coinmarket.io (OP)
Member
 Offline
Activity: 98
Merit: 10
|
 |
January 25, 2014, 08:51:32 PM
Last edit: January 25, 2014, 09:04:25 PM by coinmarket.io |
|
Due to alot of FUD, we are releasing parts of the code responsible for logging the users in. https://gist.github.com/anonymous/0ea4963391498b35ce96
Code, that is responsible for logging users in and maintaining their session:
Edit: formatting lost while copying from github
/////////////////////////////////////////
// FILE 1: a route handler called "login"
/////////////////////////////////////////
module.exports = function(req, res) {
/* removed meaningless anti-bruteforce code from this sector */
if (req.params.logout) {
// handle loging the user aout
req.session.account = null;
req.session.user = null
delete req.session.account;
delete req.session.user;
res.redirect('/');
return;
}
/* removed hard-coded IP bans from sector */
if (req.body.username && req.body.password) {
// if the FORM was posted, then call the exchange.login method
exchange.login(req.body.username, req.body.password, function(err, user) {
if (err) {
// login failed, redirect
res.redirect('/');
}
else { // <- this means that exchange.login method called the callback without an error
// login OK, set session data and redirect
req.session.account = user.id.toString();
req.session.user = user;
res.redirect('/');
}
}, req /* pass connection to login handler */);
}
else {
// no login data in POST, redirect to /
res.redirect('/');
}
};
/////////////////////////////////////////
// FILE 2: a method called exchange.login
/////////////////////////////////////////
Exchange.prototype.login = function(username, password, callback, request) {
// salt password to protect from rainbow attack on a leaked database
password = this.saltPassword(username, password);
// hash it with SHA-1 to check against the database
password = crypto.createHash('sha1').update(password).digest("hex");
this.numLogins++; // increment login counter for stats
var exchange = this;
var query = 'SELECT * FROM accounts WHERE username = ? AND password = ?';
db.query(query, [username, password], function(err, rows) {
// if the database query returns error or no rows, then:
if (err || !rows || !rows.length) {
callback(err.toString());
return; // EXECUTION STOPS HERE
}
// code below executes only when a match was found (a row returned from the database)
var user = rows[0];
db.query('INSERT INTO logins VALUES (NULL, ?, ?, NOW())', [user.id, request.connection.remoteAddress]);
callback(null, user); // pass control back to the route handler (FILE 1)
exchange.numLoginsSuccess++; // increment successful login counter for stats
});
}
/////////////////////////////////////////
How do we check if an user is logged in?
We simply check for the session variables in every handler. |
|
|
|
|
|
leewilson
|
|
January 25, 2014, 08:54:42 PM |
|
I would think this has been suggested but I will suggest it anyway.
Is there any possibility to alphabetize the wallet and market??
Thanks
|
“If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the State BlockNet can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the State BlockNet to use all of its powers to repress dissent, for the truth is the mortal enemy of the lie, and thus by extension, the truth is the greatest enemy of the State BlockNet.” - Joseph Goebbels |
|
|
Olelukoye
Member
Offline
Activity: 74
Merit: 10
|
|
January 25, 2014, 08:58:25 PM |
|
Dear developers. My account is oleander.
There were three withdrawals initiated and there have been no confirmations so far. If it can be changed somehow please let me change my email address, maybe that will do the trick. Also, If you can, please confirm manually my pending withdrawals. If everything will be ok tomorrow, I'll make a nice donation for this exchange development. Sorry for the trouble and good luck!
|
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 09:01:51 PM |
|
Withdrawals confimed. PM me your next email address.
|
|
|
|
|
Taxidermista
Legendary
Offline
Activity: 1148
Merit: 1001
|
|
January 25, 2014, 09:15:13 PM |
|
Since the glitch I have a 5.21550639 CON unconfirmed deposit that seems stuck:
user: Taxidermista
Txid: 9c26b2dfe3fa0a04d404ee52fab840d00f202e53a8d680d984010e6e7444af56
And another 7.1208608 CON deposit missing:
Txid: 3218f11327eff094b8db0db7cc653c47d2699f1ad8b0f30e90d878f531b317e1
My CON deposit is still missing after 1 hour. |
|
|
|
|
AdamT
|
|
January 25, 2014, 09:18:03 PM
Last edit: January 25, 2014, 09:29:53 PM by AdamT |
|
Withdrawals confimed. PM me your next email address.
