[Pushpool Web Frontend] Simplecoin v5.0 Opensource PHP/MySQL - NEW RELEASE

[simplecoin]

hey you updated the git repo while i was making a patch:

http://paste.ubuntu.com/624849/

or

Code:

55c55
< 		$authPin	= (int) $_POST["authPin"];
---
> 		$authPin	= (string) $_POST["authPin"];
89c89
< 				if(!is_int($authPin)){
---
> 				if(!is_numeric($authPin)){

in register.php

This makes it so your pin can start with zero. or 2 zeros. or 3. this affected 2 out of three people on my new pool already :-p

Thanks for that, I'll make sure it gets in the repo

[1713887038]

1713887038

[1713887038]

1713887038

[1713887038]

1713887038

[1713887038]

1713887038

[1713887038]

1713887038

[simplecoin]

Anyone know how to tag a specific commit? This is my 1st run using git for version control.

[simplecoin]

So far with the latest code, I'm passing security audits with flying colors.

If anyone notices anything, please let me know in a PM or feel free to send your own commits to the source for me to review.

Version 2 is well under way with db changes that will hopefully reduce mysqls requirements.

[simplecoin]

Big bugfix to the main cronjob!

was setting the counted enum by int.

to fix affected records:
stop cronjob
apply patch

get latest confirmed block
select blockNumber from networkBlocks where confirms > 119

update shares_history
update settings_history set counted='1' where counted=1 and blockNumber <= (above last blocknumber)
update settings_history set counted='0' where counted=0 and blockNumber > (above last blocknumber)

start cronjob


I don't think affected payouts, but it should have played hell with stats. However, to be sure, I'm disclosing the issue.

The entire shares_history workings are already very overhauled for v2. I'm implementing a condesed shares_counted table to keep shares_history much leaner.

[genewitch]

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. 

[simplecoin]

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. 

What is the php error from adminPanel? It should display if you have the admin flag.

I haven't implemented password reset, I'll add that to the adminPanel and a user option based on email.
If you want to do it manually, update the pass in webUsers to sha256 of pw+your salt.

your best bet for solving miner-related issues is to update shares or shares_history username to the new miner id, but dummy shares should work.

As for the bug, set your username in webUsers to unique. That should stop duplicates for now. I'll add a proper check in the next version.

[simplecoin]

Just added some minor updates I wanted to roll in before v2 and the required sql changes. 

v2 is well under way. I may roll it out before I finish all the sql optimizations. However, the biggest optimization will be included (read: archiving shares_history once counted).

[genewitch]

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. 

What is the php error from adminPanel? It should display if you have the admin flag.

Nothing, i get a blank area where the panel normally is, but the rest of the page loads fine (the template.) I have admin set on the account. the reason i updated is you said you fixed some things and security.

is v2 going to allow seamless upgrade from v1?

[d3c0n808]

I updated from git repo and each time i try to register it says user already exists, even though the database is empty.  I don't think its a issue of php not talking to mysql because if that were the case it wouldnt show anything I imagine.  Is anyone else having this issue?

[simplecoin]

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. 

What is the php error from adminPanel? It should display if you have the admin flag.

Nothing, i get a blank area where the panel normally is, but the rest of the page loads fine (the template.) I have admin set on the account. the reason i updated is you said you fixed some things and security.

is v2 going to allow seamless upgrade from v1?

You could downgrade the adminPanel to the previous version, the fixes to adminpanel were antiXSS related. If you are the only admin, cross-site scripting shouldn't be an issue on that page.

Can you momentarily turn on php display_errors to see what's hangning? or check the apache log?


For v2 it will not be seamless, it will require DB changes. I will create an upgrade sql script though.

[Lightspeed]

hey

wanted to take a look but site doesn't appear to be working

is ozco.in an implementation of your stuff?

cheers

[AnnihilaT]

Hey Mike,

I like where you are going with this but the cookie implementation appears to be broken and your register function is currently broken as well.   Is the latest master supposed to be a working checkout or are you in the middle or reworking things?  Some things i noticed:

- register.php simply doesnt work i had to make the following changes to get it to work:

Code:

                $testUserQ = mysql_query("SELECT id FROM webUsers WHERE username = '".$username."' LIMIT 1");
                        //If not, create new user
                        //if (!$testUserQ) {
                        if (($testUserQ == false) || (mysql_num_rows($testUserQ) == 0)) {

- logout.php simply doesnt work.  Once logged in its impossible to logout without the session either timing out (didnt try to wait for this) or manually updateding/removing the timestamp in the webUser table.  Also you use a meta refresh in logout and login but wouldnt a
         header("Location: /index.php");
be nicer? Or something alike ?

