Bitcoin Forum
December 02, 2016, 06:17:36 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
Author Topic: v5.6.0 ][ Open-Source Pooling Web Software ( MiningFarm )  (Read 53555 times)
timmmay
Member
**
Offline Offline

Activity: 70



View Profile
June 02, 2011, 02:48:23 PM
 #21

I've got it to the stage where I can create an account but email validation doesn't work (no email sent).

What are the requirements for email validation to work?

In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41.  There's no connectDb function, unlike in register.php which works fine.  Can you have a look at this?

If you want to be a moderator, report many posts with accuracy. You will be noticed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480702656
Hero Member
*
Offline Offline

Posts: 1480702656

View Profile Personal Message (Offline)

Ignore
1480702656
Reply with quote  #2

1480702656
Report to moderator
1480702656
Hero Member
*
Offline Offline

Posts: 1480702656

View Profile Personal Message (Offline)

Ignore
1480702656
Reply with quote  #2

1480702656
Report to moderator
1480702656
Hero Member
*
Offline Offline

Posts: 1480702656

View Profile Personal Message (Offline)

Ignore
1480702656
Reply with quote  #2

1480702656
Report to moderator
redditorrex
Sr. Member
****
Offline Offline

Activity: 280


Nom Nom Nom


View Profile WWW
June 02, 2011, 05:43:52 PM
 #22

Another note, this codes stores user passwords in plaintext.  Only your 4 digit pin is hashed.

Code:
//Test registration information
$act = $_POST["act"];
if($act == "attemptRegister"){
//Valid date all fields
$username = $_POST["user"];
$pass = $_POST["pass"];
$rPass = $_POST["pass2"];
$email = $_POST["email"];
$email2 = $_POST["email2"];
$authPin = (int) $_POST["authPin"];

$validRegister = 1;
//.....
//Validate passwords
if($pass != $rPass){
if(strlen($pass) < 5){
$validRegister = 0;
$returnError .= " | Password is too short";
}else{
$validRegister = 0;
$returnError .= " | Passwords do not match";
}
}
//.....
if($validRegister){
//Add user to webUsers
$emailAuthPin = genRandomString(10);
$secret = genRandomString(10);
connectToDb();
mysql_query("INSERT INTO `xenland_pushpool`.`webUsers` (`admin`, `username`, `pass`, `email`, `emailAuthPin`, `secret`, `loggedIp`, `sessionTimeoutStamp`, `accountLocked`, `accountFailedAttempts`, `pin`)
VALUES ('0', '".$username."', [b]'".$pass."[/b]', '".$email."', '".$emailAuthPin."', '".$secret."', '0', '0', '0', '0', '".[b]hash("sha256", $authPin)[/b]."')");
$goodMessage = "Successfully signed up! You must authorize your account by now logging into your email address of ".$email." and clicking the authorize link";
}


Also, this does nothing. $salt isnt called on any of the hash functions.

Code:
//Encrypt settings
$salt = "836483jd7Dg6h5s92k";


Reddit Mining Team - MtRed.com = Pure PPS + #00GH/s + LP(+) + AutoPay&InstaPay + Audio Notifications
Find us in #mtred @ irc.freenode.net
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
June 02, 2011, 06:02:07 PM
 #23

Another note, this codes stores user passwords in plaintext.  Only your 4 digit pin is hashed.

Code:
//Test registration information
$act = $_POST["act"];
if($act == "attemptRegister"){
//Valid date all fields
$username = $_POST["user"];
$pass = $_POST["pass"];
$rPass = $_POST["pass2"];
$email = $_POST["email"];
$email2 = $_POST["email2"];
$authPin = (int) $_POST["authPin"];

$validRegister = 1;
//.....
//Validate passwords
if($pass != $rPass){
if(strlen($pass) < 5){
$validRegister = 0;
$returnError .= " | Password is too short";
}else{
$validRegister = 0;
$returnError .= " | Passwords do not match";
}
}
//.....
if($validRegister){
//Add user to webUsers
$emailAuthPin = genRandomString(10);
$secret = genRandomString(10);
connectToDb();
mysql_query("INSERT INTO `xenland_pushpool`.`webUsers` (`admin`, `username`, `pass`, `email`, `emailAuthPin`, `secret`, `loggedIp`, `sessionTimeoutStamp`, `accountLocked`, `accountFailedAttempts`, `pin`)
VALUES ('0', '".$username."', [b]'".$pass."[/b]', '".$email."', '".$emailAuthPin."', '".$secret."', '0', '0', '0', '0', '".[b]hash("sha256", $authPin)[/b]."')");
$goodMessage = "Successfully signed up! You must authorize your account by now logging into your email address of ".$email." and clicking the authorize link";
}


Also, this does nothing. $salt isnt called on any of the hash functions.

Code:
//Encrypt settings
$salt = "836483jd7Dg6h5s92k";



Yes, I forgot to mention this as well. I setup pw hashing on my site. It was no problem, but was insecure out of the box.

