[Pushpool Web Frontend] Simplecoin v5.0 Opensource PHP/MySQL - NEW RELEASE - page 12.

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: genewitch on June 11, 2011, 05:36:14 PM

Quote from: simplecoin on June 11, 2011, 02:37:38 PM

Quote from: genewitch on June 11, 2011, 02:36:17 PM

The php pages aren't showing any worker stats even though a worker is connected to the pushpoold backend using the username and password set on the account details page. Did i screw a database step up?

sounds like the workers.php cronjob isn't running. this updates that stat.

Nah, it's like the database for pushpool can't see the database for simplecoin and vice versa, because my worker is connected and has done 800 shares, but neither the main hasrate nor my account details have any indication that any work has been done - IE no payment. Is there something i am missing? there's no documentation for any of this stuff!!!

Ah, pushpool & simplecoin should be using the same database.

genewitch

newbie

Activity: 28

Merit: 0

Quote from: simplecoin on June 11, 2011, 02:37:38 PM

Quote from: genewitch on June 11, 2011, 02:36:17 PM

The php pages aren't showing any worker stats even though a worker is connected to the pushpoold backend using the username and password set on the account details page. Did i screw a database step up?

sounds like the workers.php cronjob isn't running. this updates that stat.

Nah, it's like the database for pushpool can't see the database for simplecoin and vice versa, because my worker is connected and has done 800 shares, but neither the main hasrate nor my account details have any indication that any work has been done - IE no payment. Is there something i am missing? there's no documentation for any of this stuff!!!

simplecoin

sr. member

Activity: 406

Merit: 250

Update to source:
bug fix on adminPanel.
Some security fixes in place such as anti XSS injection and additional sql escaping.

Security fixes are untested, but I thought I should include them before calling it a day.

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: genewitch on June 11, 2011, 02:36:17 PM

The php pages aren't showing any worker stats even though a worker is connected to the pushpoold backend using the username and password set on the account details page. Did i screw a database step up?

sounds like the workers.php cronjob isn't running. this updates that stat.

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: ius on June 11, 2011, 02:10:18 PM

Quote from: simplecoin on June 11, 2011, 12:32:02 PM

I'm not a php dev, and this is the first php project I've done in about 8 years.

I value the open source spirit and like what you're doing (the idea behind it), but if you're unsure about your capabilities of publishing/writing/maintaining safe PHP code, then add a disclaimer or find someone willing to maintain/audit your work. Besides, SQL injection and XSS aren't isolated to just PHP..

People could lose user data and/or bitcoins (and more), and will then blame you/simplecoin..

Check your PM for some details.

Got it, will definitely fix the holes you recommended and add a disclaimer, thank you for your input.

genewitch

newbie

Activity: 28

Merit: 0

The php pages aren't showing any worker stats even though a worker is connected to the pushpoold backend using the username and password set on the account details page. Did i screw a database step up?

edit: i ran all the cronjob/*.php stuff just to make sure.

ius

newbie

Activity: 56

Merit: 0

Quote from: simplecoin on June 11, 2011, 12:32:02 PM

I'm not a php dev, and this is the first php project I've done in about 8 years.

I value the open source spirit and like what you're doing (the idea behind it), but if you're unsure about your capabilities of publishing/writing/maintaining safe PHP code, then add a disclaimer or find someone willing to maintain/audit your work. Besides, SQL injection and XSS aren't isolated to just PHP..

People could lose user data and/or bitcoins (and more), and will then blame you/simplecoin..

Check your PM for some details.

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: genewitch on June 11, 2011, 01:18:34 PM

i noticed that there wasn't much in the way of input sanitizing, but that was at a cursory glance and not being an expert on such things.
I will install phpmyadmin to edit the database so i don't have to use sql to do it. Thanks for the tip.

I'm hoping that pushpool will work on Natty, today. :-)

edit: please advise. Do i set the pushpool databasename to the same one simplecoin is using or are they seperate databases? IE i call my database simcoi for simplecoin, should i make another database called ppool for pushpool or point it at simcoi?

Ok i think i have to go talk to pushpool people now. Thanks for bearing with me :-)

np. The input should be somewhat sanitized by mysql_escape

genewitch

newbie

Activity: 28

Merit: 0

i noticed that there wasn't much in the way of input sanitizing, but that was at a cursory glance and not being an expert on such things.
I will install phpmyadmin to edit the database so i don't have to use sql to do it. Thanks for the tip.

I'm hoping that pushpool will work on Natty, today. :-)

edit: please advise. Do i set the pushpool databasename to the same one simplecoin is using or are they seperate databases? IE i call my database simcoi for simplecoin, should i make another database called ppool for pushpool or point it at simcoi?

Ok i think i have to go talk to pushpool people now. Thanks for bearing with me :-)

simplecoin

sr. member

Activity: 406

Merit: 250

Well, it's open source, rather than just saying it's unsafe, why not pm me with the issues you see.

I'm not a php dev, and this is the first php project I've done in about 8 years. I write enterprise .net apps for a living, and that's a whole different ballgame.

Jine

sr. member

Activity: 403

Merit: 250

I totally agree with ius on this matter.

--

Regards, Jim

ius

newbie

Activity: 56

Merit: 0

Unfortunately, a quick audit of the source code reveals that many secure coding practices were incorrectly and inconsistenly applied or neglected completely. Running this frontend in it's current state is not safe (to say the least - you could end up losing your users' data and bitcoins).

