many improvements

README

@@ -1,3 +1,7 @@
+*warning* personal fork of simplecoin, work in progress, no guarantees it will work for you, just trying to fix php warnings for empty sets, short open tags . . .  and make it more secure for my own use
+
+---
+
 Simplecoin Web Mining Framework
 
 Requirements:
@@ -22,3 +26,8 @@ Tom Lightspeed : [email protected] : 16p56JHwLna29dFhTRcTAurj4Zc2eScxTD
 Please remember to include credit from previous authors in all forks and derivative works.
 
 Thanks!
+
+[![endorse](http://api.coderwall.com/neofutur/endorsecount.png)](http://coderwall.com/neofutur)
+
+"!http://api.coderwall.com/neofutur/endorsecount.png!":http://coderwall.com/neofutur
+

about.php

@@ -1,35 +1,35 @@
-<?php
-//    Copyright (C) 2011  Mike Allison <[email protected]>
-//
-//    This program is free software: you can redistribute it and/or modify
-//    it under the terms of the GNU General Public License as published by
-//    the Free Software Foundation, either version 3 of the License, or
-//    (at your option) any later version.
-//
-//    This program is distributed in the hope that it will be useful,
-//    but WITHOUT ANY WARRANTY; without even the implied warranty of
-//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//    GNU General Public License for more details.
-//
-//    You should have received a copy of the GNU General Public License
-//    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-// 	  BTC Donations: 163Pv9cUDJTNUbadV4HMRQSSj3ipwLURRc
-
-$pageTitle = "- About";
-include ("includes/header.php");
-?>
-			
-<b><u>About Bitcoins</u></b><br/>
-	<iframe width="560" height="349" src="http://www.youtube.com/embed/Um63OQz3bjo" frameborder="0" allowfullscreen></iframe><br/><br/>
-<b><u>About This Site</u></b><br/>
-This site is run by completely opensource software.<br/>
-Hosted on a Xen Virtual Machine<br/>
-Running Ubuntu<br/>
-PHP pages served by Apache webserver<br/>
-Official Bitcoin server<br/>
-Pushpool Bitcoin pool<br/>
-Simplecoin front-end<br/>			 			
-
-<?php include("includes/footer.php"); ?>
-
+<?php
+//    Copyright (C) 2011  Mike Allison <[email protected]>
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License as published by
+//    the Free Software Foundation, either version 3 of the License, or
+//    (at your option) any later version.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// 	  BTC Donations: 163Pv9cUDJTNUbadV4HMRQSSj3ipwLURRc
+
+$pageTitle = "- About";
+include ("includes/header.php");
+?>
+
+<b><u>About Bitcoins</u></b><br/>
+	<iframe width="560" height="349" src="http://www.youtube.com/embed/Um63OQz3bjo" frameborder="0" allowfullscreen></iframe><br/><br/>
+<b><u>About This Site</u></b><br/>
+This site is run by completely opensource software.<br/>
+Hosted on a Xen Virtual Machine<br/>
+Running Ubuntu<br/>
+PHP pages served by Apache webserver<br/>
+Official Bitcoin server<br/>
+Pushpool Bitcoin pool<br/>
+Simplecoin front-end<br/>			 			
+
+<?php include("includes/footer.php"); ?>
+

