Merge pull request #673 from TheSerapher/issue-444-theserapher

Issue 444 theserapher

Author: TheSerapher

cronjobs/shared.inc.php

@@ -22,10 +22,13 @@
 // We need to find our include files so set this properly
 define("BASEPATH", "../public/");
 
-
 /*****************************************************
  * No need to change beyond this point               *
  *****************************************************/
+
+// Used in autoloading of API class, adding it to stop PHP warnings
+$dStartTime = microtime(true);
+
 // Our cron name
 $cron_name = basename($_SERVER['PHP_SELF'], '.php');
 

public/include/autoloader.inc.php

@@ -27,7 +27,6 @@
 require_once(INCLUDE_DIR . '/smarty.inc.php');
 
 // Load everything else in proper order
-require_once(CLASS_DIR . '/api.class.php');
 require_once(CLASS_DIR . '/mail.class.php');
 require_once(CLASS_DIR . '/tokentype.class.php');
 require_once(CLASS_DIR . '/token.class.php');
@@ -49,6 +48,7 @@
 require_once(CLASS_DIR . '/transaction.class.php');
 require_once(CLASS_DIR . '/notification.class.php');
 require_once(CLASS_DIR . '/news.class.php');
+require_once(CLASS_DIR . '/api.class.php');
 require_once(INCLUDE_DIR . '/lib/Michelf/Markdown.php');
 require_once(INCLUDE_DIR . '/lib/scrypt.php');
 

public/include/classes/api.class.php

@@ -7,6 +7,11 @@
  * Helper class for our API
  **/
 class Api extends Base {
+  private $api_version = '1.0.0';
+
+  function setStartTime($dStartTime) {
+    $this->dStartTime = $dStartTime;
+  }
   function isActive($error=true) {
     if (!$this->setting->getValue('disable_api')) {
       return true;
@@ -17,8 +22,45 @@ function isActive($error=true) {
       }
     }
   }
+
+  /**
+   * Create API json object from input array
+   * @param data Array data to create JSON for
+   * @param force bool Enforce a JSON object
+   * @return string JSON object
+   **/
+  function get_json($data, $force=false) {
+    return json_encode(
+      array( $_REQUEST['action'] => array(
+        'version' => $this->api_version,
+        'runtime' => (microtime(true) - $this->dStartTime) * 1000,
+        'data' => $data
+      )), $force ? JSON_FORCE_OBJECT : 0
+    );
+  }
+
+  /**
+   * Check user access level to the API call
+   **/
+  function checkAccess($user_id, $get_id=NULL) {
+    if ( ! $this->user->isAdmin($user_id) && (!empty($get_id) && $get_id != $user_id)) {
+      // User is NOT admin and tries to access an ID that is not their own
+      header("HTTP/1.1 401 Unauthorized");
+      die("Access denied");
+    } else if ($this->user->isAdmin($user_id) && !empty($get_id)) {
+      // User is an admin and tries to fetch another users data
+      $id = $get_id;
+      // Is it a username or a user ID
+      ctype_digit($_REQUEST['id']) ? $id = $get_id : $id = $this->user->getUserId($get_id);
+    } else {
+      $id = $user_id;
+    }
+    return $id;
+  }
 }
 
 $api = new Api();
 $api->setConfig($config);
+$api->setUser($user);
 $api->setSetting($setting);
+$api->setStartTime($dStartTime);