Drefsab

newbie

Activity: 5

Merit: 0

You might want to install something like phpmyadmin, use it to have a look at the database there will be table called webUsers. All the users in are in there, in that table there is a field called admin, if this is set to 0 the user is not an admin if its set to 1 they are

Im having a play with it myself at the moment its quite good though im having an issue where when I goto the admin page look at the settings if I try to change them with my admin users auth pin it doesnt error out but it doesnt change the settings, I can simply change the settings in the database directly but I guess I did something wrong will have a look through though.

genewitch

newbie

Activity: 28

Merit: 0

I got it installed, mysql set up, i was able to log in, but i had two questions. Now, i'm going to be doing this for nearly no vigorish, only EC2 costs of the pool hardware.

1) How do i set admin flag for an account? do i have to do that from mysql? Would it be too much to ask what the command is for that?
2) maybe this was just a cookie issue on the server, but whenever i logged out, and reloaded index.php it always showed me as logged in. I set the cookie name and / as the directory and the FQDN of the ec2 instance as the domain with a . in front. Is this the right way to do that? i tried looking at the linked page but it just said i needed a dot if i had example.com and .www.example.com

I'm more of an administrator of infrastructure and security than a programmer or DB admin, as you may have guessed; so i shall be thankful for any responses!

also, and this isn't mentioned, pushpool has to be set up, i didn't realize that for about 30 minutes after i got simplecoin working Grin

MyFarm

hero member

Activity: 854

Merit: 1000

Quote from: simplecoin on June 10, 2011, 01:58:27 PM

Just pushed some updates. One greatly improves performance of worker cronjob.

Thank you very much! Updated, no problems here.

simplecoin

sr. member

Activity: 406

Merit: 250

Just pushed some updates. One greatly improves performance of worker cronjob.

Also greatly improves estimate earnings.

lemonginger

full member

Activity: 210

Merit: 100

firstbits: 121vnq

I would like to start a bounty for development of good documentation for this. On the one hand, I do not think running a pool will ever be point and click, and we should be wary about people with very little server admin experience running pools. On the other hand, I think that more pools is a great thing.

+ 1 BTC for good documentation. Encourage to add bitcoins for docs or for features.

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: ?? on ??

Some questions and help:

1. Out of curiosity, is it possible to tell WHO found a block with this software?

2. I noticed you extended cookie timeout to 7 days in your simplecoin.us thread. How do I do that?

3. My understanding is your software supports Long Polling. How do I turn that on? We're experiencing a LOT of invalid shares.

4. We had a user (user id 19 below) join with a huge pool of miners for awhile. He's currently showing a hash rate of 135363. Thing is, here is the lifetime shares:

User Id   Shares
19   47
12   9396
3   3020
17   1761

He is ranked number 1 but only has 47 shares. Any idea what may have happened?

Thank you so much. I've sent a bitcoin your way out of appreciation for everything you're doing

1. shares_history upstream_result = 'Y'
2. login.php time
3. That is part of pushpool, it should be enabled.
4. I'm not sure about that.... I'd wait to see if it evened out.

MyFarm

hero member

Activity: 854

Merit: 1000

Quote from: simplecoin on June 10, 2011, 12:59:13 AM

To be honest, I'm not sure how this works, but I'd be more than willing to incorporate it. I've already added a threshold, so that part is done. If I could make that work with generated block that'd be great.

You're amazing

The person who suggested it said to PM him if you had any questions. He's happy to help or point you in the right direction.

simplecoin

sr. member

Activity: 406

Merit: 250

Quote from: ?? on ??

Thank you for your continued support. My pool is live at www.ecocoin.org -- we donate our fees to buy trees and rainforest land to offset all the electricity everyone is using to mine. Anyway, someone replied to my thread with the following:

http://forum.bitcoin.org/index.php?topic=14343.msg194621#msg194621

Quote from: Quantumplation on June 10, 2011, 12:12:51 AM

Quote from: ?? on ??

Quote from: Quantumplation on June 09, 2011, 11:32:35 PM

Wow, such a simple idea, I love it. If you did block payouts like Eligius, I'd totally switch.

Can you please explain how the block payouts differ and why it's better? I'd be happy to refer your thoughts to the software developer if it is indeed a superior system. Thank you.

Here's a block solved by the Eligius pool:

http://blockexplorer.com/block/000000000000026210a972387c00e6db801346b32a815a996d698211d71a197c

The software keeps a virtual tally of your unpaid balance. Once this crosses 1btc, you're paid out on the next generated block, RIGHT there, in the generation block. The money never sits in some intermediary account held by the pool-owner. There's a lot less required trust, because while the pool owner can still shut down the pool before you get your "fair share" (aka virtual balance), HE doesn't get anything out of it. It's a very subtle and clever system, so I suggest you (or the developer) spend some time thinking about it to understand why it truly works, and I won't use a pool without it. Obviously, you can incorporate the 3% fees as just taking 3% off the top of the generation block to your own address. Eligius itself has no fees, but since your fees would be going to an actual cause, I might not mind as much.

I don't know if that methodology of processing blocks/payments is of interest to you, but if it is indeed superior, it may be something for you to consider. But again, I can't thank you enough for open sourcing this software and providing me the opportunity to hopefully help the environment via Bitcoin

To be honest, I'm not sure how this works, but I'd be more than willing to incorporate it. I've already added a threshold, so that part is done. If I could make that work with generated block that'd be great.

Topic: [Pushpool Web Frontend] Simplecoin v5.0 Opensource PHP/MySQL - NEW RELEASE - page 12. (Read 57208 times)