Topic: v5.6.0 ][ Open-Source Pooling Web Software ( MiningFarm ) - page 14. (Read 57216 times)

Many thanks to everyone in this thread for inspiration, You guys are going to like the fun new features

Check out regularly updated previews over @: mp2.fleshvirus.com

Any suggestions on securing url?string=query data for connecting to remote bitcoind app[?

Awesome, I've noted the time stamp problems, hash rate display, and especially MtGox integration sounds like a great idea!

So far, it handles most of what I need in a framework. The only real problem was broken references (could be a platform/install difference) and I can't get the stats page to do anything, nor find a proper reference for what it expects in the include. I took most of the css and other hacks directly from my own platform. I'd be happy to share the changes to further the project.

Major changes/additions:
shares table: timecode for time field, update to current on create
shares_history table: timecode time field updated in cron script on xfer.
current hashrate: custom class that compares shares/shares_history count over last 10 min.
mtgox integration: mtgox php api class.
added menu for index.php.
changes a few terms.

Thanks for the support guys esspecially the security issue that was pointed out byredditorrex, I got more features coming soon such as the colour of the header will reflect if the bitcoind server is off-line or online or something of the like.

What up simplecoin you stalker, you.
Nice use of style sheets, Didn't expect it to be used so soon. Keep us posted about your experiences with the software, and of course suggestions or comments. I just signed up for a github account so if you find any additions you can update the code there when I post up the github link.

oh, and many thanks to xenland. You'll have btc headed your way once I get everything straightened out.

1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.

PHP coders are funny when they talk.

FTFY

PHP coders are funny when they talk about security XD

Ahh I see what your saying, all i need to do is add a mysql_real_escape_string() that will be in version 2,

The call is from


and the code in question.

   
I just make my cookie = "1;DROP TABLE pool_workers;--"

All those pages that you showed up are irrleavent to registerGlobal hacks. I ALWAYS pre-set my variables if they are important. Which means I code with security in mind and if register globals is a red flag then you can see in my code that its un-hackable, even your example links show error messages showing every body that there is no access to admin with out "Admin Flag" set in the MySql Database. Those globals are there so the code knows which menu to output "NOT" which permissions to grant. Check my code again!!

Your entitled to your opinion about which software is better(obviously you'll think your software is better ) but could you please tell everyone how you MySql injected with the `checkCookie` function?

Not trying to sound like a dick, but reviewing over some of your code.

First concern: ಠ_ಠ
"register_globals = on"

This
http://mp2.fleshvirus.com/req/php.ini
http://mp2.fleshvirus.com/req/includeVariables
http://mp2.fleshvirus.com/req/loginAndUserStats.php?cookieValid=1
** http://mp2.fleshvirus.com/adminPanel.php?cookieValid=1&isAdmin=1

And thats where i stoped looking at your public tree, and started looking at code.

line 82: in requiredFunction.php in function `checkCookie` completely vulnerable to a SQL injection attack.


My advice to anyone wanting to run a pool / Stay away from this base.  


@Xenland php is easy to code, but hard to master. Again not trying to be mean. I just think people should be aware of what they are running on their severs.



- Sidenote: I run MtRed and EU.MtRed on a VPS and its fine.

Please keep going!

Lol especially when theres so little memory that pushpool and memcached kill each other fighting for it. "Their like animals I tell you!" but cant complain with 64mb of ram.

Don't get big while you're on a VPS.

Thanks I looked into that, and I see why you took the liberty to address that to me; I'll keep this in mind for version 2 | can't have any loop holes now can we

You probably want to use AGPL if it is a webservice!

Other sites using Mining Farm
http://46.4.148.165/
http://www.btcfarm.us/
http://mine.tenobis.com
http://www.abcbitcoin.net/

http://www.d3c0n.net/
http://bitcoinmonkey.com/
http://www.bitcoinage.com.au/

---

Version 4 | Features
*Safe for high-loads
*Strong encrypted session cookies
*Auth pin needed to change certain aspects of user profile
*Instant pay out
*Stats will calculate when the next block will be found and graphs the ETA
*Email Validation
*Percentage Fee option
*HTML is written with Style Sheets in mind
*Flexible administrator panel
*API support for workers status.
*Native support for TradeHill bitcoin worth, along
with a "Potential Balance" display that displays your account balance with the current worth
*Live WYSIWYG Blog post and Admin page editors

Planned Features
*Private Pool Option built in
*Option to donate to the mining farm Lotto
*Multiple Pool Support
*IPTABLES authentication

---

Mining Pool v4 | Installation Instructions
[Notes: Mining Farm is only officially tested on an Apache2 and Mysql database using Ubuntu linux. Although this software is aimed at working with all distro's and configuration it obviously can't be perfect, Make sure you detail your bug reports and don't get frustrated and we'll get this figured out.]

*Extract the miningpool-v4.rar to where your web server is located.
*Edit the functions.php file to your needs.

*Add a cronjob for blockUpdate.php that reflects the following to run every five minutes
*/5 * * * * php /path/to/webserver/req/cronjob/blockUpdater.php
*Add a cronjob for blockFound.php that reflects the following to run every 8 minutes
*/8 * * * * php /path/to/webserver/req/cronjob/blockFound.php


*If you want stats, cronjob the statsUpdater.php and all graphs will be updated upon execution
*Extract the insert_into_db.sql file into your database
*Edit your php.ini file to error_reporting = E_ALL & ~E_NOTICE
*Open up your website and register
*Activate your account with the email link or set the `emailAuthorised` flag to 1
*Go into the database and set your account with the `isAdmin` flag to 1
*You can now view the Admin Panel and start advertising your site to the bitcoin community

*For translations support you can add your .mo file in the language folder, MF2 uses gettext
[/size]

Updating Installs
Please don't PM me about updating installs help. There is just too many unknown variables to address the problem with out payment.
That being said the most common problems are

*Files are successfully being uploaded but there is no update?
[Solution: Delete the file from the server, then update. Myself and other all have this issue with FTP(sometimes SSH) and the file will not update unless it is completely removed from the server]

*Saving data during a Database update?
[The best way to do it is to backup your entire database on to an sql file.
delete the entire database so there are no tables or anything just the database selected,
then insert the miningfarm_database.sql file then insert the backupdate data and you should have
a clean update]