Pages:
Author

Topic: v5.6.0 ][ Open-Source Pooling Web Software ( MiningFarm ) - page 14. (Read 57288 times)

legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Many thanks to everyone in this thread for inspiration, You guys are going to like the fun new features Smiley

Check out regularly updated previews over @: mp2.fleshvirus.com

Any suggestions on securing url?string=query data for connecting to remote bitcoind app[?
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Thanks for the support guys esspecially the security issue that was pointed out byredditorrex, I got more features coming soon such as the colour of the header will reflect if the bitcoind server is off-line or online or something of the like.

Quote from: simplecoin
1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.
What up simplecoin you stalker, you.
Nice use of style sheets, Didn't expect it to be used so soon. Keep us posted about your experiences with the software, and of course suggestions or comments. I just signed up for a github account so if you find any additions you can update the code there when I post up the github link.


So far, it handles most of what I need in a framework. The only real problem was broken references (could be a platform/install difference) and I can't get the stats page to do anything, nor find a proper reference for what it expects in the include. I took most of the css and other hacks directly from my own platform. I'd be happy to share the changes to further the project.

Major changes/additions:
shares table: timecode for time field, update to current on create
shares_history table: timecode time field updated in cron script on xfer.
current hashrate: custom class that compares shares/shares_history count over last 10 min.
mtgox integration: mtgox php api class.
added menu for index.php.
changes a few terms.

Awesome, I've noted the time stamp problems, hash rate display, and especially MtGox integration sounds like a great idea!
sr. member
Activity: 406
Merit: 250
Thanks for the support guys esspecially the security issue that was pointed out byredditorrex, I got more features coming soon such as the colour of the header will reflect if the bitcoind server is off-line or online or something of the like.

Quote from: simplecoin
1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.
What up simplecoin you stalker, you.
Nice use of style sheets, Didn't expect it to be used so soon. Keep us posted about your experiences with the software, and of course suggestions or comments. I just signed up for a github account so if you find any additions you can update the code there when I post up the github link.


So far, it handles most of what I need in a framework. The only real problem was broken references (could be a platform/install difference) and I can't get the stats page to do anything, nor find a proper reference for what it expects in the include. I took most of the css and other hacks directly from my own platform. I'd be happy to share the changes to further the project.

Major changes/additions:
shares table: timecode for time field, update to current on create
shares_history table: timecode time field updated in cron script on xfer.
current hashrate: custom class that compares shares/shares_history count over last 10 min.
mtgox integration: mtgox php api class.
added menu for index.php.
changes a few terms.
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Thanks for the support guys esspecially the security issue that was pointed out byredditorrex, I got more features coming soon such as the colour of the header will reflect if the bitcoind server is off-line or online or something of the like.

Quote from: simplecoin
1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.
What up simplecoin you stalker, you.
Nice use of style sheets, Didn't expect it to be used so soon. Keep us posted about your experiences with the software, and of course suggestions or comments. I just signed up for a github account so if you find any additions you can update the code there when I post up the github link.
sr. member
Activity: 406
Merit: 250
oh, and many thanks to xenland. You'll have btc headed your way once I get everything straightened out.
sr. member
Activity: 406
Merit: 250
1st post, longtime lurker

So, I decided to give this codebase a shot since my hand-crafted one was taking forever to write and mine wasn't much further along.

I've only spent the morning working with it, but it wasn't too hard to massage into my needs. My previous stats reporting won't work with this base, but I'm sure I'll find a way to incorporate it along with my other tweaks.

The site is http://simplecoin.us if you'd like to see it in action. The pool is currently going (0% fee proportional during development) if you'd like to toss any miners at it.

Keep in mind it's in its early stages, even I don't have all my miners hitting it yet.
sr. member
Activity: 280
Merit: 250
Nom Nom Nom
PHP coders are funny when they talk about security XD

PHP coders are funny when they talk.

FTFY
legendary
Activity: 1372
Merit: 1008
1davout
PHP coders are funny when they talk about security XD
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
The call is from

Code:
universalChecklogin.php (1 hits)
Line 27: $cookieValid = $validateCookie->checkCookie($_COOKIE[$cookieName], $ip);

and the code in question.

