timmmay
Member
 Offline
Activity: 84
Merit: 10
|
 |
June 02, 2011, 02:48:23 PM
Last edit: June 02, 2011, 03:02:57 PM by timmmay |
|
I've got it to the stage where I can create an account but email validation doesn't work (no email sent).
What are the requirements for email validation to work?
In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41. There's no connectDb function, unlike in register.php which works fine. Can you have a look at this?
|
|
|
|
|
redditorrex
|
|
June 02, 2011, 05:43:52 PM |
|
Another note, this codes stores user passwords in plaintext. Only your 4 digit pin is hashed. //Test registration information
$act = $_POST["act"];
if($act == "attemptRegister"){
//Valid date all fields
$username = $_POST["user"];
$pass = $_POST["pass"];
$rPass = $_POST["pass2"];
$email = $_POST["email"];
$email2 = $_POST["email2"];
$authPin = (int) $_POST["authPin"];
$validRegister = 1;
//.....
//Validate passwords
if($pass != $rPass){
if(strlen($pass) < 5){
$validRegister = 0;
$returnError .= " | Password is too short";
}else{
$validRegister = 0;
$returnError .= " | Passwords do not match";
}
}
//.....
if($validRegister){
//Add user to webUsers
$emailAuthPin = genRandomString(10);
$secret = genRandomString(10);
connectToDb();
mysql_query("INSERT INTO `xenland_pushpool`.`webUsers` (`admin`, `username`, `pass`, `email`, `emailAuthPin`, `secret`, `loggedIp`, `sessionTimeoutStamp`, `accountLocked`, `accountFailedAttempts`, `pin`)
VALUES ('0', '".$username."', [b]'".$pass."[/b]', '".$email."', '".$emailAuthPin."', '".$secret."', '0', '0', '0', '0', '".[b]hash("sha256", $authPin)[/b]."')");
$goodMessage = "Successfully signed up! You must authorize your account by now logging into your email address of ".$email." and clicking the authorize link";
} Also, this does nothing. $salt isnt called on any of the hash functions. //Encrypt settings
$salt = "836483jd7Dg6h5s92k"; |
Reddit Mining Team - MtRed.com = Pure PPS + #00GH/s + LP(+) + AutoPay&InstaPay + Audio Notifications
Find us in #mtred @ irc.freenode.net
|
|
|
|
simplecoin
|
|
June 02, 2011, 06:02:07 PM |
|
Another note, this codes stores user passwords in plaintext. Only your 4 digit pin is hashed. //Test registration information
$act = $_POST["act"];
if($act == "attemptRegister"){
//Valid date all fields
$username = $_POST["user"];
$pass = $_POST["pass"];
$rPass = $_POST["pass2"];
$email = $_POST["email"];
$email2 = $_POST["email2"];
$authPin = (int) $_POST["authPin"];
$validRegister = 1;
//.....
//Validate passwords
if($pass != $rPass){
if(strlen($pass) < 5){
$validRegister = 0;
$returnError .= " | Password is too short";
}else{
$validRegister = 0;
$returnError .= " | Passwords do not match";
}
}
//.....
if($validRegister){
//Add user to webUsers
$emailAuthPin = genRandomString(10);
$secret = genRandomString(10);
connectToDb();
mysql_query("INSERT INTO `xenland_pushpool`.`webUsers` (`admin`, `username`, `pass`, `email`, `emailAuthPin`, `secret`, `loggedIp`, `sessionTimeoutStamp`, `accountLocked`, `accountFailedAttempts`, `pin`)
VALUES ('0', '".$username."', [b]'".$pass."[/b]', '".$email."', '".$emailAuthPin."', '".$secret."', '0', '0', '0', '0', '".[b]hash("sha256", $authPin)[/b]."')");
$goodMessage = "Successfully signed up! You must authorize your account by now logging into your email address of ".$email." and clicking the authorize link";
} Also, this does nothing. $salt isnt called on any of the hash functions. //Encrypt settings
$salt = "836483jd7Dg6h5s92k"; Yes, I forgot to mention this as well. I setup pw hashing on my site. It was no problem, but was insecure out of the box. |
Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
|
|
|
|
redditorrex
|
|
June 02, 2011, 06:11:36 PM |
|
Another note, this codes stores user passwords in plaintext. Only your 4 digit pin is hashed. //Test registration information
$act = $_POST["act"];
if($act == "attemptRegister"){
//Valid date all fields
$username = $_POST["user"];
$pass = $_POST["pass"];
$rPass = $_POST["pass2"];
$email = $_POST["email"];
$email2 = $_POST["email2"];
$authPin = (int) $_POST["authPin"];
$validRegister = 1;
//.....
