+        if (stripos($query, "SELECT") && stripos($query, "FOR UPDATE") === false && stripos($query, "INSERT") === false  && $this->slave !== false) {
+            $this->lastused = $this->mysqliR;
+            return $this->mysqliR->prepare($query);
+        } else {
+            $this->lastused = $this->mysqliW;
+            return $this->mysqliW->prepare($query);
+        }
+    }
+
+    /*
+     * Override standard mysqli_query to select master/slave server
+     * @param string $query
+     * @param int $resultmode
+     *
+     * @return boolean
+     * @return mixed
+     */
+    public function query($query, $resultmode = MYSQLI_STORE_RESULT)
+    {
+        if (stripos($query, "SELECT") && stripos($query, "FOR UPDATE") === false && stripos($query, "INSERT") === false && $this->slave !== false) {/* Use readonly server */
+            $this->lastused = $this->mysqliR;
+            return $this->mysqliR->query($query, $resultmode);
+        } else {
+            $this->lastused = $this->mysqliW;
+            return $this->mysqliW->query($query, $resultmode);
+        }
+    }
+}

include/classes/news.class.php

@@ -4,6 +4,17 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 class News extends Base {
   protected $table = 'news';
 
+  /**
+   * We allow changing the database for shared accounts across pools
+   * Load the config on construct so we can assign the DB name
+   * @param config array MPOS configuration
+   * @return none
+   **/
+  public function __construct($config) {
+    $this->setConfig($config);
+    $this->table = $this->config['db']['shared']['news'] . '.' . $this->table;
+  }
+
   /**
    * Get activation status of post
    * @param id int News ID
@@ -96,9 +107,8 @@ class News extends Base {
   }
 }
 
-$news = new News();
+$news = new News($config);
 $news->setDebug($debug);
 $news->setMysql($mysqli);
 $news->setUser($user);
 $news->setErrorCodes($aErrorCodes);
-?>

include/classes/notification.class.php

@@ -22,8 +22,10 @@ class Notification extends Mail {
     $this->debug->append("STA " . __METHOD__, 4);
     $data = json_encode($aData);
     $stmt = $this->mysqli->prepare("SELECT id FROM $this->table WHERE data = ? AND active = 1 LIMIT 1");
-    if ($stmt && $stmt->bind_param('s', $data) && $stmt->execute() && $stmt->store_result() && $stmt->num_rows == 1)
-      return true;
+    if ($stmt && $stmt->bind_param('s', $data) && $stmt->execute() && $stmt->store_result() && $stmt->num_rows == 1) {
+        return true;
+    }
+    
     return $this->sqlError('E0041');
   }
 
@@ -105,8 +107,9 @@ class Notification extends Mail {
    **/
   public function getNotificationAccountIdByType($strType) {
     $this->debug->append("STA " . __METHOD__, 4);
-    $stmt = $this->mysqli->prepare("SELECT account_id FROM $this->tableSettings WHERE type = ? AND active = 1");
-    if ($stmt && $stmt->bind_param('s', $strType) && $stmt->execute() && $result = $stmt->get_result()) {
+    $stmt = $this->mysqli->prepare("SELECT account_id FROM $this->tableSettings WHERE type IN (?, ?) AND active = 1 GROUP BY account_id");
+    $notStrType = substr('push_'.$strType, 0, 15);
+    if ($stmt && $stmt->bind_param('ss', $strType, $notStrType) && $stmt->execute() && $result = $stmt->get_result()) {
       return $result->fetch_all(MYSQLI_ASSOC);
     }
     return $this->sqlError('E0046');
@@ -149,14 +152,28 @@ class Notification extends Mail {
       return false;
     }
     // Check if this user wants strType notifications
-    $stmt = $this->mysqli->prepare("SELECT account_id FROM $this->tableSettings WHERE type = ? AND active = 1 AND account_id = ?");
-    if ($stmt && $stmt->bind_param('si', $strType, $account_id) && $stmt->execute() && $stmt->bind_result($id) && $stmt->fetch()) {
-      if ($stmt->close() && $this->sendMail('notifications/' . $strType, $aMailData) && $this->addNotification($account_id, $strType, $aMailData)) {
-        return true;
-      } else {
-        $this->setErrorMessage('SendMail call failed: ' . $this->getError());
-        return false;
-      }
+    $stmt = $this->mysqli->prepare("SELECT type FROM $this->tableSettings WHERE type IN (?, ?) AND active = 1 AND account_id = ?");
+    $notStrType = substr('push_'.$strType, 0, 15);
+    if ($stmt && $stmt->bind_param('ssi', $strType, $notStrType, $account_id) && $stmt->execute() && $result = $stmt->get_result()) {
+    	$types = array_map(function($a){ return reset($a);}, $result->fetch_all(MYSQLI_ASSOC));
+    	$stmt->close();
+    	$result = true;
+    	foreach ($types as $type){
+    	  if (strpos($type, 'push_') === 0){
+    		if (PushNotification::Instance() instanceof PushNotification){
+    			$result &= PushNotification::Instance()->sendNotification($account_id, $strType, $aMailData); 
+    		}
+    	  } else {
+    		$result &= $this->sendMail('notifications/' . $strType, $aMailData); 
+    	  }
+    	}
+    	if ($result){
+    		$this->addNotification($account_id, $strType, $aMailData);
+    		return true;
+    	} else {
+          $this->setErrorMessage('SendMail call failed: ' . $this->getError());
+          return false;
+        }
     } else {
       $this->setErrorMessage('User disabled ' . $strType . ' notifications');
       return true;
@@ -173,7 +190,7 @@ class Notification extends Mail {
   public function cleanupNotifications($days=7) {
     $failed = 0;
     $this->deleted = 0;
-    $stmt = $this->mysqli->prepare("DELETE FROM $this->table WHERE time < (NOW() - ? * 24 * 60 * 60)");
+    $stmt = $this->mysqli->prepare("DELETE FROM $this->table WHERE time < (NOW() - INTERVAL ? DAY)");
     if (! ($this->checkStmt($stmt) && $stmt->bind_param('i', $days) && $stmt->execute())) {
       $failed++;
     } else {
@@ -195,4 +212,3 @@ $notification->setSmarty($smarty);
 $notification->setConfig($config);
 $notification->setSetting($setting);
 $notification->setErrorCodes($aErrorCodes);
-?>

include/classes/payout.class.php

@@ -67,5 +67,3 @@ $oPayout->setMysql($mysqli);
 $oPayout->setConfig($config);
 $oPayout->setToken($oToken);
 $oPayout->setErrorCodes($aErrorCodes);
-
-?>

include/classes/push_notification/notifymyandroid.php

@@ -0,0 +1,42 @@
+<?php
+class Notifications_NotifyMyAndroid implements IPushNotification {
+    
+    private $apiKey;
+    public function __construct($apikey){
+        $this->apiKey = $apikey;
+    }
+    
+    static $priorities = array(
+        0 => 'info',
+        2 => 'error',
+    );
+    
+    public static function getName(){
+        return  "notifymyandroid.com";
+    }
+    
+    public static function getParameters(){
+        return array(
+            'apikey' => 'API key',
+        );
+    }
+    
+    public function notify($message, $severity = 'info', $event = null){
+        global $setting;
+        curl_setopt_array($ch = curl_init(), array(
+            CURLOPT_URL => "https://www.notifymyandroid.com/publicapi/notify",
+            CURLOPT_POST => true,
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_POSTFIELDS => http_build_query($data = array(
+                "apikey" => $this->apiKey,
+                "application" => $setting->getValue('website_title')?:"PHP-MPOS",
+                "description" => $message,
+                "content-type" => "text/html",
+                "event" => $event,
+                "priority" => array_search($severity, self::$priorities),
+            )),
+        ));
+        curl_exec($ch);
+        curl_close($ch);
+    }
+}

include/classes/push_notification/pushover.php

@@ -0,0 +1,46 @@
+<?php
+	class Notifications_Pushover implements IPushNotification {
+		
+		private $token;
+		private $user;
+		public function __construct($token, $user){
+			$this->token = $token;
+			$this->user = $user;
+		}
+		
+		static $priorities = array(
+			0 => 'info',
+			1 => 'warning',
+			2 => 'error',
+		);
+		
+		public static function getName(){
+			return  "pushover.net";
+		}
+		
+		public static function getParameters(){
+			return array(
+				'token' => 'API Token/Key',
+				'user' => 'Your User Key',
+			);
+		}
+		
+		public function notify($message, $severity = 'info', $event = null){
+			curl_setopt_array($ch = curl_init(), array(
+				CURLOPT_URL => "https://api.pushover.net/1/messages.json",
+				CURLOPT_POST => true,
+				CURLOPT_RETURNTRANSFER => true,
+				CURLOPT_POSTFIELDS => http_build_query($data = array(
+					"token" => $this->token,
+					"user" => $this->user,
+					"message" => $code = strip_tags(preg_replace('/<([\/]?)span[^>]*>/i', '<\1b>', $message), "<b><i><u><a><font><p><br>"),
+					"title" => strip_tags($event),
+					"priority" => (int)array_search($severity, self::$priorities),
+					"timestamp" => time(),
+					"html" => preg_match('/<[^>]+>/', $code),
+				)),
+			));
+			curl_exec($ch);
+			curl_close($ch);
+		}
+	}

