[Pushpool Web Frontend] Simplecoin v5.0 Opensource PHP/MySQL - NEW RELEASE - page 11.

AnnihilaT

full member

Activity: 210

Merit: 100

Hey Mike,

I like where you are going with this but the cookie implementation appears to be broken and your register function is currently broken as well. Is the latest master supposed to be a working checkout or are you in the middle or reworking things? Some things i noticed:

- register.php simply doesnt work i had to make the following changes to get it to work:

Code:

$testUserQ = mysql_query("SELECT id FROM webUsers WHERE username = '".$username."' LIMIT 1");
//If not, create new user
//if (!$testUserQ) {
if (($testUserQ == false) || (mysql_num_rows($testUserQ) == 0)) {

- logout.php simply doesnt work. Once logged in its impossible to logout without the session either timing out (didnt try to wait for this) or manually updateding/removing the timestamp in the webUser table. Also you use a meta refresh in logout and login but wouldnt a
header("Location: /index.php");
be nicer? Or something alike ?

Im curious who is doing your security audit? You mention that you are getting one done but no details about this.... this might be a good point to expand on since security with web apps are always difficult to get right. Also you might want to look into the webmin running on your server...if its v1.54, its vulnerable to an XSS attack that can result in root user priveleges for a remote attacker.

Lightspeed

full member

Activity: 126

Merit: 100

hey

wanted to take a look but site doesn't appear to be working

is ozco.in an implementation of your stuff?

cheers

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: genewitch on June 14, 2011, 02:03:22 AM

Quote from: simplecoin on June 13, 2011, 05:43:08 PM

Quote from: genewitch on June 13, 2011, 04:48:53 PM

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. Undecided

What is the php error from adminPanel? It should display if you have the admin flag.

Nothing, i get a blank area where the panel normally is, but the rest of the page loads fine (the template.) I have admin set on the account. the reason i updated is you said you fixed some things and security.

is v2 going to allow seamless upgrade from v1?

You could downgrade the adminPanel to the previous version, the fixes to adminpanel were antiXSS related. If you are the only admin, cross-site scripting shouldn't be an issue on that page.

Can you momentarily turn on php display_errors to see what's hangning? or check the apache log?

For v2 it will not be seamless, it will require DB changes. I will create an upgrade sql script though.

d3c0n808

full member

Activity: 434

Merit: 101

I updated from git repo and each time i try to register it says user already exists, even though the database is empty. I don't think its a issue of php not talking to mysql because if that were the case it wouldnt show anything I imagine. Is anyone else having this issue?

genewitch

newbie

Activity: 28

Merit: 0

Quote from: simplecoin on June 13, 2011, 05:43:08 PM

Quote from: genewitch on June 13, 2011, 04:48:53 PM

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. Undecided

What is the php error from adminPanel? It should display if you have the admin flag.

Nothing, i get a blank area where the panel normally is, but the rest of the page loads fine (the template.) I have admin set on the account. the reason i updated is you said you fixed some things and security.

is v2 going to allow seamless upgrade from v1?

simplecoin

sr. member

Activity: 406

Merit: 250

Just added some minor updates I wanted to roll in before v2 and the required sql changes.

v2 is well under way. I may roll it out before I finish all the sql optimizations. However, the biggest optimization will be included (read: archiving shares_history once counted).

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: genewitch on June 13, 2011, 04:48:53 PM

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. Undecided

What is the php error from adminPanel? It should display if you have the admin flag.

I haven't implemented password reset, I'll add that to the adminPanel and a user option based on email.
If you want to do it manually, update the pass in webUsers to sha256 of pw+your salt.

your best bet for solving miner-related issues is to update shares or shares_history username to the new miner id, but dummy shares should work.

As for the bug, set your username in webUsers to unique. That should stop duplicates for now. I'll add a proper check in the next version.

genewitch

newbie

Activity: 28

Merit: 0

I tried to use the git version of adminPanel with my existing install (not latest git) - it doesn't show anything... the old adminPanel didn't do anything.

How do i reset a user's password?

Can i go into the sql database and add shares into a table to make up for the fact that i had to delete the user's duplicate entries?

Also
BUG: You can register the same username more than once. Undecided

simplecoin

sr. member

Activity: 406

Merit: 250

Big bugfix to the main cronjob!

was setting the counted enum by int.

to fix affected records:
stop cronjob
apply patch

get latest confirmed block
select blockNumber from networkBlocks where confirms > 119

update shares_history
update settings_history set counted='1' where counted=1 and blockNumber <= (above last blocknumber)
update settings_history set counted='0' where counted=0 and blockNumber > (above last blocknumber)

start cronjob

I don't think affected payouts, but it should have played hell with stats. However, to be sure, I'm disclosing the issue.

The entire shares_history workings are already very overhauled for v2. I'm implementing a condesed shares_counted table to keep shares_history much leaner.

simplecoin

sr. member

Activity: 406

Merit: 250

So far with the latest code, I'm passing security audits with flying colors.

If anyone notices anything, please let me know in a PM or feel free to send your own commits to the source for me to review.