//Validate passwords
if($pass != $rPass){
if(strlen($pass) < 5){
$validRegister = 0;
$returnError .= " | Password is too short";
}else{
$validRegister = 0;
$returnError .= " | Passwords do not match";
}
}
//.....
if($validRegister){
//Add user to webUsers
$emailAuthPin = genRandomString(10);
$secret = genRandomString(10);
connectToDb();
mysql_query("INSERT INTO `xenland_pushpool`.`webUsers` (`admin`, `username`, `pass`, `email`, `emailAuthPin`, `secret`, `loggedIp`, `sessionTimeoutStamp`, `accountLocked`, `accountFailedAttempts`, `pin`)
VALUES ('0', '".$username."', [b]'".$pass."[/b]', '".$email."', '".$emailAuthPin."', '".$secret."', '0', '0', '0', '0', '".[b]hash("sha256", $authPin)[/b]."')");
$goodMessage = "Successfully signed up! You must authorize your account by now logging into your email address of ".$email." and clicking the authorize link";
} Also, this does nothing. $salt isnt called on any of the hash functions. //Encrypt settings
$salt = "836483jd7Dg6h5s92k"; Yes, I forgot to mention this as well. I setup pw hashing on my site. It was no problem, but was insecure out of the box. Make sure you put that code in the tree for Xenland and others. |
Reddit Mining Team - MtRed.com = Pure PPS + #00GH/s + LP(+) + AutoPay&InstaPay + Audio Notifications
Find us in #mtred @ irc.freenode.net
|
|
|
|
d3c0n808
|
|
June 02, 2011, 07:28:50 PM |
|
I've got it to the stage where I can create an account but email validation doesn't work (no email sent).
What are the requirements for email validation to work?
In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41. There's no connectDb function, unlike in register.php which works fine. Can you have a look at this?
I concur I had the same issue, sendmail works so not sure why the validation didnt work. Also I was unable to create new user or login to exhisting user i was able to get rid of the mysql bad account by changing the default account settings in php.ini but thats didnt fix anythign |
|
|
|
|
Xenland (OP)
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
June 02, 2011, 07:39:37 PM
Last edit: June 02, 2011, 08:34:30 PM by Xenland |
|
Yes for some reason when I tar.ball'd it, I accidentally included the dev files at the time so those features were removed for testing purposes. Passwords are not hashed, in version one, nor was send email valid, theres a couple of other things too. Check out my first post I wrote up a "Bug list in version 1" they are all crossed out becuase that means i fixed them in version 2 which should be released in two or three days. Also I'm sure alot of you though it was annoying to change the $dir folder in every page, so I found a reliable code to auto-magically find it for you so all new installs should only need to change the requiredFunctions.php and that will be it  On a side note what kind of stats would you like included? |
|
|
|
|
Xenland (OP)
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
June 02, 2011, 07:49:35 PM |
|
I've got it to the stage where I can create an account but email validation doesn't work (no email sent).
What are the requirements for email validation to work?
In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41. There's no connectDb function, unlike in register.php which works fine. Can you have a look at this?
For a fix until v2 go into login.php and change connecDb() to connecToDb(); |
|
|
|
|
|
simplecoin
|
|
June 02, 2011, 10:25:23 PM |
|
And now more stat sharing code This is a worker monitor. I have it named cronjobs/workers.php <?php
$req = "/var/www/req/";
$functions = $req."requiredFunctions.php";
include($functions);
/////////Update workers
connectToDb();
//Active in past 10 minutes
try {
$sql ="SELECT sum(a.id) IS NOT NULL AS active, p.username FROM pool_worker p LEFT JOIN ".
"(SELECT count(id) AS id, username FROM shares_history WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username ".
"UNION ".
"SELECT count(id) AS id, username FROM shares_history WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username) a ON p.username=a.username group by username";
$result = mysql_query($sql);
while ($resultObj = mysql_fetch_object($result)) {
mysql_query("UPDATE pool_worker p SET active=".$resultObj->active." WHERE username='".$resultObj->username."'");
}
} catch (Exception $e) {}
change required, active(tinyint) added to pool_worker |
Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
|
|
|
|
d3c0n808
|
|
June 02, 2011, 10:49:04 PM |
|
I've got it to the stage where I can create an account but email validation doesn't work (no email sent).
What are the requirements for email validation to work?
In addition to this, looks like login.php is trying to connect to the mysql database without a username and password - line 41. There's no connectDb function, unlike in register.php which works fine. Can you have a look at this?
For a fix until v2 go into login.php and change connecDb() to connecToDb(); There is no connecDB in login.php i think thats why its defaulting to the default sql name, pw etc |
|
|
|
|
|
simplecoin
|
|
June 02, 2011, 11:21:21 PM |
|
And now more stat sharing code woops, that should be: <?php
$req = "/var/www/req/";
$functions = $req."requiredFunctions.php";
include($functions);
/////////Update workers
connectToDb();
//Active in past 10 minutes
try {
$sql ="SELECT sum(a.id) IS NOT NULL AS active, p.username FROM pool_worker p LEFT JOIN ".