include/classes/pushnotification.class.php

@@ -0,0 +1,171 @@
+<?php
+	$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+	class PushNotification extends Base {
+		var $tableSettings = 'push_notification_settings';
+		
+		private static function getClassesInFile($file){
+			$classes = array();
+			$tokens = token_get_all(file_get_contents($file));
+			$count = count($tokens);
+			for ($i = 2; $i < $count; $i++) {
+				if ($tokens[$i - 2][0] == T_CLASS && $tokens[$i - 1][0] == T_WHITESPACE && $tokens[$i][0] == T_STRING) {
+					$class_name = $tokens[$i][1];
+					$classes[] = $class_name;
+				}
+			}
+			return $classes;
+		}
+		
+		private static $classes = null;
+		public function getClasses(){
+			if (self::$classes === null){
+				$directory = new DirectoryIterator(__DIR__.'/push_notification');
+				foreach ($directory as $fileInfo) {
+					if (($fileInfo->getExtension() != 'php') || $fileInfo->isDot()) {
+						continue;
+					}
+					foreach (self::getClassesInFile($fileInfo->getRealPath()) as $class){
+						if (!class_exists($class)){
+							include $fileInfo->getRealPath();
+						}
+						$cr = new ReflectionClass($class);
+						if ($cr->isSubclassOf('IPushNotification')){
+							self::$classes[$class] = array($fileInfo->getFilename(), $cr->getMethod('getName')->invoke(null), $cr->getMethod('getParameters')->invoke(null));
+						}
+					}
+				}
+			}
+			return self::$classes;
+		}
+		
+		public function getClassesForSmarty(){
+			$c = $this->getClasses();
+			return array_map(function($a, $b){
+				return array(
+					'class' => $b,
+					'file' => $a[0],
+					'name' => $a[1],
+					'parameters' => $a[2],
+				);
+			}, $c, array_keys($c));
+		}
+		
+		/**
+		 * @param string|array $notificator
+		 * @param array $data
+		 * @return IPushNotification|bool
+		 */
+		public function getNotificatorInstance($notificator, $data){
+			$class = null;
+			$file = null;
+			
+			if (is_array($notificator)){
+				if (count($notificator) == 2){
+					list($class, $file) = $notificator;
+				} else {
+					$class = reset($notificator);
+				}
+			} else {
+				$class = $notificator;
+			}
+			
+			if (!class_exists($class)){
+				if ($file === null){
+					foreach (self::getClasses() as $_class => $_info){
+						if ($_class == $class){
+							$file = $_info[0];
+							break;
+						}
+					}
+				} else {
+					include __DIR__.'/push_notification/'.$file;
+				}
+				if (!class_exists($class)){
+					return false;
+				}
+			}
+			$cr = new ReflectionClass($class);
+			$constructor = $cr->getConstructor();
+			$constructorParameters = array();
+			foreach (array_map(function($a){ return $a->getName();}, $constructor->getParameters()) as $param){
+				$constructorParameters[] = array_key_exists($param, $data)?$data[$param]:null;
+			}
+			$instance = $cr->newInstanceArgs($constructorParameters);
+			return $instance;
+		}
+		
+		/**
+		 * Update accounts push notification settings
+		 * @param account_id int Account ID
+		 * @param data array Data array
+		 * @return bool
+		 **/
+		public function updateSettings($account_id, $data) {
+			UserSettings::construct($account_id)->PushNotifications = $data;
+			return true;
+		}
+		
+		/**
+		 * Fetch notification settings for user account
+		 * @param id int Account ID
+		 * @return array Notification settings
+		 **/
+		public function getNotificationSettings($account_id) {
+			if ($settings = UserSettings::construct($account_id)->PushNotifications){
+				return $settings;
+			}
+			return array(
+				'class' => false,
+				'params' => null,
+				'file' => null,
+			);
+		}
+		
+		private static $instance = null;
+		/**
+		 * @param PushNotification $instance
+		 */
+		public static function Instance($instance = null){
+			if (func_num_args() == 0){
+				return self::$instance;
+			}
+			return self::$instance = $instance;
+		}
+		
+		public function sendNotification($account_id, $template, $aData){
+			$settings = $this->getNotificationSettings($account_id);
+			if ($settings['class']){
+				$instance = $this->getNotificatorInstance(array($settings['class'], $settings['file']), $settings['params']);
+				if ($instance){
+					$this->smarty->assign('WEBSITENAME', $this->setting->getValue('website_name'));
+					$this->smarty->assign('SUBJECT', $aData['subject']);
+					$this->smarty->assign('DATA', $aData);
+						
+					$message = false;
+					foreach (array('/mail/push_notifications/', '/mail/notifications/') as $dir){
+						$this->smarty->clearCache($templateFile = TEMPLATE_DIR.$dir.$template.'.tpl');
+						try {
+							$message = $this->smarty->fetch($templateFile);
+							break;
+						} catch (SmartyException $e){
+							
+						}
+					}
+					if ($message){
+						$instance->notify($message, 'info', $aData['subject']);
+					}
+				}
+			}
+			return true;
+		}
+	}
+	
+	$pushnotification = PushNotification::Instance(new PushNotification());
+	$pushnotification->setDebug($debug);
+	$pushnotification->setLog($log);
+	$pushnotification->setMysql($mysqli);
+	$pushnotification->setSmarty($smarty);
+	$pushnotification->setConfig($config);
+	$pushnotification->setSetting($setting);
+	$pushnotification->setErrorCodes($aErrorCodes);

include/classes/roundstats.class.php

@@ -2,11 +2,6 @@
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 class RoundStats extends Base {
-  private $tableTrans = 'transactions';
-  private $tableStats = 'statistics_shares';
-  private $tableBlocks = 'blocks';
-  private $tableUsers = 'accounts';
-
   /**
    * Get next block for round stats
    **/
@@ -79,7 +74,7 @@ class RoundStats extends Base {
       b.id, height, blockhash, amount, confirmations, difficulty, FROM_UNIXTIME(time) as time, shares,
       IF(a.is_anonymous, 'anonymous', a.username) AS finder,
       ROUND(difficulty * POW(2, 32 - " . $this->coin->getTargetBits() . "), 0) AS estshares,
-      (time - (SELECT time FROM $this->tableBlocks WHERE height < ? ORDER BY height DESC LIMIT 1)) AS round_time
+      (time - (SELECT time FROM " . $this->block->getTableName() . " WHERE height < ? ORDER BY height DESC LIMIT 1)) AS round_time
       FROM " . $this->block->getTableName() . " as b
       LEFT JOIN " . $this->user->getTableName() . " AS a ON b.account_id = a.id
       WHERE b.height = ? LIMIT 1");

include/classes/statistics.class.php

@@ -111,7 +111,7 @@ class Statistics extends Base {
         b.*,
         a.username AS finder,
         a.is_anonymous AS is_anonymous,
-        ROUND(difficulty * POW(2, 32 - " . $this->coin->getTargetBits() . "), 0) AS estshares
+        ROUND(difficulty * POW(2, 32 - " . $this->coin->getTargetBits() . "), " . $this->coin->getShareDifficultyPrecision() . ") AS estshares
       FROM " . $this->block->getTableName() . " AS b
       LEFT JOIN " . $this->user->getTableName() . " AS a
       ON b.account_id = a.id
@@ -203,7 +203,7 @@ class Statistics extends Base {
   public function updateShareStatistics($aStats, $iBlockId) {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, valid, invalid, block_id) VALUES (?, ?, ?, ?)");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('iiii', $aStats['id'], $aStats['valid'], $aStats['invalid'], $iBlockId) && $stmt->execute()) return true;
+    if ($this->checkStmt($stmt) && $stmt->bind_param('iddi', $aStats['id'], $aStats['valid'], $aStats['invalid'], $iBlockId) && $stmt->execute()) return true;
     return $this->sqlError();
   }
 
@@ -213,7 +213,7 @@ class Statistics extends Base {
   public function insertPPLNSStatistics($aStats, $iBlockId) {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, valid, invalid, pplns_valid, pplns_invalid, block_id) VALUES (?, ?, ?, ?, ?, ?)");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiiii', $aStats['id'], $aStats['valid'], $aStats['invalid'], $aStats['pplns_valid'], $aStats['pplns_invalid'], $iBlockId) && $stmt->execute()) return true;
+    if ($this->checkStmt($stmt) && $stmt->bind_param('iddddi', $aStats['id'], $aStats['valid'], $aStats['invalid'], $aStats['pplns_valid'], $aStats['pplns_invalid'], $iBlockId) && $stmt->execute()) return true;
     return $this->sqlError();
   }
 
@@ -261,12 +261,12 @@ class Statistics extends Base {
       SELECT
       (
         (
-          SELECT ROUND(SUM(difficulty) / ?, 2) AS sharerate
+          SELECT ROUND(SUM(difficulty) / ?, " . $this->coin->getShareDifficultyPrecision() . ") AS sharerate
           FROM " . $this->share->getTableName() . "
           WHERE time > DATE_SUB(now(), INTERVAL ? SECOND)
           AND our_result = 'Y'
         ) + (
-          SELECT ROUND(SUM(difficulty) / ?, 2) AS sharerate
+          SELECT ROUND(SUM(difficulty) / ?, " . $this->coin->getShareDifficultyPrecision() . ") AS sharerate
           FROM " . $this->share->getArchiveTableName() . "
           WHERE time > DATE_SUB(now(), INTERVAL ? SECOND)
           AND our_result = 'Y'
@@ -470,7 +470,7 @@ class Statistics extends Base {
         a.username AS account,
         COUNT(DISTINCT t1.username) AS workers,
         IFNULL(SUM(t1.difficulty), 0) AS shares,
-        ROUND(SUM(t1.difficulty) / ?, 2) AS sharerate,
+        ROUND(SUM(t1.difficulty) / ?, " . $this->coin->getShareDifficultyPrecision() . ") AS sharerate,
         IFNULL(AVG(IF(difficulty=0, pow(2, (" . $this->config['difficulty'] . " - 16)), difficulty)), 0) AS avgsharediff
       FROM (
         SELECT
@@ -927,4 +927,3 @@ $statistics->setConfig($config);
 $statistics->setBitcoin($bitcoin);
 $statistics->setErrorCodes($aErrorCodes);
 $statistics->setCoin($coin);
-?>

include/classes/strict.class.php

@@ -35,5 +35,3 @@ class mysqli_strict extends mysqli {
     }
   }
 }
-
-?>

include/classes/template.class.php

@@ -79,7 +79,7 @@ class Template extends Base {
     }
 
     $this->setErrorMessage('Failed to get active templates');
-    $this->debug->append('Template::getActiveTemplates failed: ' . $this->mysqli->error);
+    $this->debug->append('Template::getActiveTemplates failed: ' . $this->mysqli->lastused->error);
     return false;
   }
 
@@ -172,7 +172,7 @@ class Template extends Base {
       return $result->fetch_assoc();
 
     $this->setErrorMessage('Failed to get the template');
-    $this->debug->append('Template::getEntry failed: ' . $this->mysqli->error);
+    $this->debug->append('Template::getEntry failed: ' . $this->mysqli->lastused->error);
     return false;
   }
 
@@ -206,7 +206,7 @@ class Template extends Base {
       return true;
 
     $this->setErrorMessage('Database error');
-    $this->debug->append('Template::updateEntry failed: ' . $this->mysqli->error);
+    $this->debug->append('Template::updateEntry failed: ' . $this->mysqli->lastused->error);
     return false;
   }
 }

include/classes/tools.class.php

@@ -44,9 +44,13 @@ class Tools extends Base {
       curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
       curl_setopt($ch, CURLOPT_TIMEOUT, 30);
       curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+      curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
       curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; PHP client; '.php_uname('s').'; PHP/'.phpversion().')');
     }
-    curl_setopt($ch, CURLOPT_URL, $url . $target);
+    
+    $url = rtrim($url, '/');
+    $target = ltrim($target, '/');
+    curl_setopt($ch, CURLOPT_URL, $url . '/' . $target);
     // curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
 