Version 2 is well under way with db changes that will hopefully reduce mysqls requirements.

simplecoin

sr. member

Activity: 406

Merit: 250

Anyone know how to tag a specific commit? This is my 1st run using git for version control.

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: genewitch on June 11, 2011, 10:32:43 PM

hey you updated the git repo while i was making a patch:

http://paste.ubuntu.com/624849/

or

Code:

55c55
< $authPin = (int) $_POST["authPin"];
---
> $authPin = (string) $_POST["authPin"];
89c89
< if(!is_int($authPin)){
---
> if(!is_numeric($authPin)){

in register.php

This makes it so your pin can start with zero. or 2 zeros. or 3. this affected 2 out of three people on my new pool already :-p

Thanks for that, I'll make sure it gets in the repo Wink

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: gigabytecoin on June 12, 2011, 01:37:04 AM

Is simplecoin.us being ddos'd? I can't access it and haven't been able to for the last 2 hours.

It was being ddos'd, I took it down to fix Wink

Now that it is down, I'm going to take a few extra days to lock my server down. The site will be up before the pool, and I'm thinking about creating a testnet site for demoing/testing the newer versions.

genewitch

newbie

Activity: 28

Merit: 0

Quote from: gigabytecoin on June 12, 2011, 01:37:04 AM

Is simplecoin.us being ddos'd? I can't access it and haven't been able to for the last 2 hours.

most likely. and the owner is AFK (he mentioned this might happen and apologized)

gigabytecoin

sr. member

Activity: 280

Merit: 252

Is simplecoin.us being ddos'd? I can't access it and haven't been able to for the last 2 hours.

genewitch

newbie

Activity: 28

Merit: 0

hey you updated the git repo while i was making a patch:

http://paste.ubuntu.com/624849/

or

Code:

55c55
< $authPin = (int) $_POST["authPin"];
---
> $authPin = (string) $_POST["authPin"];
89c89
< if(!is_int($authPin)){
---
> if(!is_numeric($authPin)){

in register.php

This makes it so your pin can start with zero. or 2 zeros. or 3. this affected 2 out of three people on my new pool already :-p

simplecoin

sr. member

Activity: 406

Merit: 250

yes, pushpool fills shares, gets worker info from pool_worker.

sc fills the rest with cronjobs & user input.

genewitch

newbie

Activity: 28

Merit: 0

Quote from: simplecoin on June 11, 2011, 06:03:38 PM

right, pushpool uses the shares & pool_worker tables and should share them with simplecoin.

If you want, you could in theory remove shares & pool_worker from the sc database

Right, sc.pool_worker is sort of working as intended, as my worker can log in with genewitch.1 and x as the password. But you see how the active and hashrate aren't set? What sets those? pushpool?
Do i have to code that logic myself?

Code:

mysql> select * from sc.pool_worker;
+----+------------------+-------------+----------+--------+----------+
| id | associatedUserId | username | password | active | hashrate |
+----+------------------+-------------+----------+--------+----------+
| 1 | 1 | genewitch.1 | x | 0 | 0 |
+----+------------------+-------------+----------+--------+----------+
1 row in set (0.00 sec)

and shares is empty, is pushpool supposed to populate this? the reason i ask is i can go pester the pushpool developers :-)

Code:

mysql> select * from sc.shares;
Empty set (0.00 sec)

simplecoin

sr. member

Activity: 406

Merit: 250

right, pushpool uses the shares & pool_worker tables and should share them with simplecoin.

If you want, you could in theory remove shares & pool_worker from the sc database

genewitch

newbie

Activity: 28

Merit: 0

Quote from: simplecoin on June 11, 2011, 05:43:47 PM

Quote from: genewitch on June 11, 2011, 05:36:14 PM

Quote from: simplecoin on June 11, 2011, 02:37:38 PM

Quote from: genewitch on June 11, 2011, 02:36:17 PM

The php pages aren't showing any worker stats

sounds like the workers.php cronjob isn't running.

Nah, it's like the database for pushpool can't see the database for simplecoin and vice versa

Ah, pushpool & simplecoin should be using the same database.

they are, i called it sc and a user called pushpool was granted all permissions on it. Both simplecoin and pushpool use 'pushpool'@'localhost' as the database login, and i know pushpool can see the database because it allows my worker to login via -u genewitch.1 --pass=x.
what actually has the accounting, pushpool? Maybe i can dig through your PHP to see where the accounting database calls are and try the queries in a mysql prompt to see if there are the correct values in there. If you need any of my json or config files i can provide them.

Thanks for helping me, by the way. I'm setting this up for #xkcd on foonetic. :-)

Code:

Edit: hey, am i supposed to add anything to pushpool to take care of accounting? like add sql commands somewhere or something? Or does simplecoin use logs to determine shares and activity and set the mysql stuff itself? I know all the frontend (for payments) is NOT handled by pushpool stock install, so maybe i missed a step where i move a config file from simplecoin to somewhere else. I did run mysql sc

Topic: [Pushpool Web Frontend] Simplecoin v5.0 Opensource PHP/MySQL - NEW RELEASE - page 11. (Read 57208 times)