Im curious who is doing your security audit?  You mention that you are getting one done but no details about this.... this might be a good point to expand on since security with web apps are always difficult to get right.   Also you might want to look into the webmin running on your server...if its v1.54, its vulnerable to an XSS attack that can result in root user priveleges for a remote attacker.

[simplecoin]

Hey Mike,

I like where you are going with this but the cookie implementation appears to be broken and your register function is currently broken as well.   Is the latest master supposed to be a working checkout or are you in the middle or reworking things?  Some things i noticed:

- register.php simply doesnt work i had to make the following changes to get it to work:

Code:

                $testUserQ = mysql_query("SELECT id FROM webUsers WHERE username = '".$username."' LIMIT 1");
                        //If not, create new user
                        //if (!$testUserQ) {
                        if (($testUserQ == false) || (mysql_num_rows($testUserQ) == 0)) {

- logout.php simply doesnt work.  Once logged in its impossible to logout without the session either timing out (didnt try to wait for this) or manually updateding/removing the timestamp in the webUser table.  Also you use a meta refresh in logout and login but wouldnt a
         header("Location: /index.php");
be nicer? Or something alike ?

Im curious who is doing your security audit?  You mention that you are getting one done but no details about this.... this might be a good point to expand on since security with web apps are always difficult to get right.   Also you might want to look into the webmin running on your server...if its v1.54, its vulnerable to an XSS attack that can result in root user priveleges for a remote attacker.

I think a few unintended things snuck into the last checkout. I'm about halfway through with the v2 code, and I'm trying to keep it out of master for now.

I had an outpatient spinal procedure done today, so nothing will be checked in tonight. Hopefully I can have a demo of the new work on the test-net soon for some real-world testing and viewing.

As for the security audit, I'm handling them. I'm using internal tools from my professional work, along with acunetix & nmap so far. The current v2(&1.1) code checks out clear so far. If you have any additional recommendations, I'd love to hear them.

I'm not using webmin 1.54 on my production machines. Once back in production, ssh should suffice for the live server. I like to keep production running as lean as possible.



In the future, I'll branch new code and keep the master at the latest 100% stable version.

[Wayno]

Hello forums peoples,

I have been using simple coin to run a site and well it isn't working as it should. for starts the shares system is off as i found out after some days of testing and manual calculation, when 2 blocks are found with in a time frame the confirms STOP working on the older block, the cronjob system is hectic as it is if the db is updating the shares and the account balance part the system can run 2 cronjobs and you can get double payouts on the same block.

we have spent the last 48 hrs fixing the code to run correct and make things smoother. just a warning on this if u are planing to use the this code to run ur own large pool.

i found out the hard way

its a great front end but a lot of minor and large bugs to be found and isolated as well.

[dcconsulting]

Hi Wayno,

It Would be great in the spirit of Open Source to publish the fixed code to us. I am also running a pool on the Simplecoin Frontend and this makes me worry. Have not solved a block yet so it would be greatly appreciated before that.

Regards

[Spirals]

There seems to be a bug in accountsettings.php. Changing line 151:

Code:

}else if($inputAuthPin != $authPin && $act){

to:

Code:

}else if($inputAuthPin != $authPin && $act != "addWorker"){

fixes the warning about 'invalid authorization pin' when adding a worker.

[Wayno]

dcconsulting we have solved 5 so far in 10 days running, and oh boy wat a problem it was sorting everything out. the only big issue we had was that i am running bitcoind 3.22 and the backend needs to be changed to generate to immature on looking for blocks, we found 2 blocks on the same day 5 hours apart this is were all the fun started

be warned my code has been changed ALOT

https://github.com/Wayno

i havent uploaded the new db changes yet i will do that later on tonight

[dcconsulting]

Thank You Wayno !

edit : HAHA writings of a mad man !

[Wayno]

i have uploaded the db and new code.

[dcconsulting]

Wayno,

Running the cronjob.php I get the following

PHP Fatal error:  Call to undefined function lock() in /var/www/cronjobs/cronjob.php on line 25

In Cronjob Line 25 = lock("cronjob.php");

Any ideas ?