     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
@@ -72,17 +76,31 @@ class Tools extends Base {
    **/
   private function getApiType($url) {
     if (preg_match('/coinchoose.com/', $url)) {
-      return 'coinchose';
-    } else if (preg_match('/btc-e.com/', $url)) {
+      return 'coinchoose';
+    } else if (preg_match('/btc-e.nz/', $url)) {
       return 'btce';
-    } else if (preg_match('/cryptsy.com/', $url)) {
-      return 'cryptsy';
+    } else if (preg_match('/cryptopia.co.nz/', $url)) {
+     return 'cryptopia';
     } else if (preg_match('/cryptorush.in/', $url)) {
       return 'cryptorush';
     } else if (preg_match('/mintpal.com/', $url)) {
       return 'mintpal';
+    } else if (preg_match('/c-cex.com/', $url)) {
+      return 'c-cex';
     } else if (preg_match('/bittrex.com/', $url)) {
       return 'bittrex';
+    } else if (preg_match('/crypto-bridge.org/', $url)) {
+      return 'cryptobridge';
+    } else if (preg_match('/yobit.net/', $url)) {
+      return 'yobit';
+    } else if (preg_match('/binance.com/', $url)) {
+      return 'binance';
+    } else if (preg_match('/southxchange.com/', $url)) {
+      return 'southxchange';
+    } else if (preg_match('/mercatox.com/', $url)) {
+      return 'mercatox';
+    } else if (preg_match('/tradeogre.com/', $url)) {
+      return 'tradeogre';
     }
     $this->setErrorMessage("API URL unknown");
     return false;
@@ -93,34 +111,58 @@ class Tools extends Base {
    **/
   public function getPrice() {
     $aData = $this->getApi($this->config['price']['url'], $this->config['price']['target']);
-    $strCurrency = $this->config['currency'];
+    $strBase = $this->config['currency'];
+    $strQuote = $this->config['price']['currency'];
     // Check the API type for configured URL
     if (!$strApiType = $this->getApiType($this->config['price']['url']))
       return false;
     // if api data is valid, extract price depending on API type
     if (is_array($aData)) {
       switch ($strApiType) {
-      	case 'coinchose':
+      	case 'coinchoose':
       	  foreach ($aData as $aItem) {
-      	    if($strCurrency == $aItem[0])
+      	    if($strBase == $aItem[0])
       	      return $aItem['price'];
       	  }
       	  break;
       	case 'btce':
       	  return $aData['ticker']['last'];
       	  break;
-      	case 'cryptsy':
-      	  return @$aData['return']['markets'][$strCurrency]['lasttradeprice'];
+        case 'cryptopia':
+      	  return @$aData['Data']['LastPrice'];
       	  break;
       	case 'cryptorush':
-      	  return @$aData["$strCurrency/" . $this->config['price']['currency']]['last_trade'];
+      	  return @$aData["{$strBase}/{$strQuote}"]['last_trade'];
       	  break;
       	case 'mintpal':
       	  return @$aData['0']['last_price'];
       	  break;
-      	  case 'bittrex':
+        case 'c-cex':
+          return @$aData['ticker']['lastprice'];
+          break;
+      	case 'bittrex':
       	  return @$aData['result']['Last'];
       	  break;
+        case 'cryptobridge':
+          foreach ($aData as $aItem) {
+            if("{$strBase}_{$strQuote}" == $aItem['id'])
+              return $aItem['last'];
+          }
+        case 'yobit':
+          return @$aData[strtolower($strBase) . "_" . strtolower($strQuote)]['last'];
+          break;
+        case 'binance':
+          return @$aData['price'];
+          break;
+        case 'southxchange':
+          return @$aData['Last'];
+          break;
+        case 'mercatox':
+          return @$aData['pairs']["{$strBase}_{$strQuote}"]['last'];
+          break;
+        case 'tradeogre':
+          return @$aData['price'];
+          break;
       }
     } else {
       $this->setErrorMessage("Got an invalid response from ticker API");

include/classes/transaction.class.php

@@ -355,7 +355,7 @@ class Transaction extends Base {
       SELECT
         a.id,
         a.username,
-        a.ap_threshold,
+        ca.ap_threshold,
         ca.coin_address,
         IFNULL(
             (
@@ -371,9 +371,9 @@ class Transaction extends Base {
       ON t.account_id = a.id
       LEFT JOIN " . $this->coin_address->getTableName() . " AS ca
       ON ca.account_id = a.id
-      WHERE t.archived = 0 AND a.ap_threshold > 0 AND ca.coin_address IS NOT NULL AND ca.coin_address != '' AND ca.currency = ?
+      WHERE t.archived = 0 AND ca.ap_threshold > 0 AND ca.coin_address IS NOT NULL AND ca.coin_address != '' AND ca.currency = ?
       GROUP BY t.account_id
-      HAVING confirmed > a.ap_threshold AND confirmed > " . $this->config['txfee_auto'] . "
+      HAVING confirmed > ca.ap_threshold AND confirmed > " . $this->config['txfee_auto'] . "
       LIMIT ?");
     if ($this->checkStmt($stmt) && $stmt->bind_param('si', $this->config['currency'], $limit) && $stmt->execute() && $result = $stmt->get_result())
       return $result->fetch_all(MYSQLI_ASSOC);
@@ -430,6 +430,7 @@ class Transaction extends Base {
     $aMailData['email'] = $this->user->getUserEmailById($account_id);
     $aMailData['subject'] = $type . ' Completed';
     $aMailData['amount'] = $amount;
+    $aMailData['currency'] = $this->config['currency'];
     if (!$this->notification->sendNotification($account_id, 'payout', $aMailData)) {
       $this->setErrorMessage('Failed to send notification email to users address: ' . $aMailData['email'] . 'ERROR: ' . $this->notification->getCronError());
     }
@@ -446,7 +447,7 @@ class Transaction extends Base {
       SELECT
       a.id,
       a.username,
-      a.ap_threshold,
+      ca.ap_threshold,
       ca.coin_address,
       p.id AS payout_id,
       IFNULL(
@@ -488,4 +489,3 @@ $transaction->setBlock($block);
 $transaction->setUser($user);
 $transaction->setPayout($oPayout);
 $transaction->setErrorCodes($aErrorCodes);
-?>

include/classes/user.class.php

@@ -6,6 +6,17 @@ class User extends Base {
   private $userID = false;
   private $user = array();
 
+  /**
+   * We allow changing the database for shared accounts across pools
+   * Load the config on construct so we can assign the DB name
+   * @param config array MPOS configuration
+   * @return none
+   **/
+  public function __construct($config) {
+    $this->setConfig($config);
+    $this->table = $this->config['db']['shared']['accounts'] . '.' . $this->table;
+  }
+
   // get and set methods
   private function getHash($string, $version=0, $pepper='') {
     switch($version) {
@@ -20,6 +31,9 @@ class User extends Base {
   public function getUserName($id) {
     return $this->getSingle($id, 'username', 'id');
   }
+  public function getUserNameAnon($id) {
+    return $this->getSingle($id, 'is_anonymous', 'id');
+  }
   public function getUserNameByEmail($email) {
     return $this->getSingle($email, 'username', 'email', 's');
   }
@@ -175,7 +189,7 @@ class User extends Base {
       return $result->fetch_all(MYSQLI_ASSOC);
     }
   }
-  
+
   /**
    * Check user login
    * @param username string Username
@@ -230,7 +244,7 @@ class User extends Base {
         $notifs->setSetting($this->setting);
         $notifs->setErrorCodes($this->aErrorCodes);
         $ndata = $notifs->getNotificationSettings($uid);
-        if (@$ndata['success_login'] == 1) {
+        if ((array_key_exists('push_success_lo', $ndata) && $ndata['push_success_lo']) || (array_key_exists('success_login', $ndata) && $ndata['success_login'])){
           // seems to be active, let's send it
           $aDataN['username'] = $username;
           $aDataN['email'] = $this->getUserEmail($username);
@@ -278,6 +292,7 @@ class User extends Base {
     count($aPin) == 1 ? $pin_hash = $this->getHash($pin, 0) : $pin_hash = $this->getHash($pin, $aPin[1], $aPin[2]);
     $stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id = ? AND pin = ? LIMIT 1");
     if ($stmt->bind_param('is', $userId, $pin_hash) && $stmt->execute() && $stmt->bind_result($row_pin) && $stmt->fetch()) {
+      $stmt->close();
       $this->setUserPinFailed($userId, 0);
       return ($pin_hash === $row_pin);
     }
@@ -340,11 +355,11 @@ class User extends Base {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("
       SELECT
-        a.id, a.username, ca.coin_address AS coin_address, a.ap_threshold
+        a.id, a.username, ca.coin_address AS coin_address, ca.ap_threshold
       FROM " . $this->getTableName() . " AS a
       LEFT JOIN " . $this->coin_address->getTableName() . " AS ca
       ON a.id = ca.account_id
-      WHERE ap_threshold > 0 AND ca.currency = ?
+      WHERE ca.ap_threshold > 0 AND ca.currency = ?
       AND ca.coin_address IS NOT NULL
       ");
     if ( $this->checkStmt($stmt) && $stmt->bind_param('s', $this->config['currency']) && $stmt->execute() && $result = $stmt->get_result()) {
@@ -544,12 +559,12 @@ class User extends Base {
     if ($email == 'hidden' || $email == NULL)
       $email = $this->getUserEmailById($userID);
     // We passed all validation checks so update the account
-    $stmt = $this->mysqli->prepare("UPDATE $this->table SET ap_threshold = ?, donate_percent = ?, email = ?, timezone = ?, is_anonymous = ? WHERE id = ?");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('ddssii', $threshold, $donate, $email, $timezone, $is_anonymous, $userID) && $stmt->execute()) {
+    $stmt = $this->mysqli->prepare("UPDATE $this->table SET donate_percent = ?, email = ?, timezone = ?, is_anonymous = ? WHERE id = ?");
+    if ($this->checkStmt($stmt) && $stmt->bind_param('dssii', $donate, $email, $timezone, $is_anonymous, $userID) && $stmt->execute()) {
       $this->log->log("info", $this->getUserName($userID)." updated their account details");
-      // Update coin address too
+      // Update coin address and ap_threshold if coin_address is set
       if ($address) {
-        if ($this->coin_address->update($userID, $address)) {
+        if ($this->coin_address->update($userID, $address, $threshold)) {
           return true;
         }
       } else {
@@ -560,7 +575,7 @@ class User extends Base {
     }
     // Catchall
     $this->setErrorMessage('Failed to update your account');
-    $this->debug->append('Account update failed: ' . $this->mysqli->error);
+    $this->debug->append('Account update failed: ' . $this->mysqli->lastused->error);
     return false;
   }
 
@@ -652,7 +667,7 @@ class User extends Base {
     // Enforce a page reload and point towards login with referrer included, if supplied
     $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
     $pushto = $_SERVER['SCRIPT_NAME'].'?page=login';
-    $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto;
+    $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto;
     if (!headers_sent()) header('Location: ' . $location);
     exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');
   }
@@ -698,12 +713,14 @@ class User extends Base {
     $stmt = $this->mysqli->prepare("
       SELECT
       id AS id, username, pin, api_key, is_admin, is_anonymous, email, timezone, no_fees,
-      IFNULL(donate_percent, '0') as donate_percent, ap_threshold
+      IFNULL(donate_percent, '0') as donate_percent
       FROM " . $this->getTableName() . "
       WHERE id = ? LIMIT 0,1");
     if ($this->checkStmt($stmt) && $stmt->bind_param('i', $userID) && $stmt->execute() && $result = $stmt->get_result()) {
       $aData = $result->fetch_assoc();
       $aData['coin_address'] = $this->coin_address->getCoinAddress($userID);
+      if (! $aData['ap_threshold'] = $this->coin_address->getAPThreshold($userID))
+        $aData['ap_threshold'] = 0;
       $stmt->close();
       return $aData;
     }
@@ -815,7 +832,7 @@ class User extends Base {
     $signup_time = time();
 
     if ($this->checkStmt($stmt) && $stmt->bind_param('sssissi', $username_clean, $password_hash, $email1, $signup_time, $pin_hash, $apikey_hash, $is_locked) && $stmt->execute()) {
-      $new_account_id = $this->mysqli->insert_id;
+      $new_account_id = $this->mysqli->lastused->insert_id;
       if (!is_null($coinaddress)) $this->coin_address->add($new_account_id, $coinaddress);
       if (! $this->setting->getValue('accounts_confirm_email_disabled') && $is_admin != 1) {
         if ($token = $this->token->createToken('confirm_email', $stmt->insert_id)) {
@@ -838,8 +855,8 @@ class User extends Base {
       }
     } else {
       $this->setErrorMessage( 'Unable to register' );
-      $this->debug->append('Failed to insert user into DB: ' . $this->mysqli->error);
-      echo $this->mysqli->error;
+      $this->debug->append('Failed to insert user into DB: ' . $this->mysqli->lastused->error);
+      echo $this->mysqli->lastused->error;
       if ($stmt->sqlstate == '23000') $this->setErrorMessage( 'Username or email already registered' );
       return false;
     }
@@ -878,7 +895,7 @@ class User extends Base {
     } else {
       $this->setErrorMessage('Invalid token: ' . $this->token->getError());
     }
-    $this->debug->append('Failed to update password:' . $this->mysqli->error);
+    $this->debug->append('Failed to update password:' . $this->mysqli->lastused->error);
     return false;
   }
 