   
Code:
$cookieInfo = explode("-", $input);

//Get "secret" from MySql database
$getSecretQ = mysql_query("SELECT `secret`, `pass`, `sessionTimeoutStamp` FROM `webUsers` WHERE `id` = ".$cookieInfo[0]." LIMIT 0,1");
$getSecret = mysql_fetch_object($getSecretQ);

I just make my cookie = "1;DROP TABLE pool_workers;--"
Ahh I see what your saying, all i need to do is add a mysql_real_escape_string() that will be in version 2,
sr. member
Activity: 280
Merit: 250
Nom Nom Nom
The call is from

Code:
universalChecklogin.php (1 hits)
Line 27: $cookieValid = $validateCookie->checkCookie($_COOKIE[$cookieName], $ip);

and the code in question.

   
Code:
$cookieInfo = explode("-", $input);

//Get "secret" from MySql database
$getSecretQ = mysql_query("SELECT `secret`, `pass`, `sessionTimeoutStamp` FROM `webUsers` WHERE `id` = ".$cookieInfo[0]." LIMIT 0,1");
$getSecret = mysql_fetch_object($getSecretQ);

I just make my cookie = "1;DROP TABLE pool_workers;--"
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Not trying to sound like a dick, but reviewing over some of your code.

First concern: ಠ_ಠ
"register_globals = on"

This
http://mp2.fleshvirus.com/req/php.ini
http://mp2.fleshvirus.com/req/includeVariables
http://mp2.fleshvirus.com/req/loginAndUserStats.php?cookieValid=1
** http://mp2.fleshvirus.com/adminPanel.php?cookieValid=1&isAdmin=1

And thats where i stoped looking at your public tree, and started looking at code.

line 82: in requiredFunction.php in function `checkCookie` completely vulnerable to a SQL injection attack.


My advice to anyone wanting to run a pool / Stay away from this base.  


@Xenland php is easy to code, but hard to master. Again not trying to be mean. I just think people should be aware of what they are running on their severs.



- Sidenote: I run MtRed and EU.MtRed on a VPS and its fine.

All those pages that you showed up are irrleavent to registerGlobal hacks. I ALWAYS pre-set my variables if they are important. Which means I code with security in mind and if register globals is a red flag then you can see in my code that its un-hackable, even your example links show error messages showing every body that there is no access to admin with out "Admin Flag" set in the MySql Database. Those globals are there so the code knows which menu to output "NOT" which permissions to grant. Check my code again!!

Your entitled to your opinion about which software is better(obviously you'll think your software is better Tongue ) but could you please tell everyone how you MySql injected with the `checkCookie` function?
sr. member
Activity: 280
Merit: 250
Nom Nom Nom
Not trying to sound like a dick, but reviewing over some of your code.

First concern: ಠ_ಠ
"register_globals = on"

This
http://mp2.fleshvirus.com/req/php.ini
http://mp2.fleshvirus.com/req/includeVariables
http://mp2.fleshvirus.com/req/loginAndUserStats.php?cookieValid=1
** http://mp2.fleshvirus.com/adminPanel.php?cookieValid=1&isAdmin=1

And thats where i stoped looking at your public tree, and started looking at code.

line 82: in requiredFunction.php in function `checkCookie` completely vulnerable to a SQL injection attack.


My advice to anyone wanting to run a pool / Stay away from this base.  


@Xenland php is easy to code, but hard to master. Again not trying to be mean. I just think people should be aware of what they are running on their severs.



- Sidenote: I run MtRed and EU.MtRed on a VPS and its fine.
gll
newbie
Activity: 57
Merit: 0
Please keep going!
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Don't get big while you're on a VPS. Smiley

Lol especially when theres so little memory that pushpool and memcached kill each other fighting for it. "Their like animals I tell you!" but cant complain with 64mb of ram.
hero member
Activity: 588
Merit: 500
Don't get big while you're on a VPS. Smiley
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
You probably want to use AGPL if it is a webservice!