public/include/classes/mail.class.php

@@ -15,6 +15,49 @@ function checkStmt($bState) {
     return true;
   }
 
+  /**
+  * Mail form contact site admin
+  * @param senderName string senderName
+  * @param senderEmail string senderEmail
+  * @param senderSubject string senderSubject
+  * @param senderMessage string senderMessage
+  * @param email string config Email address
+  * @param subject string header subject
+  * @return bool
+  **/
+  public function contactform($senderName, $senderEmail, $senderSubject, $senderMessage) {
+    $this->debug->append("STA " . __METHOD__, 4);
+    if (preg_match('/[^a-z_\.\!\?\-0-9\\s ]/i', $senderName)) {
+      $this->setErrorMessage('Username may only contain alphanumeric characters');
+      return false;
+    }
+    if (empty($senderEmail) || !filter_var($senderEmail, FILTER_VALIDATE_EMAIL)) {
+      $this->setErrorMessage( 'Invalid e-mail address' );
+      return false;
+    }
+    if (preg_match('/[^a-z_\.\!\?\-0-9\\s ]/i', $senderSubject)) {
+      $this->setErrorMessage('Subject may only contain alphanumeric characters');
+      return false;
+    }
+    if (strlen(strip_tags($senderMessage)) < strlen($senderMessage)) {
+      $this->setErrorMessage('Your message may only contain alphanumeric characters');
+      return false;
+    }
+    $aData['senderName'] = $senderName;
+    $aData['senderEmail'] = $senderEmail;
+    $aData['senderSubject'] = $senderSubject;
+    $aData['senderMessage'] = $senderMessage;
+    $aData['email'] = $this->setting->getValue('website_email');
+    $aData['subject'] = 'Contact From';
+      if ($this->sendMail('contactform/body', $aData)) {
+        return true;
+     } else {
+       $this->setErrorMessage( 'Unable to send email' );
+       return false;
+     }
+    return false;
+  }
+
   public function sendMail($template, $aData) {
     $this->smarty->assign('WEBSITENAME', $this->setting->getValue('website_name'));
     $this->smarty->assign('SUBJECT', $aData['subject']);

public/include/classes/roundstats.class.php

@@ -102,20 +102,20 @@ public function getRoundStatsForAccounts($iHeight=0, $isAdmin=0) {
    * @param height int Block Height
    * @return data array Block round transactions
    **/
-  public function getAllRoundTransactions($iHeight=0) {
+  public function getAllRoundTransactions($iHeight=0, $admin) {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("
       SELECT
       t.id AS id,
-      a.username AS username,
+      IF(a.is_anonymous, IF( ? , a.username, 'anonymous'), a.username) AS username,
       t.type AS type,
       t.amount AS amount
       FROM $this->tableTrans AS t
       LEFT JOIN $this->tableBlocks AS b ON t.block_id = b.id
       LEFT JOIN $this->tableUsers AS a ON t.account_id = a.id
       WHERE b.height = ?
       ORDER BY id ASC");
-    if ($this->checkStmt($stmt) && $stmt->bind_param('i', $iHeight) && $stmt->execute() && $result = $stmt->get_result())
+    if ($this->checkStmt($stmt) && $stmt->bind_param('ii', $admin, $iHeight) && $stmt->execute() && $result = $stmt->get_result())
       return $result->fetch_all(MYSQLI_ASSOC);
     $this->debug->append('Unable to fetch transactions');
     return false;