@@ -983,13 +1000,12 @@ public function isAuthenticated($logout=true) {
 }
 
 // Make our class available automatically
-$user = new User();
+$user = new User($config);
 $user->setDebug($debug);
 $user->setLog($log);
 $user->setMysql($mysqli);
 $user->setSalt($config['SALT']);
 $user->setSmarty($smarty);
-$user->setConfig($config);
 $user->setMail($mail);
 $user->setToken($oToken);
 $user->setBitcoin($bitcoin);

include/classes/usersettings.class.php

@@ -0,0 +1,101 @@
+<?php
+	$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+	
+	class UserSettings extends Base {
+		protected $table = 'user_settings';
+		
+		private $__cache = array();
+		protected $account_id = null;
+		private $__lazyWrite;
+		
+		public function __construct($account_id, $lazy_write = true){
+			$this->account_id = $account_id;
+			$this->__lazyWrite = $lazy_write;
+			if (is_callable(self::$__setup_callbacks)){
+				call_user_func(self::$__setup_callbacks, $this);			
+			}
+		}
+		
+		private static $__GetSTMT = null;
+		private static $__SetSTMT = null;
+		
+		public function __destruct(){
+			if ($this->__lazyWrite){
+				foreach ($this->__cache as $name=>$value){
+					$this->_storeValue($name, $value);
+				}
+			}
+		}
+		
+		private function _storeValue($name, $value){
+			if (empty(self::$__SetSTMT)){
+				self::$__SetSTMT = $this->mysqli->prepare('REPLACE INTO '.$this->table.' (`account_id`, `name`, `value`) VALUES (?, ?, ?)');
+			}
+			$val = serialize($value);
+			if (!(self::$__SetSTMT && self::$__SetSTMT->bind_param('iss', $this->account_id, $name, $val) && self::$__SetSTMT->execute())) {
+				$this->setErrorMessage($this->getErrorMsg('E0084', $this->table));
+				return $this->sqlError();
+			}
+			return true;
+		}
+		
+		private function _getValue($name, $default = null){
+			if (empty(self::$__GetSTMT)){
+				self::$__GetSTMT = $this->mysqli->prepare('SELECT `value` FROM '.$this->table.' WHERE `account_id` = ? AND `name` = ? LIMIT 1');
+			}
+			if (self::$__GetSTMT && self::$__GetSTMT->bind_param('is', $this->account_id, $name) && self::$__GetSTMT->execute() && $result = self::$__GetSTMT->get_result()) {
+				if ($result->num_rows > 0) {
+					return unserialize($result->fetch_object()->value);
+				} else {
+					return $default;
+				}
+			}
+			$this->sqlError();
+			return $default;
+		}
+		
+		public function __get($name){
+			if (!$this->__lazyWrite){
+				return $this->_getValue($name);
+			}
+			if (!array_key_exists($name, $this->__cache)){
+				$this->__cache[$name] = $this->_getValue($name);
+			}
+			return $this->__cache[$name];
+		}
+		
+		public function __set($name, $value){
+			if (!$this->__lazyWrite){
+				$this->_storeValue($name, $value);
+			} else {
+				$this->__cache[$name] = $value;
+			}
+		}
+	
+		private static $__setup_callbacks = null;
+		public static function setup($callback = null){
+			self::$__setup_callbacks = $callback;
+		}
+		
+		private static $__lastInstanceId;
+		private static $__lastInstance;
+		/**
+		 * @param int $account_id
+		 * @param string $lazy_write
+		 * @return UserSettings
+		 */
+		public static function construct($account_id, $lazy_write = true){
+			if ((self::$__lastInstanceId == $account_id) && (self::$__lastInstance instanceof UserSettings)){
+				return self::$__lastInstance;
+			}
+			self::$__lastInstanceId = $account_id;
+			return self::$__lastInstance = new self($account_id, $lazy_write);
+		}
+	}
+	
+	UserSettings::setup(function($instance)use($debug, $log, $mysqli, $aErrorCodes){
+		$instance->setDebug($debug);
+		$instance->setLog($log);
+		$instance->setMysql($mysqli);
+		$instance->setErrorCodes($aErrorCodes);
+	});

include/classes/worker.class.php

@@ -4,6 +4,17 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 class Worker extends Base {
   protected $table = 'pool_worker';
 
+  /**
+   * We allow changing the database for shared accounts across pools
+   * Load the config on construct so we can assign the DB name
+   * @param config array MPOS configuration
+   * @return none
+   **/
+  public function __construct($config) {
+    $this->setConfig($config);
+    $this->table = $this->config['db']['shared']['workers'] . '.' . $this->table;
+  }
+
   /**
    * Update worker list for a user
    * @param account_id int User ID
@@ -113,8 +124,7 @@ class Worker extends Base {
          ) AS shares
        FROM $this->table AS w
        WHERE id = ?");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiii', $interval, $interval, $interval, $interval, $id) && $stmt->execute() && $result = $stmt->get_result()) {
-      $row = $result->fetch_assoc();
+    if ($this->checkStmt($stmt) && $stmt->bind_param('iiiii', $interval, $interval, $interval, $interval, $id) && $stmt->execute() && ($result = $stmt->get_result()) && ($row = $result->fetch_assoc())) {
       $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
       if ($row['count_all'] > 0) {
         $row['difficulty'] = round($row['shares'] / $row['count_all'], 2);
@@ -164,7 +174,7 @@ class Worker extends Base {
       while ($row = $result->fetch_assoc()) {
         $row['hashrate'] = round($this->coin->calcHashrate($row['shares'], $interval), 2);
         if ($row['count_all'] > 0) {
-          $row['difficulty'] = round($row['shares'] / $row['count_all'], 2);
+          $row['difficulty'] = round($row['shares'] / $row['count_all'], $this->coin->getShareDifficultyPrecision());
         } else {
           $row['difficulty'] = 0.00;
         }
@@ -294,13 +304,11 @@ class Worker extends Base {
   }
 }
 
-$worker = new Worker();
+$worker = new Worker($config);
 $worker->setDebug($debug);
 $worker->setMysql($mysqli);
 $worker->setMemcache($memcache);
 $worker->setShare($share);
-$worker->setConfig($config);
 $worker->setUser($user);
 $worker->setErrorCodes($aErrorCodes);
 $worker->setCoin($coin);
-?>

include/config/admin_settings.inc.php

@@ -97,6 +97,13 @@ $aSettings['website'][] = array(
   'name' => 'website_notification_autohide', 'value' => $setting->getValue('website_notification_autohide'),
   'tooltip' => 'Hides Notifications after 5 seconds.'
 );
+$aSettings['website'][] = array(
+  'display' => 'Disable Block Notification Sound', 'type' => 'select',
+  'options' => array( 0 => 'Do not notify', 1 => 'Notify when Block is found' ),
+  'default' => 0,
+  'name' => 'website_blockfinder_notification', 'value' => $setting->getValue('website_blockfinder_notification'),
+  'tooltip' => 'Enable/Disable Blockfinder Sound.'
+);
 $aSettings['blockchain'][] = array(
   'display' => 'Disable Blockexplorer', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes' ),
@@ -146,6 +153,13 @@ $aSettings['wallet'][] = array(
   'name' => 'wallet_cold_coins', 'value' => $setting->getValue('wallet_cold_coins'),
   'tooltip' => 'Amount of coins held in a pools cold wallet.'
 );
+$aSettings['wallet'][] = array(
+  'display' => 'Transaction Limit', 'type' => 'text',
+  'size' => 6,
+  'default' => 25,
+  'name' => 'wallet_transaction_limit', 'value' => $setting->getValue('wallet_transaction_limit'),
+  'tooltip' => 'Maximum amount of transactions to list in Admin Wallet Info.'
+);
 $aSettings['statistics'][] = array(
   'display' => 'Ajax Refresh Interval', 'type' => 'select',
   'options' => array('5' => '5', '10' => '10', '15' => '15', '30' => '30', '60' => '60' ),
@@ -190,21 +204,21 @@ $aSettings['statistics'][] = array(
 );
 $aSettings['statistics'][] = array(
   'display' => 'Pool Hashrate Modifier', 'type' => 'select',
-  'options' => array( '1' => 'KH/s', '0.001' => 'MH/s', '0.000001' => 'GH/s', '0.000000001' => 'TH/s' ),
+  'options' => array( '1' => 'KH/s', '0.001' => 'MH/s', '0.000001' => 'GH/s', '0.000000001' => 'TH/s', '0.000000000001' => 'PH/s', '0.000000000000001' => 'EH/s' ),
   'default' => '1',
   'name' => 'statistics_pool_hashrate_modifier', 'value' => $setting->getValue('statistics_pool_hashrate_modifier'),
   'tooltip' => 'Auto-adjust displayed pool hashrates to a certain limit.'
 );
 $aSettings['statistics'][] = array(
   'display' => 'Network Hashrate Modifier', 'type' => 'select',
-  'options' => array( '1' => 'KH/s', '0.001' => 'MH/s', '0.000001' => 'GH/s', '0.000000001' => 'TH/s' ),
+  'options' => array( '1' => 'KH/s', '0.001' => 'MH/s', '0.000001' => 'GH/s', '0.000000001' => 'TH/s', '0.000000000001' => 'PH/s', '0.000000000000001' => 'EH/s' ),
   'default' => '1',
   'name' => 'statistics_network_hashrate_modifier', 'value' => $setting->getValue('statistics_network_hashrate_modifier'),
   'tooltip' => 'Auto-adjust displayed network hashrates to a certain limit.'
 );
 $aSettings['statistics'][] = array(
   'display' => 'Personal Hashrate Modifier', 'type' => 'select',
-  'options' => array( '1' => 'KH/s', '0.001' => 'MH/s', '0.000001' => 'GH/s', '0.000000001' => 'TH/s' ),
+  'options' => array( '1' => 'KH/s', '0.001' => 'MH/s', '0.000001' => 'GH/s', '0.000000001' => 'TH/s', '0.000000000001' => 'PH/s', '0.000000000000001' => 'EH/s' ),
   'default' => '1',
   'name' => 'statistics_personal_hashrate_modifier', 'value' => $setting->getValue('statistics_personal_hashrate_modifier'),
   'tooltip' => 'Auto-adjust displayed personal hashrates to a certain limit.'
@@ -224,6 +238,20 @@ $aSettings['statistics'][] = array(
   'name' => 'statistics_analytics_code', 'value' => $setting->getValue('statistics_analytics_code'),
   'tooltip' => '.'
 );
+$aSettings['acl'][] = array(
+  'display' => 'Show Stats for logged in users only', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes' ),
+  'default' => 0,
+  'name' => 'acl_show_stats_loggedin', 'value' => $setting->getValue('acl_show_stats_loggedin'),
+  'tooltip' => 'Should statistics be visible for logged in users only.'
+);
+$aSettings['acl'][] = array(
+  'display' => 'Show Help for logged in users only', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes' ),
+  'default' => 0,
+  'name' => 'acl_show_help_loggedin', 'value' => $setting->getValue('acl_show_help_loggedin'),
+  'tooltip' => 'Should Help Page be visible for logged in users only.'
+);
 $aSettings['acl'][] = array(
   'display' => 'Hide news post author', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes' ),