Thanks I looked into that, and I see why you took the liberty to address that to me; I'll keep this in mind for version 2 | can't have any loop holes now can we Tongue
full member
Activity: 227
Merit: 100
You probably want to use AGPL if it is a webservice!
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man

License Aggreement
MiningFarm web-site software is released under the AGPL license:http://www.gnu.org/licenses/agpl.html
In addition to the AGPL you are required with a free-license to keep all google ad-sense links and or images(Details are in the LICENSE file); Everything else is free game for change in accordance with AGPL. If you'd like to purchase a license(Free to do anything under the AGPL license but can remove advertisements) please contact me through PM
We gave options for Free and Commercial Solutions, refere


Welcome to the Official thread for Mining Farm

Mining farm provides a front-end to pushpool;
 Meaning pushpool handles all the clients/bitcoin miners and Mining Farm handles all the
splitting of the rewards, user account management, stats, and graphs.


Mining Farm Git Hub / Download Page

Currently Being Addressed Bug List

Other sites using Mining Farm
http://46.4.148.165/
http://www.btcfarm.us/
http://mine.tenobis.com
http://www.abcbitcoin.net/

http://www.d3c0n.net/
http://bitcoinmonkey.com/
http://www.bitcoinage.com.au/



Version 4 | Features
*Safe for high-loads
*Strong encrypted session cookies
*Auth pin needed to change certain aspects of user profile
*Instant pay out
*Stats will calculate when the next block will be found and graphs the ETA
*Email Validation
*Percentage Fee option
*HTML is written with Style Sheets in mind
*Flexible administrator panel
*API support for workers status.
*Native support for TradeHill bitcoin worth, along
with a "Potential Balance" display that displays your account balance with the current worth
*Live WYSIWYG Blog post and Admin page editors

Planned Features
*Private Pool Option built in
*Option to donate to the mining farm Lotto
*Multiple Pool Support
*IPTABLES authentication


Mining Pool v4 | Installation Instructions
[Notes: Mining Farm is only officially tested on an Apache2 and Mysql database using Ubuntu linux. Although this software is aimed at working with all distro's and configuration it obviously can't be perfect, Make sure you detail your bug reports and don't get frustrated and we'll get this figured out.]

*Extract the miningpool-v4.rar to where your web server is located.
*Edit the functions.php file to your needs.

*Add a cronjob for blockUpdate.php that reflects the following to run every five minutes
*/5 * * * * php /path/to/webserver/req/cronjob/blockUpdater.php
*Add a cronjob for blockFound.php that reflects the following to run every 8 minutes
*/8 * * * * php /path/to/webserver/req/cronjob/blockFound.php

Quote
If you are having issues such as stats not showing,
or bitcoins not being rewarded try the following command
too assist crontab to executing these functions(assuming Ubuntu distro):
Code:
sudo apt-get install php5-cli

*If you want stats, cronjob the statsUpdater.php and all graphs will be updated upon execution
*Extract the insert_into_db.sql file into your database
*Edit your php.ini file to error_reporting = E_ALL & ~E_NOTICE
*Open up your website and register
*Activate your account with the email link or set the `emailAuthorised` flag to 1
*Go into the database and set your account with the `isAdmin` flag to 1
*You can now view the Admin Panel and start advertising your site to the bitcoin community Smiley

*For translations support you can add your .mo file in the language folder, MF2 uses gettext
[/size]

Updating Installs
Please don't PM me about updating installs help. There is just too many unknown variables to address the problem with out payment.
That being said the most common problems are

*Files are successfully being uploaded but there is no update?
[Solution: Delete the file from the server, then update. Myself and other all have this issue with FTP(sometimes SSH) and the file will not update unless it is completely removed from the server]

*Saving data during a Database update?
[The best way to do it is to backup your entire database on to an sql file.
delete the entire database so there are no tables or anything just the database selected,
then insert the miningfarm_database.sql file then insert the backupdate data and you should have
a clean update]
Pages:
Jump to: