v5.6.0 ][ Open-Source Pooling Web Software ( MiningFarm )

[Xenland]

License Aggreement
MiningFarm web-site software is released under the AGPL license:http://www.gnu.org/licenses/agpl.html
In addition to the AGPL you are required with a free-license to keep all google ad-sense links and or images(Details are in the LICENSE file); Everything else is free game for change in accordance with AGPL. If you'd like to purchase a license(Free to do anything under the AGPL license but can remove advertisements) please contact me through PM
We gave options for Free and Commercial Solutions, refere

Welcome to the Official thread for Mining Farm

Mining farm provides a front-end to pushpool;
 Meaning pushpool handles all the clients/bitcoin miners and Mining Farm handles all the
splitting of the rewards, user account management, stats, and graphs.

Mining Farm Git Hub / Download Page

Currently Being Addressed Bug List

Other sites using Mining Farm
http://46.4.148.165/
http://www.btcfarm.us/
http://mine.tenobis.com
http://www.abcbitcoin.net/

http://www.d3c0n.net/
http://bitcoinmonkey.com/
http://www.bitcoinage.com.au/


Version 4 | Features
*Safe for high-loads
*Strong encrypted session cookies
*Auth pin needed to change certain aspects of user profile
*Instant pay out
*Stats will calculate when the next block will be found and graphs the ETA
*Email Validation
*Percentage Fee option
*HTML is written with Style Sheets in mind
*Flexible administrator panel
*API support for workers status.
*Native support for TradeHill bitcoin worth, along
with a "Potential Balance" display that displays your account balance with the current worth
*Live WYSIWYG Blog post and Admin page editors

Planned Features
*Private Pool Option built in
*Option to donate to the mining farm Lotto
*Multiple Pool Support
*IPTABLES authentication

Mining Pool v4 | Installation Instructions
[Notes: Mining Farm is only officially tested on an Apache2 and Mysql database using Ubuntu linux. Although this software is aimed at working with all distro's and configuration it obviously can't be perfect, Make sure you detail your bug reports and don't get frustrated and we'll get this figured out.]

*Extract the miningpool-v4.rar to where your web server is located.
*Edit the functions.php file to your needs.

*Add a cronjob for blockUpdate.php that reflects the following to run every five minutes
*/5 * * * * php /path/to/webserver/req/cronjob/blockUpdater.php
*Add a cronjob for blockFound.php that reflects the following to run every 8 minutes
*/8 * * * * php /path/to/webserver/req/cronjob/blockFound.php

If you are having issues such as stats not showing,
or bitcoins not being rewarded try the following command
too assist crontab to executing these functions(assuming Ubuntu distro):

Code:

sudo apt-get install php5-cli

*If you want stats, cronjob the statsUpdater.php and all graphs will be updated upon execution
*Extract the insert_into_db.sql file into your database
*Edit your php.ini file to error_reporting = E_ALL & ~E_NOTICE
*Open up your website and register
*Activate your account with the email link or set the `emailAuthorised` flag to 1
*Go into the database and set your account with the `isAdmin` flag to 1
*You can now view the Admin Panel and start advertising your site to the bitcoin community

*For translations support you can add your .mo file in the language folder, MF2 uses gettext
[/size]

Updating Installs
Please don't PM me about updating installs help. There is just too many unknown variables to address the problem with out payment.
That being said the most common problems are

*Files are successfully being uploaded but there is no update?
[Solution: Delete the file from the server, then update. Myself and other all have this issue with FTP(sometimes SSH) and the file will not update unless it is completely removed from the server]

*Saving data during a Database update?
[The best way to do it is to backup your entire database on to an sql file.
delete the entire database so there are no tables or anything just the database selected,
then insert the miningfarm_database.sql file then insert the backupdate data and you should have
a clean update]

[1715032395]

1715032395

[1715032395]

1715032395

[1715032395]

1715032395

[graingert]

You probably want to use AGPL if it is a webservice!

[Xenland]

You probably want to use AGPL if it is a webservice!

Thanks I looked into that, and I see why you took the liberty to address that to me; I'll keep this in mind for version 2 | can't have any loop holes now can we

[error]

Don't get big while you're on a VPS.

[Xenland]

Don't get big while you're on a VPS.

Lol especially when theres so little memory that pushpool and memcached kill each other fighting for it. "Their like animals I tell you!" but cant complain with 64mb of ram.

[gll]

Please keep going!

[redditorrex]

Not trying to sound like a dick, but reviewing over some of your code.