include/config/error_codes.inc.php

@@ -78,4 +78,6 @@ $aErrorCodes['E0079'] = 'Wallet does not cover payouts total amount';
 $aErrorCodes['E0080'] = 'No new unaccounted shares since last run';
 $aErrorCodes['E0081'] = 'Failed to insert new block into database';
 $aErrorCodes['E0082'] = 'Block does not supply any usable confirmation information';
-?>
+$aErrorCodes['E0083'] = 'Maintenance mode enabled, skipped';
+$aErrorCodes['E0084'] = 'Error updating %s table';
+$aErrorCodes['E0085'] = 'Cron disabled due to invalid arguments';

include/config/global.inc.dist.php

@@ -4,14 +4,14 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 /**
  * Do not edit this unless you have confirmed that your config has been updated!
  * Also the URL to check for the most recent upstream versions available
- *  https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-config-version
+ *  https://github.com/MPOS/php-mpos/wiki/Config-Setup#config-version
  **/
-$config['version'] = '1.0.0';
+$config['version'] = '1.0.1';
 $config['version_url'] = 'https://raw.githubusercontent.com/MPOS/php-mpos/master/include/version.inc.php';
 
 /**
  * Unless you disable this, we'll do a quick check on your config first.
- *  https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-config-check
+ *  https://github.com/MPOS/php-mpos/wiki/Config-Setup#config-check
  */
 $config['skip_config_tests'] = false;
 
@@ -24,7 +24,7 @@ $config['check_valid_coinaddress'] = true;
 /**
  * Defines
  *  Debug setting and salts for hashing passwords
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-defines--salts
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#defines--salts
  */
 $config['DEBUG'] = 0;
 $config['SALT'] = 'PLEASEMAKEMESOMETHINGRANDOM';
@@ -33,7 +33,7 @@ $config['SALTY'] = 'THISSHOULDALSOBERRAANNDDOOM';
 /**
   * Coin Algorithm
   *  Algorithm used by this coin, sha256d or scrypt
-  *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-algorithm
+  *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#algorithm
   **/
 $config['algorithm'] = 'scrypt';
 
@@ -47,18 +47,35 @@ $config['getbalancewithunconfirmed'] = true;
 /**
  * Database configuration
  *  MySQL database configuration
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-database-configuration
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#database-configuration
  **/
 $config['db']['host'] = 'localhost';
 $config['db']['user'] = 'someuser';
 $config['db']['pass'] = 'somepass';
 $config['db']['port'] = 3306;
 $config['db']['name'] = 'mpos';
+// Disabled by default and set in bootstrap if unset, but left in here so
+// people know it exists
+// $config['db']['shared']['accounts'] = $config['db']['name'];
+// $config['db']['shared']['workers'] = $config['db']['name'];
+// $config['db']['shared']['news'] = $config['db']['name'];
 
+
+/**
+ * Setup read-only/slave database server for selects (read queries)
+**/
+$config['db-ro']['enabled'] = false;
+$config['db-ro']['host'] = 'localhost';
+$config['db-ro']['user'] = 'someuser';
+$config['db-ro']['pass'] = 'somepass';
+$config['db-ro']['port'] = 3306;
+$config['db-ro']['name'] = 'mpos';
+
+ 
 /**
  * Local wallet RPC
  *  RPC configuration for your daemon/wallet
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-local-wallet-rpc
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#local-wallet-rpc
  **/
 $config['wallet']['type'] = 'http';
 $config['wallet']['host'] = 'localhost:19334';
@@ -68,7 +85,7 @@ $config['wallet']['password'] = 'testnet';
 /**
  * Swiftmailer configuration
  *  Configure your way to send mails
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-swiftmailer
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#swiftmailer
  **/
 $config['swiftmailer']['type'] = 'sendmail';
 $config['swiftmailer']['sendmail']['path'] = '/usr/sbin/sendmail';
@@ -83,7 +100,7 @@ $config['swiftmailer']['smtp']['throttle'] = 100;
 /**
  * Getting Started Config
  *  Shown to users in the 'Getting Started' section
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-getting-started
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#getting-started
  **/
 $config['gettingstarted']['coinname'] = 'Litecoin';
 $config['gettingstarted']['coinurl'] = 'http://www.litecoin.org';
@@ -93,17 +110,17 @@ $config['gettingstarted']['stratumport'] = '3333';
 /**
  * Ticker API
  *  Fetch exchange rates via an API
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-ticker-api
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#ticker-api
  **/
 $config['price']['enabled'] = false;
-$config['price']['url'] = 'https://btc-e.com';
+$config['price']['url'] = 'https://btc-e.nz';
 $config['price']['target'] = '/api/2/ltc_usd/ticker';
 $config['price']['currency'] = 'USD';
 
 /**
  * Automatic Payout Thresholds
  *  Minimum and Maximum auto payout amount
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-automatic-payout-thresholds
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#automatic-payout-thresholds
  **/
 $config['ap_threshold']['min'] = 1;
 $config['ap_threshold']['max'] = 250;
@@ -111,49 +128,49 @@ $config['ap_threshold']['max'] = 250;
 /**
  * Minimum manual Payout Threshold
  *  Minimum manual payout amount
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-manual-payout-threshold
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#manual-payout-threshold
  **/
 $config['mp_threshold'] = 1;
 
 /**
  * Donation thresholds
  *  Minimum donation amount in percent
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-donation-thresholds
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#donation-thresholds
  **/
 $config['donate_threshold']['min'] = 1;
 
 /**
  * Account Specific Settings
  *  Settings for each user account
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-account-specific-settings
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#account-specific-settings
  **/
 $config['accounts']['invitations']['count'] = 5;
 
 /**
  * Currency
  *  Shorthand name for the currency
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-currency
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#currency
  */
 $config['currency'] = 'LTC';
 
 /**
  * Coin Target
  *  Target time for coins to be generated
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-coin-target
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#coin-target
  **/
 $config['cointarget'] = '150';
 
 /**
  * Coin Diff Change
  *  Amount of blocks between difficulty changes
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-coin-diff-change
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#coin-diff-change
  **/
 $config['coindiffchangetarget'] = 2016;
 
 /**
  * TX Fees
  *  Fees applied to transactions
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-tx-fees
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#tx-fees
  **/
 $config['txfee_auto'] = 0.1;
 $config['txfee_manual'] = 0.1;
@@ -161,8 +178,8 @@ $config['txfee_manual'] = 0.1;
 /**
  * Block & Pool Bonus
  *  Bonus coins for blockfinder or a pool bonus for everyone
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-block-bonus
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pool-bonus
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#block-bonus
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#pool-bonus
  */
 $config['block_bonus'] = 0;
 $config['pool_bonus'] = 0;
@@ -171,14 +188,14 @@ $config['pool_bonus_type'] = 'payout';
 /**
  * Payout System
  *  Payout system chosen
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-payout-system
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#payout-system
  **/
 $config['payout_system'] = 'prop';
 
 /**
  * Sendmany Support
  *  Enable/Disable Sendmany RPC method
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-sendmany-support
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#sendmany-support
  **/
 $config['sendmany']['enabled'] = false;
 
@@ -192,7 +209,7 @@ $config['payout']['txlimit_auto'] = 500;
 /**
  * Round Purging
  *  Round share purging configuration
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-round-purging
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#round-purging
  **/
 $config['purge']['sleep'] = 1;
 $config['purge']['shares'] = 25000;
@@ -200,7 +217,7 @@ $config['purge']['shares'] = 25000;
 /**
  * Share Archiving
  *  Share archiving configuration details
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-archiving
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#archiving
  **/
 $config['archive']['maxrounds'] = 10; 
 $config['archive']['maxage'] = 60 * 24; 
@@ -209,14 +226,14 @@ $config['archive']['maxage'] = 60 * 24;
 /**
  * Pool Fees
  *  Fees applied to users
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pool-fees
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#pool-fees
  */
 $config['fees'] = 0;
 
 /**
  * PPLNS
  *  Pay Per Last N Shares
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pplns-settings
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#pplns-settings
  */
 $config['pplns']['shares']['default'] = 4000000;
 $config['pplns']['shares']['type'] = 'blockavg';
@@ -227,14 +244,14 @@ $config['pplns']['dynamic']['percent'] = 30;
 /**
  * Difficulty
  *  Difficulty setting for stratum/pushpool
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pool-target-difficulty
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#pool-target-difficulty
  */
 $config['difficulty'] = 20;
 
 /**
  * Block Reward
  *  Block reward configuration details
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-reward-settings
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#reward-settings
  **/
 $config['reward_type'] = 'block';
 $config['reward'] = 50;
@@ -242,7 +259,7 @@ $config['reward'] = 50;
 /**
  * Confirmations
  *  Credit and Network confirmation settings
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-confirmations
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#confirmations
  */
 $config['confirmations'] = 120;
 $config['network_confirmations'] = 120;
@@ -250,7 +267,7 @@ $config['network_confirmations'] = 120;
 /**
  * PPS
  *  Pay Per Share configuration details
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-pps-settings
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#pps-settings
  **/
 $config['pps']['reward']['default'] = 50;
 $config['pps']['reward']['type'] = 'blockavg';
@@ -259,7 +276,7 @@ $config['pps']['blockavg']['blockcount'] = 10;
 /**
  * Memcache
  *  Memcache configuration details
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#memcache
  **/
 $config['memcache']['enabled'] = true;
 $config['memcache']['host'] = 'localhost';
@@ -275,7 +292,7 @@ $config['memcache']['sasl']['password'] = '';
 /**
  * Cookies
  *  Cookie configuration details
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-cookies
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#cookies
  **/
 $config['cookie']['duration'] = '1440';
 $config['cookie']['domain'] = '';
@@ -286,7 +303,7 @@ $config['cookie']['secure'] = false;
 /**
  * Smarty Cache
  *  Enable smarty cache and cache length
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-smarty-cache
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#smarty-cache
  **/
 $config['smarty']['cache'] = 0;
 $config['smarty']['cache_lifetime'] = 30;
@@ -294,8 +311,6 @@ $config['smarty']['cache_lifetime'] = 30;
 /**
  * System load
  *  Disable some calls when high system load
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-system-load
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#system-load
  **/
 $config['system']['load']['max'] = 10.0;
-
-?>

include/config/memcache_keys.inc.php

@@ -4,4 +4,3 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 define('STATISTICS_ALL_USER_SHARES', 'STATISTICS_ALL_USER_SHARES');
 define('STATISTICS_ALL_USER_HASHRATES', 'STATISTICS_ALL_USER_HASHRATES');
 define('STATISTICS_ROUND_SHARES', 'STATISTICS_ROUND_SHARES');
-?>

include/config/monitor_crons.inc.php

@@ -11,5 +11,3 @@ switch ($config['payout_system']) {
 }
 
 $aMonitorCrons = array('statistics','tickerupdate','notifications','tables_cleanup','findblock',$sPayoutSystem,'blockupdate','payouts');
-
-?>

include/config/security.inc.dist.php

@@ -23,7 +23,7 @@ $config['logging']['path'] = realpath(BASEPATH.'../logs');
 /**
  * Memcache Rate Limiting
  *  Rate limit requests using Memcache
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache-rate-limiting
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#memcache-rate-limiting
  */
 $config['mc_antidos']['enabled'] = true;
 $config['mc_antidos']['protect_ajax'] = true;
@@ -38,14 +38,14 @@ $config['mc_antidos']['error_push_page'] = array('page' => 'error', 'action' =>
 /**
  * CSRF Protection
  *  Enable or disable CSRF protection
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-csrf-protection
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#csrf-protection
  */
 $config['csrf']['enabled'] = true;
 