public/include/classes/statistics.class.php

@@ -99,25 +99,25 @@ public function updateShareStatistics($aStats, $iBlockId) {
    * @param none
    * @return data object Return our hashrateas an object
    **/
-  public function getCurrentHashrate() {
+  public function getCurrentHashrate($interval=600) {
     $this->debug->append("STA " . __METHOD__, 4);
     if ($this->getGetCache() && $data = $this->memcache->get(__FUNCTION__)) return $data;
     $stmt = $this->mysqli->prepare("
       SELECT
       (
         (
-          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / 600 / 1000), 0) AS hashrate
+          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / ? / 1000), 0) AS hashrate
           FROM " . $this->share->getTableName() . "
-          WHERE time > DATE_SUB(now(), INTERVAL 600 SECOND)
+          WHERE time > DATE_SUB(now(), INTERVAL ? SECOND)
         ) + (
-          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / 600 / 1000), 0) AS hashrate
+          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / ? / 1000), 0) AS hashrate
           FROM " . $this->share->getArchiveTableName() . "
-          WHERE time > DATE_SUB(now(), INTERVAL 600 SECOND)
+          WHERE time > DATE_SUB(now(), INTERVAL ? SECOND)
         )
       ) AS hashrate
       FROM DUAL");
     // Catchall
-    if ($this->checkStmt($stmt) && $stmt->execute() && $result = $stmt->get_result() ) return $this->memcache->setCache(__FUNCTION__, $result->fetch_object()->hashrate);
+    if ($this->checkStmt($stmt) && $stmt->bind_param('iiii', $interval, $interval, $interval, $interval) && $stmt->execute() && $result = $stmt->get_result() ) return $this->memcache->setCache(__FUNCTION__, $result->fetch_object()->hashrate);
     $this->debug->append("Failed to get hashrate: " . $this->mysqli->error);
     return false;
   }
@@ -222,6 +222,8 @@ public function getAllUserShares() {
         } else {
           $data['data'][$row['id']]['valid'] += $row['valid'];
           $data['data'][$row['id']]['invalid'] += $row['invalid'];
+          $data['data'][$row['id']]['donate_percent'] = $row['donate_percent'];
+          $data['data'][$row['id']]['is_anonymous'] = $row['is_anonymous'];
         }
       }
       $data['share_id'] = $this->share->getMaxShareId();
@@ -293,28 +295,28 @@ public function getAllUserStats($filter='%') {
    * @param account_id integer User ID
    * @return data integer Current Hashrate in khash/s
    **/
-  public function getUserHashrate($account_id) {
+  public function getUserHashrate($account_id, $interval=600) {
     $this->debug->append("STA " . __METHOD__, 4);
-    if ($data = $this->memcache->get(__FUNCTION__ . $account_id)) return $data;
+    if ($this->getGetCache() && $data = $this->memcache->get(__FUNCTION__ . $account_id)) return $data;
     $stmt = $this->mysqli->prepare("
       SELECT
         (
-          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / 600 / 1000), 0) AS hashrate
+          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / ? / 1000), 0) AS hashrate
           FROM " . $this->share->getTableName() . " AS s,
                " . $this->user->getTableName() . " AS u
           WHERE u.username = SUBSTRING_INDEX( s.username, '.', 1 )
-            AND s.time > DATE_SUB(now(), INTERVAL 600 SECOND)
+            AND s.time > DATE_SUB(now(), INTERVAL ? SECOND)
             AND u.id = ?
         ) + (
-          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / 600 / 1000), 0) AS hashrate
+          SELECT IFNULL(ROUND(SUM(IF(difficulty=0, POW(2, (" . $this->config['difficulty'] . " - 16)), difficulty)) * 65536 / ? / 1000), 0) AS hashrate
           FROM " . $this->share->getArchiveTableName() . " AS s,
                " . $this->user->getTableName() . " AS u
           WHERE u.username = SUBSTRING_INDEX( s.username, '.', 1 )
-            AND s.time > DATE_SUB(now(), INTERVAL 600 SECOND)
+            AND s.time > DATE_SUB(now(), INTERVAL ? SECOND)
             AND u.id = ?
         ) AS hashrate
       FROM DUAL");
-    if ($this->checkStmt($stmt) && $stmt->bind_param("ii", $account_id, $account_id) && $stmt->execute() && $result = $stmt->get_result() )
+    if ($this->checkStmt($stmt) && $stmt->bind_param("iiiiii", $interval, $interval, $account_id, $interval, $interval, $account_id) && $stmt->execute() && $result = $stmt->get_result() )
       return $this->memcache->setCache(__FUNCTION__ . $account_id, $result->fetch_object()->hashrate);
     // Catchall
     $this->debug->append("Failed to fetch hashrate: " . $this->mysqli->error);
@@ -328,7 +330,7 @@ public function getUserHashrate($account_id) {
    **/
   public function getUserSharerate($account_id, $interval=600) {
     $this->debug->append("STA " . __METHOD__, 4);
-    if ($data = $this->memcache->get(__FUNCTION__ . $account_id)) return $data;
+    if ($this->getGetCache() && $data = $this->memcache->get(__FUNCTION__ . $account_id)) return $data;
     $stmt = $this->mysqli->prepare("
       SELECT
       (
@@ -400,6 +402,8 @@ public function getTopContributors($type='shares', $limit=15) {
         foreach ($data['data'] as $key => $aUser) {
           $data_new[$key]['shares'] = $aUser['valid'];
           $data_new[$key]['account'] = $aUser['username'];
+          $data_new[$key]['donate_percent'] = $aUser['donate_percent'];
+          $data_new[$key]['is_anonymous'] = $aUser['is_anonymous'];
         }
         return $data_new;
       }