First concern: ಠ_ಠ
"register_globals = on"

This
http://mp2.fleshvirus.com/req/php.ini
http://mp2.fleshvirus.com/req/includeVariables
http://mp2.fleshvirus.com/req/loginAndUserStats.php?cookieValid=1
** http://mp2.fleshvirus.com/adminPanel.php?cookieValid=1&isAdmin=1

And thats where i stoped looking at your public tree, and started looking at code.

line 82: in requiredFunction.php in function `checkCookie` completely vulnerable to a SQL injection attack.


My advice to anyone wanting to run a pool / Stay away from this base.  


@Xenland php is easy to code, but hard to master. Again not trying to be mean. I just think people should be aware of what they are running on their severs.



- Sidenote: I run MtRed and EU.MtRed on a VPS and its fine.

[Xenland]

Not trying to sound like a dick, but reviewing over some of your code.

First concern: ಠ_ಠ
"register_globals = on"

This
http://mp2.fleshvirus.com/req/php.ini
http://mp2.fleshvirus.com/req/includeVariables
http://mp2.fleshvirus.com/req/loginAndUserStats.php?cookieValid=1
** http://mp2.fleshvirus.com/adminPanel.php?cookieValid=1&isAdmin=1

And thats where i stoped looking at your public tree, and started looking at code.

line 82: in requiredFunction.php in function `checkCookie` completely vulnerable to a SQL injection attack.


My advice to anyone wanting to run a pool / Stay away from this base.  


@Xenland php is easy to code, but hard to master. Again not trying to be mean. I just think people should be aware of what they are running on their severs.



- Sidenote: I run MtRed and EU.MtRed on a VPS and its fine.

All those pages that you showed up are irrleavent to registerGlobal hacks. I ALWAYS pre-set my variables if they are important. Which means I code with security in mind and if register globals is a red flag then you can see in my code that its un-hackable, even your example links show error messages showing every body that there is no access to admin with out "Admin Flag" set in the MySql Database. Those globals are there so the code knows which menu to output "NOT" which permissions to grant. Check my code again!!

Your entitled to your opinion about which software is better(obviously you'll think your software is better ) but could you please tell everyone how you MySql injected with the `checkCookie` function?

[redditorrex]

The call is from

Code:

universalChecklogin.php (1 hits)
	Line 27: 		$cookieValid		= $validateCookie->checkCookie($_COOKIE[$cookieName], $ip);

and the code in question.

   

Code:

$cookieInfo = explode("-", $input);
			
			//Get "secret" from MySql database
				$getSecretQ	= mysql_query("SELECT `secret`, `pass`, `sessionTimeoutStamp` FROM `webUsers` WHERE `id` = ".$cookieInfo[0]." LIMIT 0,1");
				$getSecret	= mysql_fetch_object($getSecretQ);

I just make my cookie = "1;DROP TABLE pool_workers;--"

[Xenland]

The call is from

Code:

universalChecklogin.php (1 hits)
	Line 27: 		$cookieValid		= $validateCookie->checkCookie($_COOKIE[$cookieName], $ip);

and the code in question.

   

Code:

$cookieInfo = explode("-", $input);
			
			//Get "secret" from MySql database
				$getSecretQ	= mysql_query("SELECT `secret`, `pass`, `sessionTimeoutStamp` FROM `webUsers` WHERE `id` = ".$cookieInfo[0]." LIMIT 0,1");
				$getSecret	= mysql_fetch_object($getSecretQ);

I just make my cookie = "1;DROP TABLE pool_workers;--"

Ahh I see what your saying, all i need to do is add a mysql_real_escape_string() that will be in version 2,

[davout]

PHP coders are funny when they talk about security XD

[redditorrex]

PHP coders are funny when they talk about security XD

PHP coders are funny when they talk.

FTFY

[simplecoin]

1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.

[simplecoin]

oh, and many thanks to xenland. You'll have btc headed your way once I get everything straightened out.

[Xenland]

Thanks for the support guys esspecially the security issue that was pointed out byredditorrex, I got more features coming soon such as the colour of the header will reflect if the bitcoind server is off-line or online or something of the like.

1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.

What up simplecoin you stalker, you.
Nice use of style sheets, Didn't expect it to be used so soon. Keep us posted about your experiences with the software, and of course suggestions or comments. I just signed up for a github account so if you find any additions you can update the code there when I post up the github link.

[simplecoin]

Thanks for the support guys esspecially the security issue that was pointed out byredditorrex, I got more features coming soon such as the colour of the header will reflect if the bitcoind server is off-line or online or something of the like.

1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.