 /**
  * E-mail confirmations for user actions
  *  Two-factor confirmation for user actions
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-e-mail-confirmations
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#e-mail-confirmations
  */
 $config['twofactor']['enabled'] = true;
 $config['twofactor']['options']['details'] = true;
@@ -55,9 +55,7 @@ $config['twofactor']['options']['changepw'] = true;
 /**
  * Lock account after X
  *  Lock accounts after X invalid logins or pins
- *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-lock-accounts-after-failed-logins
+ *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#lock-accounts-after-failed-logins
  **/
 $config['maxfailed']['login'] = 3;
 $config['maxfailed']['pin'] = 3;
-
-?>

include/database.inc.php

@@ -3,13 +3,14 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Instantiate class, we are using mysqlng
 if ($config['mysql_filter']) {
-  $mysqli = new mysqli_strict($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
+  $mysqli = new mysqlims($config['db'],$config['db-ro'], true);
 } else {
-  $mysqli = new mysqli($config['db']['host'], $config['db']['user'], $config['db']['pass'], $config['db']['name'], $config['db']['port']);
+  $mysqli = new mysqlims($config['db'],$config['db-ro'], false);
 }
 
-// Check if read-only and quit if it is on
-if ($mysqli->query('/* MYSQLND_MS_MASTER_SWITCH */SELECT @@global.read_only AS read_only')->fetch_object()->read_only == 1) {
+// Check if read-only and quit if it is on, disregard if slave is enabled
+
+if ($mysqli->query('/* MYSQLND_MS_MASTER_SWITCH */SELECT @@global.read_only AS read_only')->fetch_object()->read_only == 1 && $config['db-ro']['enabled'] === false ) {
   die('Database is in READ-ONLY mode');
 }
 
@@ -17,5 +18,3 @@ if ($mysqli->query('/* MYSQLND_MS_MASTER_SWITCH */SELECT @@global.read_only AS r
 if (mysqli_connect_errno()) {
   die("Failed to connect to database");
 }
-
-?>

include/lib/Michelf/Markdown.php

@@ -3091,4 +3091,3 @@ class _MarkdownExtra_TmpImpl extends \Michelf\Markdown {
 	}
 
 }
-?>

include/lib/Michelf/MarkdownExtra.php

@@ -35,6 +35,3 @@ class MarkdownExtra extends \Michelf\_MarkdownExtra_TmpImpl {
 	# See note above.
 
 }
-
-
-?>

include/lib/recaptchalib.php

@@ -1,277 +0,0 @@
-<?php
-/*
- * This is a PHP library that handles calling reCAPTCHA.
- *    - Documentation and latest version
- *          http://recaptcha.net/plugins/php/
- *    - Get a reCAPTCHA API Key
- *          https://www.google.com/recaptcha/admin/create
- *    - Discussion group
- *          http://groups.google.com/group/recaptcha
- *
- * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
- * AUTHORS:
- *   Mike Crawford
- *   Ben Maurer
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/**
- * The reCAPTCHA server URL's
- */
-define("RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api");
-define("RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api");
-define("RECAPTCHA_VERIFY_SERVER", "www.google.com");
-
-/**
- * Encodes the given data into a query string format
- * @param $data - array of string elements to be encoded
- * @return string - encoded request
- */
-function _recaptcha_qsencode ($data) {
-        $req = "";
-        foreach ( $data as $key => $value )
-                $req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
-
-        // Cut the last '&'
-        $req=substr($req,0,strlen($req)-1);
-        return $req;
-}
-
-
-
-/**
- * Submits an HTTP POST to a reCAPTCHA server
- * @param string $host
- * @param string $path
- * @param array $data
- * @param int port
- * @return array response
- */
-function _recaptcha_http_post($host, $path, $data, $port = 80) {
-
-        $req = _recaptcha_qsencode ($data);
-
-        $http_request  = "POST $path HTTP/1.0\r\n";
-        $http_request .= "Host: $host\r\n";
-        $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
-        $http_request .= "Content-Length: " . strlen($req) . "\r\n";
-        $http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
-        $http_request .= "\r\n";
-        $http_request .= $req;
-
-        $response = '';
-        if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
-                die ('Could not open socket');
-        }
-
-        fwrite($fs, $http_request);
-
-        while ( !feof($fs) )
-                $response .= fgets($fs, 1160); // One TCP-IP packet
-        fclose($fs);
-        $response = explode("\r\n\r\n", $response, 2);
-
-        return $response;
-}
-
-
-
-/**
- * Gets the challenge HTML (javascript and non-javascript version).
- * This is called from the browser, and the resulting reCAPTCHA HTML widget
- * is embedded within the HTML form it was called from.
- * @param string $pubkey A public key for reCAPTCHA
- * @param string $error The error given by reCAPTCHA (optional, default is null)
- * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false)
-
- * @return string - The HTML to be embedded in the user's form.
- */
-function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false)
-{
-	if ($pubkey == null || $pubkey == '') {
-		die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
-	}
-	
-	if ($use_ssl) {
-                $server = RECAPTCHA_API_SECURE_SERVER;
-        } else {
-                $server = RECAPTCHA_API_SERVER;
-        }
-
-        $errorpart = "";
-        if ($error) {
-           $errorpart = "&amp;error=" . $error;
-        }
-        return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script>
-
-	<noscript>
-  		<iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
-  		<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
-  		<input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
-	</noscript>';
-}
-
-
-
-
-/**
- * A ReCaptchaResponse is returned from recaptcha_check_answer()
- */
-class ReCaptchaResponse {
-        var $is_valid;
-        var $error;
-}
-
-
-/**
-  * Calls an HTTP POST function to verify if the user's guess was correct
-  * @param string $privkey
-  * @param string $remoteip
-  * @param string $challenge
-  * @param string $response
-  * @param array $extra_params an array of extra variables to post to the server
-  * @return ReCaptchaResponse
-  */
-function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
-{
-	if ($privkey == null || $privkey == '') {
-		die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
-	}
-
-	if ($remoteip == null || $remoteip == '') {
-		die ("For security reasons, you must pass the remote ip to reCAPTCHA");
-	}
-
-	
-	
-        //discard spam submissions
-        if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) {
-                $recaptcha_response = new ReCaptchaResponse();
-                $recaptcha_response->is_valid = false;
-                $recaptcha_response->error = 'incorrect-captcha-sol';
-                return $recaptcha_response;
-        }
-
-        $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify",
-                                          array (
-                                                 'privatekey' => $privkey,
-                                                 'remoteip' => $remoteip,
-                                                 'challenge' => $challenge,
-                                                 'response' => $response
-                                                 ) + $extra_params
-                                          );
-
-        $answers = explode ("\n", $response [1]);
-        $recaptcha_response = new ReCaptchaResponse();
-
-        if (trim ($answers [0]) == 'true') {
-                $recaptcha_response->is_valid = true;
-        }
-        else {
-                $recaptcha_response->is_valid = false;
-                $recaptcha_response->error = $answers [1];
-        }
-        return $recaptcha_response;
-
-}
-
-/**
- * gets a URL where the user can sign up for reCAPTCHA. If your application
- * has a configuration page where you enter a key, you should provide a link
- * using this function.
- * @param string $domain The domain where the page is hosted
- * @param string $appname The name of your application
- */
-function recaptcha_get_signup_url ($domain = null, $appname = null) {
-	return "https://www.google.com/recaptcha/admin/create?" .  _recaptcha_qsencode (array ('domains' => $domain, 'app' => $appname));
-}
-
-function _recaptcha_aes_pad($val) {
-	$block_size = 16;
-	$numpad = $block_size - (strlen ($val) % $block_size);
-	return str_pad($val, strlen ($val) + $numpad, chr($numpad));
-}
-
-/* Mailhide related code */
-
-function _recaptcha_aes_encrypt($val,$ky) {
-	if (! function_exists ("mcrypt_encrypt")) {
-		die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed.");
-	}
-	$mode=MCRYPT_MODE_CBC;   
-	$enc=MCRYPT_RIJNDAEL_128;
-	$val=_recaptcha_aes_pad($val);
-	return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
-}
-
-
-function _recaptcha_mailhide_urlbase64 ($x) {
-	return strtr(base64_encode ($x), '+/', '-_');
-}
-
-/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */
-function recaptcha_mailhide_url($pubkey, $privkey, $email) {
-	if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) {
-		die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " .
-		     "you can do so at <a href='http://www.google.com/recaptcha/mailhide/apikey'>http://www.google.com/recaptcha/mailhide/apikey</a>");
-	}
-	
-
-	$ky = pack('H*', $privkey);
-	$cryptmail = _recaptcha_aes_encrypt ($email, $ky);
-	
-	return "http://www.google.com/recaptcha/mailhide/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail);
-}
-
-/**
- * gets the parts of the email to expose to the user.
- * eg, given johndoe@example,com return ["john", "example.com"].
- * the email is then displayed as john...@example.com
- */
-function _recaptcha_mailhide_email_parts ($email) {
-	$arr = preg_split("/@/", $email );
-
-	if (strlen ($arr[0]) <= 4) {
-		$arr[0] = substr ($arr[0], 0, 1);
-	} else if (strlen ($arr[0]) <= 6) {
-		$arr[0] = substr ($arr[0], 0, 3);
-	} else {
-		$arr[0] = substr ($arr[0], 0, 4);
-	}
-	return $arr;
-}
-
-/**
- * Gets html to display an email address given a public an private key.
- * to get a key, go to:
- *
- * http://www.google.com/recaptcha/mailhide/apikey
- */
-function recaptcha_mailhide_html($pubkey, $privkey, $email) {
-	$emailparts = _recaptcha_mailhide_email_parts ($email);
-	$url = recaptcha_mailhide_url ($pubkey, $privkey, $email);
-	
-	return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) .
-		"' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
-
-}
-
-
-?>

include/lib/scrypt.php

@@ -532,5 +532,3 @@ function word_reverse($str) {
   }
   return $ret;
 }
-
-?>

include/lib/smarty_plugins/function.acl.php

@@ -31,4 +31,3 @@ function check_acl_access($params, $smarty)
     break;
   }
 }
-?>

include/lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php

@@ -687,7 +687,7 @@ class Swift_Mime_SimpleMimeEntity implements Swift_Mime_MimeEntity
     protected function getRandomId()
     {
         $idLeft = md5(getmypid() . '.' . time() . '.' . uniqid(mt_rand(), true));
-        $idRight = !empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'swift.generated';
+        $idRight = !empty($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'swift.generated';
         $id = $idLeft . '@' . $idRight;
 