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
redditorrex
Sr. Member
****
Offline Offline

Activity: 280


Nom Nom Nom


View Profile WWW
June 02, 2011, 06:11:36 PM
 #24

Another note, this codes stores user passwords in plaintext.  Only your 4 digit pin is hashed.

Code:
//Test registration information
$act = $_POST["act"];
if($act == "attemptRegister"){
//Valid date all fields
$username = $_POST["user"];
$pass = $_POST["pass"];
$rPass = $_POST["pass2"];
$email = $_POST["email"];
$email2 = $_POST["email2"];
$authPin = (int) $_POST["authPin"];

$validRegister = 1;
//.....
//Validate passwords
if($pass != $rPass){
if(strlen($pass) < 5){
$validRegister = 0;
$returnError .= " | Password is too short";
}else{
$validRegister = 0;
$returnError .= " | Passwords do not match";
}
}
//.....
if($validRegister){
//Add user to webUsers
$emailAuthPin = genRandomString(10);
$secret = genRandomString(10);
connectToDb();
mysql_query("INSERT INTO `xenland_pushpool`.`webUsers` (`admin`, `username`, `pass`, `email`, `emailAuthPin`, `secret`, `loggedIp`, `sessionTimeoutStamp`, `accountLocked`, `accountFailedAttempts`, `pin`)
VALUES ('0', '".$username."', [b]'".$pass."[/b]', '".$email."', '".$emailAuthPin."', '".$secret."', '0', '0', '0', '0', '".[b]hash("sha256", $authPin)[/b]."')");
$goodMessage = "Successfully signed up! You must authorize your account by now logging into your email address of ".$email." and clicking the authorize link";
}


Also, this does nothing. $salt isnt called on any of the hash functions.

Code:
//Encrypt settings
$salt = "836483jd7Dg6h5s92k";



Yes, I forgot to mention this as well. I setup pw hashing on my site. It was no problem, but was insecure out of the box.

Make sure you put that code in the tree for Xenland and others.

Reddit Mining Team - MtRed.com = Pure PPS + #00GH/s + LP(+) + AutoPay&InstaPay + Audio Notifications
Find us in #mtred @ irc.freenode.net
d3c0n808
Member
**
Offline Offline

Activity: 113

Not Goxed


View Profile
June 02, 2011, 07:28:50 PM
 #25

I've got it to the stage where I can create an account but email validation doesn't work (no email sent).

What are the requirements for email validation to work?

In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41.  There's no connectDb function, unlike in register.php which works fine.  Can you have a look at this?

I concur I had the same issue, sendmail works so not sure why the validation didnt work.  Also I was unable to create new user or login to exhisting user i was able to get rid of the mysql bad account by changing the default account settings in php.ini but thats didnt fix anythign

60 GH/s BFL Single SC - Pre-Order Yours Today!
`````` Only $1299.99 - butterflylabs.com ``````
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 02, 2011, 07:39:37 PM
 #26

Yes for some reason when I tar.ball'd it, I accidentally included the dev files at the time so those features were removed for testing purposes. Passwords are not hashed, in version one, nor was send email valid, theres a couple of other things too. Check out my first post I wrote up a "Bug list in version 1" they are all crossed out becuase that means i fixed them in version 2 which should be released in two or three days. Also I'm sure alot of you though it was annoying to change the $dir folder in every page, so I found a reliable code to auto-magically find it for you so all new installs should only need to change the requiredFunctions.php and that will be it Smiley

On a side note what kind of stats would you like included?
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 02, 2011, 07:49:35 PM
 #27

I've got it to the stage where I can create an account but email validation doesn't work (no email sent).

What are the requirements for email validation to work?

In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41.  There's no connectDb function, unlike in register.php which works fine.  Can you have a look at this?
For a fix until v2 go into login.php and change connecDb() to connecToDb();
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
June 02, 2011, 10:25:23 PM
 #28

And now more stat sharing code Smiley

This is a worker monitor. I have it named cronjobs/workers.php

Code:
<?php 

$req 
"/var/www/req/";
$functions $req."requiredFunctions.php";
include(
$functions);

/////////Update workers
connectToDb();

//Active in past 10 minutes
try {
$sql ="SELECT sum(a.id) IS NOT NULL AS active, p.username FROM pool_worker p LEFT JOIN ".
  "(SELECT count(id) AS id, username FROM shares_history WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username "
  "UNION ".
  "SELECT count(id) AS id, username FROM shares_history WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username) a ON p.username=a.username group by username";
$result mysql_query($sql);
while ($resultObj mysql_fetch_object($result)) {
mysql_query("UPDATE pool_worker p SET active=".$resultObj->active." WHERE username='".$resultObj->username."'");
}
} catch (
Exception $e) {}

change required, active(tinyint) added to pool_worker

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
d3c0n808
Member
**
Offline Offline

Activity: 113

Not Goxed


View Profile
June 02, 2011, 10:49:04 PM
 #29

I've got it to the stage where I can create an account but email validation doesn't work (no email sent).

What are the requirements for email validation to work?

In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41.  There's no connectDb function, unlike in register.php which works fine.  Can you have a look at this?
For a fix until v2 go into login.php and change connecDb() to connecToDb();



There is no connecDB in login.php i think thats why its defaulting to the default sql name, pw etc

60 GH/s BFL Single SC - Pre-Order Yours Today!
`````` Only $1299.99 - butterflylabs.com ``````
simplecoin
Sr. Member
****
Offline Offline