"(SELECT count(id) AS id, username FROM shares WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username ".
"UNION ".
"SELECT count(id) AS id, username FROM shares_history WHERE time > DATE_SUB(now(), INTERVAL 10 MINUTE) group by username) a ON p.username=a.username group by username";
$result = mysql_query($sql);
while ($resultObj = mysql_fetch_object($result)) {
mysql_query("UPDATE pool_worker p SET active=".$resultObj->active." WHERE username='".$resultObj->username."'");
}
} catch (Exception $e) {}
|
Donations: 1VjGJHPtLodwCFBDWsHJMdEhqRcRKdBQk
|
|
|
Xenland (OP)
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
June 03, 2011, 12:03:20 AM |
|
Nice updates guys, I'll get github up and working after the 2nd version is released so everyone can have their own fork. Github dosen't want to accept my key or something so I can't upload nothing yet but I'll get it worked out soon
|
|
|
|
|
Xenland (OP)
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
June 03, 2011, 06:01:10 AM |
|
Version 2 is out!, The most notable updates are everything we've previously talked about, such as timestamp, and password hashing issues. Another feature is you ONLY need to edit a couple of files instead of editing the directory of every single page it auto-magically finds the path so it should be an easy as pie as some like to say to install and or update your front-end
|
|
|
|
|
timmmay
Member
Offline
Activity: 84
Merit: 10
|
|
June 03, 2011, 06:05:50 AM |
|
Version 2 is out!, The most notable updates are everything we've previously talked about, such as timestamp, and password hashing issues. Another feature is you ONLY need to edit a couple of files instead of editing the directory of every single page it auto-magically finds the path so it should be an easy as pie as some like to say to install and or update your front-end
Excellent! Going to give it a try tonight |
|
|
|
timmmay
Member
Offline
Activity: 84
Merit: 10
|
|
June 03, 2011, 10:20:23 AM |
|
So I've setup version 2 from scratch with new database based on the sql file you have included.
I can't get past registering a user. There seems to be some undefined variables causing the problem and these are:
From index.php:
PHP Notice: Undefined variable: files1 in /srv/www/htdocs/req/modules/loadModules.php on line 47
From register.php:
PHP Notice: Undefined variable: act in /srv/www/htdocs/register.php on line 41
PHP Notice: Undefined variable: act in /srv/www/htdocs/register.php on line 58
PHP Notice: Undefined variable: goodMessage in /srv/www/htdocs/register.php on line 156
PHP Notice: Undefined variable: returnError in /srv/www/htdocs/register.php on line 157
PHP Notice: Undefined variable: goodMessage in /srv/www/htdocs/register.php on line 160
Cheers
|
|
|
|
timmmay
Member
Offline
Activity: 84
Merit: 10
|
|
June 03, 2011, 10:33:35 AM |
|
Dude you've also hard coded your database name all over the place...are you planning on fixing that?
|
|
|
|
timmmay
Member
Offline
Activity: 84
Merit: 10
|
|
June 03, 2011, 11:28:02 AM |
|
So I added the following to register.php:
$act = $_POST["act"];
above
if($act == "auth"){
and that fixed the registration. I haven't configured mail properly so I just activated my account manual and gave myself admin.
I'm now successfully running a pool and it all seems to be working! My miners are hashing away and the shares are being recorded.
Are you planning on added the ability to show shares based on workers?
Still seems to be a few more bugs. I'm happy to work closer with you to debug them and improve the product further.
|
|
|
|
timmmay
Member
Offline
Activity: 84
Merit: 10
|
|
June 03, 2011, 11:52:49 AM |
|
Can you please explain the share and score payment types?
Is there a method to setup pay per share?
Cheers
|
|
|
|
timmmay
Member
Offline
Activity: 84
Merit: 10
|
|
June 03, 2011, 12:59:47 PM |
|
Another question...
When I query bitcoind getinfo, the hashespersec value is at 0. Shouldn't this be showing up the total hash value of the pool?
Cheers
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
June 03, 2011, 02:21:35 PM |
|
When I query bitcoind getinfo, the hashespersec value is at 0. Shouldn't this be showing up the total hash value of the pool?
Nope, that's normal. |
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
June 03, 2011, 02:46:09 PM |
|
Another question...
When I query bitcoind getinfo, the hashespersec value is at 0. Shouldn't this be showing up the total hash value of the pool?
Cheers
That is the hashing rate of your local node. Zero is a good number here. Anything higher is a waste. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