         try {

include/lib/swiftmailer/classes/Swift/Transport/AbstractSmtpTransport.php

@@ -477,10 +477,10 @@ abstract class Swift_Transport_AbstractSmtpTransport implements Swift_Transport
     /** Try to determine the hostname of the server this is run on */
     private function _lookupHostname()
     {
-        if (!empty($_SERVER['SERVER_NAME'])
-            && $this->_isFqdn($_SERVER['SERVER_NAME']))
+        if (!empty($_SERVER['HTTP_HOST'])
+            && $this->_isFqdn($_SERVER['HTTP_HOST']))
         {
-            $this->_domain = $_SERVER['SERVER_NAME'];
+            $this->_domain = $_SERVER['HTTP_HOST'];
         } elseif (!empty($_SERVER['SERVER_ADDR'])) {
             $this->_domain = sprintf('[%s]', $_SERVER['SERVER_ADDR']);
         }

include/pages/about.inc.php

@@ -3,4 +3,3 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
-?>

include/pages/about/pplns.inc.php

@@ -3,4 +3,3 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
-?>

include/pages/account.inc.php

@@ -5,4 +5,3 @@ if ($user->isAuthenticated()) {
   // Tempalte specifics
   $smarty->assign("CONTENT", "default.tpl");
 }
-?>

include/pages/account/earnings.inc.php

@@ -19,5 +19,3 @@ if ($user->isAuthenticated() AND !$setting->getValue('disable_transactionsummary
 } else {
   $smarty->assign('CONTENT', 'disabled.tpl');
 }
-
-?>

include/pages/account/edit.inc.php

@@ -103,7 +103,7 @@ if ($user->isAuthenticated()) {
           } else if ($config['twofactor']['enabled'] && $config['twofactor']['options']['withdraw'] && !$wf_editable) {
             $_SESSION['POPUP'][] = array('CONTENT' => 'You have not yet unlocked account withdrawls.', 'TYPE' => 'alert alert-danger');
           } else if ($aBalance['confirmed'] < $config['mp_threshold']) {
-            $_SESSION['POPUP'][] = array('CONTENT' => 'Payout must be greater or equal than ' . $config['mp_threshold'] . '.', 'TYPE' => 'info');
+            $_SESSION['POPUP'][] = array('CONTENT' => 'Account balance must be >= ' . $config['mp_threshold'] . ' to do a Manual Payout.', 'TYPE' => 'alert alert-warning');
           } else if (!$coin_address->getCoinAddress($_SESSION['USERDATA']['id'])) {
             $_SESSION['POPUP'][] = array('CONTENT' => 'You have no payout address set.', 'TYPE' => 'alert alert-danger');
         	} else {
@@ -181,7 +181,7 @@ if ($config['twofactor']['enabled'] && $user->isAuthenticated()) {
     $wf_editable = $user->token->isTokenValid($_SESSION['USERDATA']['id'], $wf_token, 7);
     $wf_sent = $user->token->doesTokenExist('withdraw_funds', $_SESSION['USERDATA']['id']);
   }
-  
+
   // display token info per each - only when sent and editable or just sent, not by default
   (!empty($eaprep_sent) && !empty($eaprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $eaprep_sent, 'TYPE' => 'alert alert-success'):"";
   (!empty($eaprep_sent) && empty($eaprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $message_tokensent_invalid.$messages_tokensent_status['ea'], 'TYPE' => 'alert alert-success'):"";
@@ -206,4 +206,3 @@ $smarty->assign("DONATE_THRESHOLD", $config['donate_threshold']);
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
-?>

include/pages/account/invitations.inc.php

@@ -24,4 +24,3 @@ if ($user->isAuthenticated()) {
   }
 }
 $smarty->assign('CONTENT', 'default.tpl');
-?>

include/pages/account/notifications.inc.php

@@ -8,7 +8,25 @@ if ($user->isAuthenticated()) {
   } else {
     if (@$_REQUEST['do'] == 'save') {
       if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
-        if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) {
+
+      	$pushSettings = array(
+      		'class' => $_REQUEST['pushnotification-class'],
+      		'params' => null,
+      		'file' => null,
+      	);
+      	if ($pushSettings['class'] && array_key_exists($pushSettings['class'], $_REQUEST['pushnotification'])){
+      		$pushSettings['params'] = $_REQUEST['pushnotification'][$pushSettings['class']];
+      	}
+      	if ($pushSettings['class']){
+      		$c = $pushnotification->getClasses();
+      		if (array_key_exists($pushSettings['class'], $c)){
+      			$pushSettings['file'] = $c[$pushSettings['class']][0];
+      		}
+      	}
+      	
+      	if (!$pushnotification->updateSettings($_SESSION['USERDATA']['id'], $pushSettings)){
+      		$_SESSION['POPUP'][] = array('CONTENT' => $pushnotification->getError(), 'TYPE' => 'alert alert-danger');
+      	}elseif ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) {
           $_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings', 'TYPE' => 'alert alert-success');
         } else {
           $_SESSION['POPUP'][] = array('CONTENT' => $notification->getError(), 'TYPE' => 'alert alert-danger');
@@ -29,11 +47,13 @@ if ($user->isAuthenticated()) {
 
     // Fetch user notification settings
     $aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
+    $aPushSettings = $pushnotification->getNotificationSettings($_SESSION['USERDATA']['id']);
+    $aSmartyClasses = $pushnotification->getClassesForSmarty();
 
     $smarty->assign('NOTIFICATIONS', $aNotifications);
+    $smarty->assign('PUSHNOTIFICATIONS', $aSmartyClasses);
+    $smarty->assign('PUSHSETTINGS', $aPushSettings);
     $smarty->assign('SETTINGS', $aSettings);
     $smarty->assign('CONTENT', 'default.tpl');
   }
 }
-
-?>

include/pages/account/qrcode.inc.php

@@ -12,4 +12,3 @@ case '1':
   $smarty->assign("CONTENT", "");
   break;
 }
-?>

include/pages/account/reset_failed.inc.php

@@ -6,9 +6,8 @@ if ($user->isAuthenticated()) {
   $user->setUserFailed($_SESSION['USERDATA']['id'], 0);
   $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
   $pushto = $_SERVER['SCRIPT_NAME'].'?page=dashboard';
-  $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto;
+  $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto;
   header("Location: " . $location);
 }
 // Somehow we still need to load this empty template
 $smarty->assign("CONTENT", "empty");
-?>

include/pages/account/transactions.inc.php

@@ -15,4 +15,3 @@ if ($user->isAuthenticated()) {
   $smarty->assign('DISABLE_TRANSACTIONSUMMARY', $setting->getValue('disable_transactionsummary'));
 }
 $smarty->assign('CONTENT', 'default.tpl');
-?>

include/pages/account/unlock.inc.php

@@ -15,5 +15,3 @@ if (!isset($_GET['token']) || empty($_GET['token'])) {
   }
 }
 $smarty->assign('CONTENT', 'default.tpl');
-
-?>

include/pages/account/workers.inc.php

@@ -55,6 +55,3 @@ if ($user->isAuthenticated()) {
     $smarty->assign('CONTENT', 'default.tpl');
   }
 }
-
-
-?>

include/pages/admin.inc.php

@@ -9,4 +9,3 @@ if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "");
-?>

include/pages/admin/checks/check_daemon.inc.php

@@ -0,0 +1,55 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+// check if daemon can connect -> error
+try {
+  if ($bitcoin->can_connect() !== true) {
+    $newerror = array();
+    $newerror['name'] = "Coin daemon";
+    $newerror['level'] = 3;
+    $newerror['description'] = "Unable to connect to coin daemon using provided credentials.";
+    $newerror['configvalue'] = "wallet.*";
+    $newerror['extdesc'] = "We weren't able to connect to your coin daemon using the host/username/password/port given in the config. Check that your coin daemon is running and mpos is configured with the data from your coin daemon config. Your coin daemon may also not yet be fully synced.";
+    $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-local-wallet-rpc";
+    $error[] = $newerror;
+    $newerror = null;
+  } else {
+    // validate that the wallet service is not in test mode
+    if ($bitcoin->is_testnet() == true) {
+      $newerror = array();
+      $newerror['name'] = "Coin daemon";
+      $newerror['level'] = 3;
+      $newerror['extdesc'] = "You may have accidentally mistyped the port, or are running the coin daemon in testnet mode. Check your coin daemon config and MPOS config.";
+      $newerror['description'] = "The coin daemon service is running as a testnet. Check the TESTNET setting in your coin daemon config and make sure the correct port is set in the MPOS config.";
+      $newerror['configvalue'] = "wallet.host";
+      $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-local-wallet-rpc";
+      $error[] = $newerror;
+      $newerror = null;
+    }
+    // Check if chain is currently downloading
+    if ($dDownloadPercentage = $bitcoin->getblockchaindownload()) {
+      $newerror = array();
+      $newerror['name'] = "Coin daemon";
+      $newerror['level'] = 1;
+      $newerror['extdesc'] = "Your coin daemon is currently downloading the blockchain. Your miners won't be able to connect until this is completed.";
+      $newerror['description'] = "Blockchain download progress is at an estimated $dDownloadPercentage%. It may take a while to complete.";
+      $newerror['configvalue'] = "wallet.host";
+      $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-local-wallet-rpc";
+      $error[] = $newerror; 
+      $newerror = null;
+    }
+    // check if there is more than one account set on wallet
+    $accounts = $bitcoin->listaccounts();
+    if (count($accounts) > 1 && $accounts[''] <= 0) {
+      $newerror = array();
+      $newerror['name'] = "Coin daemon";
+      $newerror['level'] = 3;
+      $newerror['extdesc'] = "You need at least one account to be able to pay miners! Your coin daemon may not yet be fully synced, see the above link for more details.";
+      $newerror['description'] = "There are " . count($accounts) . " Accounts set in local Wallet and Default Account has no liquid funds to pay your miners!";
+      $newerror['configvalue'] = "wallet.host";
+      $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-local-wallet-rpc";
+      $error[] = $newerror;
+      $newerror = null;
+    }
+  }
+} catch (Exception $e) {}

include/pages/admin/checks/check_fees.inc.php

@@ -0,0 +1,15 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+// check if fees are 0 and ap/mp tx fees are also set to 0 -> issue #2424
+if ($config['fees'] == 0 && ($config['txfee_auto'] == 0 || $config['txfee_manual'] == 0)) {
+  $newerror = array();
+  $newerror['name'] = "Fees and TX Fees 0";
+  $newerror['level'] = 2;
+  $newerror['extdesc'] = "This is an issue that can only occur with both your fees set to 0 and auto or manual tx fees set to 0 as well. It's best to avoid it if possible though, as it can prevent payouts; set the txfee to a small amount to avoid this.";
+  $newerror['description'] = "Having your pool fees set to 0 and tx fees also set to 0 can cause a problem where the wallet cannot payout, consider setting the txfee to a very low amount, ie. 0.0001 to avoid this.";
+  $newerror['configvalue'] = "fees";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/issues/2424";
+  $error[] = $newerror;
+  $newerror = null;
+}