Activity: 406



View Profile WWW
June 02, 2011, 11:21:21 PM
 #30

And now more stat sharing code Smiley
woops, that should be:
Code:
<?php 

$req 
"/var/www/req/";
$functions $req."requiredFunctions.php";
include(
$functions);

/////////Update workers
connectToDb();

//Active in past 10 minutes
try {
$sql ="SELECT sum(a.id) IS NOT NULL AS active, p.username FROM pool_worker p LEFT JOIN ".
  "(SELECT count(id) AS id, username FROM shares WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username "
  "UNION ".
  "SELECT count(id) AS id, username FROM shares_history WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username) a ON p.username=a.username group by username";
$result mysql_query($sql);
while ($resultObj mysql_fetch_object($result)) {
mysql_query("UPDATE pool_worker p SET active=".$resultObj->active." WHERE username='".$resultObj->username."'");
}
} catch (
Exception $e) {}

Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 03, 2011, 12:03:20 AM
 #31

Nice updates guys, I'll get github up and working after the 2nd version is released so everyone can have their own fork. Github dosen't want to accept my key or something so I can't upload nothing yet but I'll get it worked out soon
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 03, 2011, 06:01:10 AM
 #32

Version 2 is out!, The most notable updates are everything we've previously talked about, such as timestamp, and password hashing issues. Another feature is you ONLY need to edit a couple of files instead of editing the directory of every single page it auto-magically finds the path so it should be an easy as pie as some like to say to install and or update your front-end
timmmay
Member
**
Offline Offline

Activity: 70



View Profile
June 03, 2011, 06:05:50 AM
 #33

Version 2 is out!, The most notable updates are everything we've previously talked about, such as timestamp, and password hashing issues. Another feature is you ONLY need to edit a couple of files instead of editing the directory of every single page it auto-magically finds the path so it should be an easy as pie as some like to say to install and or update your front-end

Excellent!  Going to give it a try tonight Smiley

timmmay
Member
**
Offline Offline

Activity: 70



View Profile
June 03, 2011, 10:20:23 AM
 #34

So I've setup version 2 from scratch with new database based on the sql file you have included.

I can't get past registering a user.  There seems to be some undefined variables causing the problem and these are:

From index.php:
PHP Notice:  Undefined variable: files1 in /srv/www/htdocs/req/modules/loadModules.php on line 47

From register.php:
PHP Notice:  Undefined variable: act in /srv/www/htdocs/register.php on line 41
PHP Notice:  Undefined variable: act in /srv/www/htdocs/register.php on line 58
PHP Notice:  Undefined variable: goodMessage in /srv/www/htdocs/register.php on line 156
PHP Notice:  Undefined variable: returnError in /srv/www/htdocs/register.php on line 157
PHP Notice:  Undefined variable: goodMessage in /srv/www/htdocs/register.php on line 160

Cheers

timmmay
Member
**
Offline Offline

Activity: 70



View Profile
June 03, 2011, 10:33:35 AM
 #35

Dude you've also hard coded your database name all over the place...are you planning on fixing that?

timmmay
Member
**
Offline Offline

Activity: 70



View Profile
June 03, 2011, 11:28:02 AM
 #36

So I added the following to register.php:

$act = $_POST["act"];

above

if($act == "auth"){

and that fixed the registration.  I haven't configured mail properly so I just activated my account manual and gave myself admin.

I'm now successfully running a pool and it all seems to be working!  My miners are hashing away and the shares are being recorded.

Are you planning on added the ability to show shares based on workers?

Still seems to be a few more bugs.  I'm happy to work closer with you to debug them and improve the product further.

timmmay
Member
**
Offline Offline

Activity: 70



View Profile
June 03, 2011, 11:52:49 AM
 #37

Can you please explain the share and score payment types?

Is there a method to setup pay per share?

Cheers

timmmay
Member
**
Offline Offline

Activity: 70



View Profile
June 03, 2011, 12:59:47 PM
 #38

Another question...

When I query bitcoind getinfo, the hashespersec value is at 0.  Shouldn't this be showing up the total hash value of the pool?

Cheers

davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 03, 2011, 02:21:35 PM
 #39

When I query bitcoind getinfo, the hashespersec value is at 0.  Shouldn't this be showing up the total hash value of the pool?
Nope, that's normal.

kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 03, 2011, 02:46:09 PM
 #40

Another question...

When I query bitcoind getinfo, the hashespersec value is at 0.  Shouldn't this be showing up the total hash value of the pool?

Cheers

That is the hashing rate of your local node.  Zero is a good number here.  Anything higher is a waste.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!