public/include/classes/transaction.class.php

@@ -251,19 +251,19 @@ public function getBalance($account_id) {
     $this->debug->append("STA " . __METHOD__, 4);
     $stmt = $this->mysqli->prepare("
       SELECT
-        ROUND((
+        IFNULL(ROUND((
           SUM( IF( ( t.type IN ('Credit','Bonus') AND b.confirmations >= ? ) OR t.type = 'Credit_PPS', t.amount, 0 ) ) -
           SUM( IF( t.type IN ('Debit_MP', 'Debit_AP'), t.amount, 0 ) ) -
           SUM( IF( ( t.type IN ('Donation','Fee') AND b.confirmations >= ? ) OR ( t.type IN ('Donation_PPS', 'Fee_PPS', 'TXFee') ), t.amount, 0 ) )
-        ), 8) AS confirmed,
-        ROUND((
+        ), 8), 0) AS confirmed,
+        IFNULL(ROUND((
           SUM( IF( t.type IN ('Credit','Bonus') AND b.confirmations < ? AND b.confirmations >= 0, t.amount, 0 ) ) -
           SUM( IF( t.type IN ('Donation','Fee') AND b.confirmations < ? AND b.confirmations >= 0, t.amount, 0 ) )
-        ), 8) AS unconfirmed,
-        ROUND((
+        ), 8), 0) AS unconfirmed,
+        IFNULL(ROUND((
           SUM( IF( t.type IN ('Credit','Bonus') AND b.confirmations = -1, t.amount, 0) ) -
           SUM( IF( t.type IN ('Donation','Fee') AND b.confirmations = -1, t.amount, 0) )
-        ), 8) AS orphaned
+        ), 8), 0) AS orphaned
       FROM $this->table AS t
       LEFT JOIN " . $this->block->getTableName() . " AS b
       ON t.block_id = b.id

public/include/classes/user.class.php

@@ -43,6 +43,9 @@ private function getHash($string) {
   public function getUserName($id) {
     return $this->getSingle($id, 'username', 'id');
   }
+  public function getUserNameByEmail($email) {
+    return $this->getSingle($email, 'username', 'email', 's');
+  }
   public function getUserId($username) {
     return $this->getSingle($username, 'id', 'username', 's');
   }
@@ -126,6 +129,13 @@ public function checkLogin($username, $password) {
       $this->setErrorMessage("Invalid username or password.");
       return false;
     }
+    if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
+      $this->debug->append("Username is an e-mail", 2);
+      if (!$username = $this->getUserNameByEmail($username)) {
+        $this->setErrorMessage("Invalid username or password.");
+        return false;
+      }
+    }
     if ($this->isLocked($this->getUserId($username))) {
       $this->setErrorMessage("Account is locked. Please contact site support.");
       return false;
@@ -411,7 +421,7 @@ private function createSession($username) {
    * @param none
    * @return true
    **/
-  public function logoutUser($redirect="index.php") {
+  public function logoutUser($from="") {
     $this->debug->append("STA " . __METHOD__, 4);
     // Unset all of the session variables
     $_SESSION = array();
@@ -424,8 +434,11 @@ public function logoutUser($redirect="index.php") {
     session_destroy();
     // Enforce generation of a new Session ID and delete the old
     session_regenerate_id(true);
-    // Enforce a page reload
-    header("Location: $redirect");
+    // Enforce a page reload and point towards login with referrer included, if supplied
+    $location = @$_SERVER['HTTPS'] ? 'https' . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] : 'http' . '://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
+    if (!empty($from)) $location .= '?page=login&to=' . urlencode($from);
+    // if (!headers_sent()) header('Location: ' . $location);
+    exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');
   }
 