include/pages/admin/checks/check_memcache.inc.php

@@ -0,0 +1,67 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+// check if memcache isn't available but enabled in config -> error
+if (!class_exists('Memcached') && $config['memcache']['enabled']) {
+  $newerror = array();
+  $newerror['name'] = "Memcache Config";
+  $newerror['level'] = 3;
+  $newerror['extdesc'] = "Memcache is a service that you run that lets us cache commonly used data and access it quickly. It's highly recommended you <a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#requirements-1'>install the service and php packages</a> for your distro.";
+  $newerror['description'] = "You have memcached enabled in your config and it's not available as a PHP module. Install the package on your system.";
+  $newerror['configvalue'] = "memcache.enabled";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache"; 
+  $error[] = $newerror;
+  $newerror = null;
+}
+
+// if it's not enabled, test it if it exists, if it works -> error tell them to enable, -> otherwise notice it's disabled
+if (!$config['memcache']['enabled']) {
+  if (PHP_OS == 'WINNT') {
+    require_once(CLASS_DIR . 'memcached.class.php');
+  }
+  if (class_exists('Memcached')) {
+    $memcache_test = @new Memcached();
+    if ($config['memcache']['sasl'] === true) {
+      $memcache_test->setOption(Memcached::OPT_BINARY_PROTOCOL, true);
+      $memcache_test->setSaslAuthData($config['memcache']['sasl']['username'], $config['memcache']['sasl']['password']);
+    }
+    $memcache_test_add = @$memcache_test->addServer($config['memcache']['host'], $config['memcache']['port']);
+    $randmctv = rand(5,10);
+    $memcache_test_set = @$memcache_test->set('test_mpos_setval', $randmctv);
+    $memcache_test_get = @$memcache_test->get('test_mpos_setval');
+  }
+  if (class_exists('Memcached') && $memcache_test_get == $randmctv) {
+    $newerror = array();
+    $newerror['name'] = "Memcache Config";
+    $newerror['level'] = 2;
+    $newerror['extdesc'] = "Memcache is a service that you run that lets us cache commonly used data and access it quickly. It's highly recommended you <a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#requirements-1'>install the service and php packages</a> for your distro.";
+    $newerror['description'] = "You have memcache disabled in the config but it's available and works! Enable it for best performance.";
+    $newerror['configvalue'] = "memcache.enabled";
+    $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache"; 
+    $error[] = $newerror;
+    $newerror = null;
+  } else {
+    $newerror = array();
+    $newerror['name'] = "Memcache Config";
+    $newerror['level'] = 2;
+     $newerror['extdesc'] = "Memcache is a service that you run that lets us cache commonly used data and access it quickly. It's highly recommended you <a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#requirements-1'>install the service and php packages</a> for your distro.";
+    $newerror['description'] = "Memcache is disabled; Almost every linux distro has packages for it, you should be using it if you can.";
+    $newerror['configvalue'] = "memcache.enabled";
+    $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-memcache"; 
+    $error[] = $newerror;
+    $newerror = null;
+  }
+}
+
+// check anti DOS protection, we need memcache for that
+if ($config['mc_antidos'] && !$config['memcache']['enabled']) {
+  $newerror = array();
+  $newerror['name'] = "Memcache Config";
+  $newerror['level'] = 3;
+   $newerror['extdesc'] = "Memcache is a service that you run that lets us cache commonly used data and access it quickly. It's highly recommended you <a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#requirements-1'>install the service and php packages</a> for your distro.";
+  $newerror['description'] = "mc_antidos is enabled and memcache is not, <u>memcache is required</u> to use this.";
+  $newerror['configvalue'] = "memcache.enabled";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#memcache-rate-limiting"; 
+  $error[] = $newerror;
+  $newerror = null;
+}

include/pages/admin/checks/check_permissions.inc.php

@@ -0,0 +1,55 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+if ($config['logging']['enabled']) {
+  // checks to see that the logging path is writable
+  if (!is_writable($config['logging']['path'])) {
+    $newerror = array();
+    $newerror['name'] = "Log path permissions";
+    $newerror['level'] = 3;
+    $newerror['extdesc'] = "In order to log data, we need to be able to write in the logs folder. See the link above for more details.";
+    $newerror['description'] = "Logging is enabled but we can't write in the logfile path.";
+    $newerror['configvalue'] = "logging.path";
+    $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#configuration-1";
+    $error[] = $newerror;
+    $newerror = null;
+  }
+}
+
+// check if we can write templates/cache and templates/compile -> error
+if (!is_writable(TEMPLATE_DIR . '/cache')) {
+  $newerror = array();
+  $newerror['name'] = "templates/cache permissions";
+  $newerror['level'] = 3;
+  $newerror['extdesc'] = "In order to cache template data, we need to be able to write in the templates/cache folder. See the link above for more details.";
+  $newerror['description'] = "templates/cache folder is not writable for uid {$apache_user['name']}";
+  $newerror['configvalue'] = "templates/cache folder";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#folder-permissions";
+  $error[] = $newerror;
+  $newerror = null;
+}
+if (!is_writable(TEMPLATE_DIR . '/compile')) {
+  $newerror = array();
+  $newerror['name'] = "templates/compile permissions";
+  $newerror['level'] = 3;
+  $newerror['extdesc'] = "In order to cache compiled template data, we need to be able to write in the templates/compile folder. See the link above for more details.";
+  $newerror['description'] = "templates/compile folder is not writable for uid {$apache_user['name']}";
+  $newerror['configvalue'] = "templates/compile folder";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#folder-permissions";
+  $error[] = $newerror;
+  $newerror = null;
+}
+
+// check if we can write the config files, we should NOT be able to -> error
+if (is_writable(INCLUDE_DIR.'/config/global.inc.php') || is_writable(INCLUDE_DIR.'/config/global.inc.dist.php') ||
+  is_writable(INCLUDE_DIR.'/config/security.inc.php') || is_writable(INCLUDE_DIR.'/config/security.inc.dist.php')) {
+  $newerror = array();
+  $newerror['name'] = "Config permissions";
+  $newerror['level'] = 2;
+  $newerror['extdesc'] = "For security purposes, the user your webserver runs as should not be able to write to the config files, only read from them. To fix this, check the ownership and permissions of the include/config files.";
+  $newerror['description'] = "Your config files <b>SHOULD NOT be writable by this user</b>!";
+  $newerror['configvalue'] = "global.inc.php and security.inc.php";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide#configuration-1";
+  $error[] = $newerror;
+  $newerror = null;
+}

include/pages/admin/checks/check_security.inc.php

@@ -0,0 +1,33 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+// check if password salts are sane
+if (strlen($config['SALT']) < 24 || strlen($config['SALTY']) < 24 || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
+  $newerror = array();
+  $newerror['name'] = "Password Salts";
+  $newerror['level'] = 2;
+  $newerror['extdesc'] = "Salts are important because they add a random element and 'padding' to passwords and other hashed strings. They should be changed from the default and should not be too short for increased security.";
+  if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
+    $newerror['description'] = "You absolutely <u>SHOULD NOT leave your SALT or SALTY default</u> changing them will require registering again.";
+  } else {
+    $newerror['description'] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again.</p>";
+  }
+  $newerror['configvalue'] = "SALT";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-defines--salts";
+  $error[] = $newerror;
+  $newerror = null;
+}
+
+// check if htaccess exists
+if (!file_exists(BASEPATH.".htaccess")) {
+  $newerror = array();
+  $newerror['name'] = ".htaccess";
+  $newerror['level'] = 2;
+  $newerror['extdesc'] = ".htaccess files let you control who/how files are accessed for Apache. If you're using Apache for MPOS, you should be using .htaccess.";
+  $htaccess_link = "<a href='https://github.com/MPOS/php-mpos/blob/next/public/.htaccess'>.htaccess</a>";
+  $newerror['description'] = "You don't seem to have a .htaccess in your public folder, if you're using Apache set it up: $htaccess_link";
+  $newerror['configvalue'] = ".htaccess";
+  $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki";
+  $error[] = $newerror;
+  $newerror = null;
+}

include/pages/admin/checks/check_stratum.inc.php

@@ -0,0 +1,40 @@
+<?php
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+
+// poke stratum using gettingstarted details -> enotice
+if (function_exists('socket_create')) {
+  $host = @gethostbyname($config['gettingstarted']['stratumurl']);
+  $port = $config['gettingstarted']['stratumport'];
+  if (isset($host) and
+    isset($port) and
+    ($socket=socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) and
+    (socket_set_option($socket, SOL_SOCKET, SO_SNDTIMEO, array('sec' => 3, 'usec' => 0))) and
+    (@socket_connect($socket, $host, $port)))
+  {
+    socket_close($socket);
+  } else {
+    $newerror = array();
+    $newerror['name'] = "Stratum information";
+    $newerror['level'] = 1;
+    $newerror['extdesc'] = "We tried to connect the stratum server that you set in your gettingstarted config, but an error occured somewhere along the way. Your stratum server may not be running currently, your firewall could be blocking the connection, or your coin daemon may not yet be fully synced, etc.";
+    $newerror['description'] = "We tried to poke your Stratum server using your \$config['gettingstarted'] settings but it didn't respond - " . socket_strerror(socket_last_error()) . ".";
+    $newerror['configvalue'] = "gettingstarted";
+    $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-getting-started";
+    $error[] = $newerror;
+    $newerror = null;
+  }
+} else {
+  // Connect via fsockopen as fallback
+  if (! $fp = @fsockopen($config['gettingstarted']['stratumurl'], $config['gettingstarted']['stratumport'], $errCode, $errStr, 1)) {
+    $newerror = array();
+    $newerror['name'] = "Stratum information";
+    $newerror['level'] = 1;
+    $newerror['extdesc'] = "We tried to connect the stratum server that you set in your gettingstarted config, but an error occured somewhere along the way. Your stratum server may not be running currently, your firewall could be blocking the connection, or your coin daemon may not yet be fully synced, etc.";
+    $newerror['description'] = "We tried to poke your Stratum server using your \$config['gettingstarted'] settings but it didn't respond.";
+    $newerror['configvalue'] = "gettingstarted";
+    $newerror['helplink'] = "https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-getting-started";
+    $error[] = $newerror;
+    $newerror = null;
+  }
+  @fclose($fp);
+}

include/pages/admin/earnings.inc.php

@@ -18,4 +18,3 @@ if ($user->isAuthenticated()) {
 }
 
 $smarty->assign('CONTENT', 'default.tpl');
-?>

include/pages/admin/invitations.inc.php

@@ -21,4 +21,3 @@ if (!$setting->getValue('disable_invitations')) {
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
-?>

include/pages/admin/monitoring.inc.php

@@ -26,4 +26,3 @@ $smarty->assign("CRONSTATUS", $aCronStatus);
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
-?>

include/pages/admin/news.inc.php

@@ -46,4 +46,3 @@ foreach ($aNews as $key => $aData) {
 }
 $smarty->assign("NEWS", $aNews);
 $smarty->assign("CONTENT", "default.tpl");
-?>

include/pages/admin/news_edit.inc.php

@@ -24,4 +24,3 @@ if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->val
 $aNews = $news->getEntry($_REQUEST['id']);
 $smarty->assign("NEWS", $aNews);
 $smarty->assign("CONTENT", "default.tpl");
-?>

include/pages/admin/newsletter.inc.php

@@ -38,4 +38,3 @@ if ($setting->getValue('notifications_disable_pool_newsletter', 0) == 1) {
   }
   $smarty->assign("CONTENT", "default.tpl");
 }
-?>