What up simplecoin you stalker, you.
Nice use of style sheets, Didn't expect it to be used so soon. Keep us posted about your experiences with the software, and of course suggestions or comments. I just signed up for a github account so if you find any additions you can update the code there when I post up the github link.

So far, it handles most of what I need in a framework. The only real problem was broken references (could be a platform/install difference) and I can't get the stats page to do anything, nor find a proper reference for what it expects in the include. I took most of the css and other hacks directly from my own platform. I'd be happy to share the changes to further the project.

Major changes/additions:
shares table: timecode for time field, update to current on create
shares_history table: timecode time field updated in cron script on xfer.
current hashrate: custom class that compares shares/shares_history count over last 10 min.
mtgox integration: mtgox php api class.
added menu for index.php.
changes a few terms.

[Xenland]

Thanks for the support guys esspecially the security issue that was pointed out byredditorrex, I got more features coming soon such as the colour of the header will reflect if the bitcoind server is off-line or online or something of the like.

1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.

What up simplecoin you stalker, you.
Nice use of style sheets, Didn't expect it to be used so soon. Keep us posted about your experiences with the software, and of course suggestions or comments. I just signed up for a github account so if you find any additions you can update the code there when I post up the github link.

So far, it handles most of what I need in a framework. The only real problem was broken references (could be a platform/install difference) and I can't get the stats page to do anything, nor find a proper reference for what it expects in the include. I took most of the css and other hacks directly from my own platform. I'd be happy to share the changes to further the project.

Major changes/additions:
shares table: timecode for time field, update to current on create
shares_history table: timecode time field updated in cron script on xfer.
current hashrate: custom class that compares shares/shares_history count over last 10 min.
mtgox integration: mtgox php api class.
added menu for index.php.
changes a few terms.

Awesome, I've noted the time stamp problems, hash rate display, and especially MtGox integration sounds like a great idea!

[Xenland]

Many thanks to everyone in this thread for inspiration, You guys are going to like the fun new features

Check out regularly updated previews over @: mp2.fleshvirus.com

Any suggestions on securing url?string=query data for connecting to remote bitcoind app[?

[simplecoin]

Something handy I added to my cronjob/user table to cut down on huge sql calls (might save you some time on the stats calc):

Code:

/////////Update share counts
$sql ="select sum(id) as id, a.associatedUserId from ".
	  "(select count(s.id) as id, p.associatedUserId from shares s, pool_worker p WHERE p.username=s.username group by p.associatedUserId ".
	  "union ".
	  "select count(s.id) as id, p.associatedUserId from shares_history s, pool_worker p WHERE p.username=s.username group by p.associatedUserId) a group by associatedUserId";
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result)) {
	mysql_query("UPDATE webUsers SET share_count=".$row["id"]." WHERE id=".$row["associatedUserId"]);
}

$sql ="select sum(id) as id, a.associatedUserId from ".
	  "(select count(s.id) as id, p.associatedUserId from shares s, pool_worker p WHERE p.username=s.username AND s.our_result='N' group by p.associatedUserId  ".
	  "union ".
	  "select count(s.id) as id, p.associatedUserId from shares_history s, pool_worker p WHERE p.username=s.username AND s.our_result='N' group by p.associatedUserId) a group by associatedUserId ";
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result)) {
	mysql_query("UPDATE webUsers SET stale_share_count=".$row["id"]." WHERE id=".$row["associatedUserId"]);
}

$sql ="select sum(id) as id, a.associatedUserId from ".
	  "(select count(s.id) as id, p.associatedUserId from shares s, pool_worker p WHERE p.username=s.username AND s.our_result='Y' group by p.associatedUserId  ".
	  "union ".
	  "select count(s.id) as id, p.associatedUserId from shares_history s, pool_worker p WHERE p.username=s.username AND s.our_result='Y' AND s.counted=0 group by p.associatedUserId) a group by associatedUserId ";
$result = mysql_query($sql);
$totalsharesthisround = 0;
while ($row = mysql_fetch_array($result)) {
	mysql_query("UPDATE webUsers SET shares_this_round=".$row["id"]." WHERE id=".$row["associatedUserId"]);
	$totalsharesthisround += $row["id"];
}
mysql_query("UPDATE settings SET value='".$totalsharesthisround."' WHERE setting='currentroundshares'");

settings is my own table I use to hold sitewide info: 2 varchar fields
the other 3 fields are int fields I added to webUsers.
The readout is in my loginanduserstats file, I tacked the rest onto the existing universalchecklogin queries

[timmmay]

Nice work mate, been looking for something like this.  Keen to see v2