   /**
@@ -651,14 +664,14 @@ public function initResetPassword($username) {
    * @param none
    * @return bool
    **/
-  public function isAuthenticated() {
+  public function isAuthenticated($logout=true) {
     $this->debug->append("STA " . __METHOD__, 4);
     if (@$_SESSION['AUTHENTICATED'] == true &&
         !$this->isLocked($_SESSION['USERDATA']['id']) &&
         $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
       ) return true;
     // Catchall
-    $this->logoutUser();
+    if ($logout == true) $this->logoutUser($_SERVER['REQUEST_URI']);
     return false;
   }
 }

public/include/config/admin_settings.inc.php

@@ -102,6 +102,20 @@
   'name' => 'wallet_cold_coins', 'value' => $setting->getValue('wallet_cold_coins'),
   'tooltip' => 'Amount of coins held in a pools cold wallet.'
 );
+$aSettings['statistics'][] = array(
+  'display' => 'Ajax Refresh Interval', 'type' => 'select',
+  'options' => array('5' => '5', '10' => '10', '15' => '15', '30' => '30', '60' => '60' ),
+  'default' => 10,
+  'name' => 'statistics_ajax_refresh_interval', 'value' => $setting->getValue('statistics_ajax_refresh_interval'),
+  'tooltip' => 'How often to refresh data via ajax in seconds.'
+);
+$aSettings['statistics'][] = array(
+  'display' => 'Ajax Data Interval', 'type' => 'select',
+  'options' => array('60' => '1', '300' => '5', '600' => '10'),
+  'default' => 300,
+  'name' => 'statistics_ajax_data_interval', 'value' => $setting->getValue('statistics_ajax_data_interval'),
+  'tooltip' => 'Time in minutes, interval for hashrate and sharerate calculations. Higher intervals allow for better accuracy at a higer server load.'
+);
 $aSettings['statistics'][] = array(
   'display' => 'Block Statistics Count', 'type' => 'text',
   'size' => 25,
@@ -151,6 +165,13 @@
   'name' => 'acl_round_statistics', 'value' => $setting->getValue('acl_round_statistics'),
   'tooltip' => 'Make the round statistics page private (users only) or public.'
 );
+$aSettings['acl'][] = array(
+  'display' => 'Round Transactions', 'type' => 'select',
+  'options' => array( 0 => 'Admins', 1 => 'Public'),
+  'default' => 0,
+  'name' => 'acl_round_transactions', 'value' => $setting->getValue('acl_round_transactions'),
+  'tooltip' => 'Display all transactions regardless of admin status.'
+);
 $aSettings['system'][] = array(
   'display' => 'Disable e-mail confirmations', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes' ),
@@ -200,6 +221,13 @@
   'name' => 'disable_api', 'value' => $setting->getValue('disable_api'),
   'tooltip' => 'Enable or Disable the pool wide API functions. See API reference on Github for details.'
 );
+$aSettings['system'][] = array(
+  'display' => 'Disable Contactform', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes' ),
+  'default' => 0,
+  'name' => 'disable_contactform', 'value' => $setting->getValue('disable_contactform'),
+  'tooltip' => 'Enable or Disable Contactform. Users will not be able to use the contact form.'
+);
 $aSettings['recaptcha'][] = array(
   'display' => 'Enable re-Captcha', 'type' => 'select',
   'options' => array( 0 => 'No', 1 => 'Yes' ),