If you could please confirm my withdrawal of 50k NOBL from yesterday I would really appreciate it. No conf email since yesterday. I think I've asked like 4 times already. Thx.Great, thank you! So now I see them back in my wallet. I'm a bit worried if I try to withdraw now, I won't get the conf email again. Wut to do? |
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 09:20:09 PM |
|
My CON deposit is still missing after 2 hours.
This dude has made 325 deposits while we are asking not to use pool payouts... If you continue to make small payouts from pools, your account will be disabled for trading and only withdrawing will be an option. Looking for your deposit. |
|
|
|
|
Taxidermista
Legendary
Offline
Activity: 1148
Merit: 1001
|
|
January 25, 2014, 09:27:23 PM
Last edit: January 25, 2014, 09:38:22 PM by Taxidermista |
|
My CON deposit is still missing after 2 hours.
This dude has made 325 deposits while we are asking not to use pool payouts... This dude make most of his deposits from his wallets, sometimes from pools, every 5 or 6 minutes. Sometimes even more frequently, to six different exchanges. I did not know you have a problem with the frequency of deposits. Thank you for your answer full of constructive criticism. BTW, that CON deposit is still missing. Thank you for your time again. EDIT: And thank you for your threats, very refreshing. And constructive too. |
|
|
|
mrbildo
Member
Offline
Activity: 102
Merit: 10
|
|
January 25, 2014, 09:32:17 PM |
|
Any status on the account belonging to last night;s hacker? Has he withdrawn coins or are trades still reversable? If so, what is wallet ID stolen funds were sent to?
This can be found out easily by looking at the time and price of trades. Please look into this
|
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 09:41:17 PM |
|
And why in the world do you need to make deposits every few minutes?
Those two are flagged as "credited" in our database, the flagging happens AFTER an update to the balances table.
Wierd.
|
|
|
|
|
camper111
Newbie
Offline
Activity: 22
Merit: 0
|
 |
January 25, 2014, 09:42:13 PM |
|
Very fast exchange. No slow dialup connection as coinedup ... :-)
Good work.
|
|
|
|
|
Taxidermista
Legendary
Offline
Activity: 1148
Merit: 1001
|
|
January 25, 2014, 09:57:56 PM |
|
And why in the world do you need to make deposits every few minutes?
Those two are flagged as "credited" in our database, the flagging happens AFTER an update to the balances table.
Wierd.
I guess the coins are in the limbo. Thank you very much for your help anyway. Don't worry, I won't bother you again. |
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 10:00:41 PM |
|
Upcoming opt-in security feature: authorization of IP addresses via e-mail.
When enabled, you wont be able to log in from new IP addresses unless you click an autorization link in e-mail.
Clicking the link will whitelist that IP address. Removing from the whitelist will be possible form the settings page.
|
|
|
|
|
|
AdamT
|
|
January 25, 2014, 10:07:56 PM |
|
Dev, can you verify emails are going out for withdrawal confs? I want to try my withdrawal again and don't want it to get stuck again.
|
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 10:14:36 PM |
|
Dev, can you verify emails are going out for withdrawal confs? I want to try my withdrawal again and don't want it to get stuck again.
When SMTP does not accept our mail for delivery, we get notified. Hasnt happened, please be patient and check spam folder too. |
|
|
|
|
kalnas
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 10:33:12 PM |
|
Somebody is spaming orders and effectively clearing transaction history...
|
|
|
|
|
podyx
Legendary
Offline
Activity: 2338
Merit: 1035
|
|
January 25, 2014, 10:33:43 PM |
|
nothing
|
|
|
|
|
Freekiiee
Member
Offline
Activity: 96
Merit: 10
|
|
January 25, 2014, 10:34:03 PM |
|
scroll down, press cancel  |
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 10:40:46 PM |
|
Somebody is spaming orders and effectively clearing transaction history...
We have punished that user by CLEARING HIS BALANCE (not much).It's written on the front page: Trying to abuse or flood our system will result in account/balance loss! |
|
|
|
|
|
leewilson
|
|
January 25, 2014, 10:53:40 PM |
|
Somebody is spaming orders and effectively clearing transaction history...
We have punished that user by CLEARING HIS BALANCE (not much).It's written on the front page: Trying to abuse or flood our system will result in account/balance loss!yessss |
“If you tell a lie big enough and keep repeating it, people will eventually come to believe it. The lie can be maintained only for such time as the State BlockNet can shield the people from the political, economic and/or military consequences of the lie. It thus becomes vitally important for the State BlockNet to use all of its powers to repress dissent, for the truth is the mortal enemy of the lie, and thus by extension, the truth is the greatest enemy of the State BlockNet.” - Joseph Goebbels |
|
|
|