accountdetails.php

@@ -87,7 +87,7 @@
 							mysql_query("UPDATE accountBalance SET balance = '0', paid = '$paid' WHERE userId = $userId");
 							if ($bitcoinController->sendtoaddress($paymentAddress, $currentBalance)) {																									
 							$goodMessage = "You have successfully sent ".$currentBalance." to the following address:".$paymentAddress;
-								mail("$userEmail", "Simplecoin Manual Payout Notification", "Hello,\n\nYour requested manual payout of ". $currentBalance." BTC has been sent to your payment address ".$paymentAddress.".", "From: Simplecoin Notifications <[email protected]>");
+							mail("$userEmail", $poolname. "Manual Payout Notification", "Hello,\n\nYour requested manual payout of ". $currentBalance." BTC has been sent to your payment address : ".$paymentAddress.".", "From: ".$poolname. " Notifications <".$mailfrom.">");
 							//Set new variables so it appears on the page flawlessly
 							$currentBalance = 0;						
 								mysql_query("COMMIT");
@@ -248,7 +248,7 @@
 	<?php if (!$userBtcLock) { ?><tr><td colspan="2"><input type="checkbox" name="cbxLock" value="1" /> Permanently lock Bitcoin address to this account</td></tr><?php } ?>
 	<tr><td>Donation %: </td><td><input type="text" name="donatePercent" value="<?php echo antiXss($donatePercent);?>" size="4"></td></tr>
 	<tr><td>Automatic Payout: <br />(1-25 BTC, 0 for manual)</td><td valign="top"><input type="text" name="payoutThreshold" value="<?php echo antiXss($payoutThreshold);?>" size="2" maxlength="2"></td></tr>
-	<tr><td>Authorize Pin: </td><td><input type="password" name="authPin" size="4" maxlength="4"></td></tr>
+	<tr><td>Authorize Pin: </td><td><input type="password" name="authPin" size="4" maxlength="4" autocomplete="off"></td></tr>
 </table>
 <input type="submit" value="Update Account Settings"></form>
 <br />
@@ -260,7 +260,7 @@
 <table>
 	<tr><td>Account Balance: </td><td><?php echo antiXss($currentBalance); ?></td></tr>
 	<tr><td>Payout to: </td><td><?php echo antiXss($paymentAddress); ?></td></tr>
-	<tr><td>Authorize Pin: </td><td><input type="password" name="authPin" size="4" maxlength="4"></td></tr>
+	<tr><td>Authorize Pin: </td><td><input type="password" name="authPin" size="4" maxlength="4" autocomplete="off"></td></tr>
 </table>
 <input type="submit" value="Cash Out"></form>
 <br />
@@ -269,9 +269,9 @@
 <b><u>Change Password</u></b><br/>
 <form action="/accountdetails.php" method="post"><input type="hidden" name="act" value="updatePassword">
 <table>
-	<tr><td>Current Password: </td><td><input type="password" name="currentPassword"></td></tr>
-	<tr><td>New Password: </td><td><input type="password" name="newPassword"></td></tr>
-	<tr><td>New Password Repeat: </td><td><input type="password" name="newPassword2"></td></tr>
+	<tr><td>Current Password: </td><td><input type="password" name="currentPassword" autocomplete="off"></td></tr>
+	<tr><td>New Password: </td><td><input type="password" name="newPassword" autocomplete="off" ></td></tr>
+	<tr><td>New Password Repeat: </td><td><input type="password" name="newPassword2" autocomplete="off"></td></tr>
 	<tr><td>Authorize Pin: </td><td><input type="password" name="authPin" size="4"	maxlength="4"></td></tr>
 </table>
 <span style="text-decoration: underline;">(You will be redirected to the login screen upon success)</span> <br />
@@ -288,8 +288,8 @@
 while($worker = mysql_fetch_array($getWorkers)){
 ?>
 <form action="/accountdetails.php" method="post">
-<input type="hidden" name="workerId" value="<?=$worker["id"]?>">
-<?
+<input type="hidden" name="workerId" value="<?php echo $worker["id"]?>">
+<?php
 	//Display worker information and the forms to edit or update them
 	$splitUsername = explode(".", $worker["username"]);
 	$realUsername = $splitUsername[1];
@@ -313,7 +313,7 @@
 	name="authPin" size="4" maxlength="4"><br /> -->
 <?php echo antiXss($userInfo->username);?>.<input type="text" name="username"
 	value="user" size="10" maxlength="20"> &middot; <input type="text"
-	name="pass" value="pass" size="10" maxlength="20"> <input type="submit"
+	name="pass" value="pass" size="10" maxlength="20" autocomplete="off"> <input type="submit"
 	value="Add worker"></form>
 
 <br />

adminPanel.php

@@ -1,98 +1,99 @@
-<?php
-//    Copyright (C) 2011  Mike Allison <[email protected]>
-//
-//    This program is free software: you can redistribute it and/or modify
-//    it under the terms of the GNU General Public License as published by
-//    the Free Software Foundation, either version 3 of the License, or
-//    (at your option) any later version.
-//
-//    This program is distributed in the hope that it will be useful,
-//    but WITHOUT ANY WARRANTY; without even the implied warranty of
-//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//    GNU General Public License for more details.
-//
-//    You should have received a copy of the GNU General Public License
-//    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-// 	  BTC Donations: 163Pv9cUDJTNUbadV4HMRQSSj3ipwLURRc
-
+<?php
+//    Copyright (C) 2011  Mike Allison <[email protected]>
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License as published by
+//    the Free Software Foundation, either version 3 of the License, or
+//    (at your option) any later version.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// 	  BTC Donations: 163Pv9cUDJTNUbadV4HMRQSSj3ipwLURRc
+
 $pageTitle = "- Admin Panel";
-include ("includes/header.php");
+include ("includes/header.php");
+include ("includes/settings.php");
 
-$goodMessage = "";
-$returnError = "";
-//Scince this is the Admin panel we'll make sure the user is logged in and "isAdmin" enabled boolean; If this is not a logged in user that is enabled as admin, redirect to a 404 error page
-
-if(!$cookieValid || $isAdmin != 1) {
-	header('Location: /');
-	exit;
-}
-
+$goodMessage = "";
+$returnError = "";
+//Scince this is the Admin panel we'll make sure the user is logged in and "isAdmin" enabled boolean; If this is not a logged in user that is enabled as admin, redirect to a 404 error page
+
+if(!$cookieValid || $isAdmin != 1) {
+	header('Location: /');
+	exit;
+}
+$settings= new Settings;
 if (isset($_POST["act"]) && isset($_POST["authPin"]))
-{
+{
 	if (isset($_POST["authPin"])) {
 		$inputAuthPin = hash("sha256", $_POST["authPin"].$salt);
 	} else {
 		$inputAuthPin = NULL;
 	}
-
-	//Make sure an authPin is set and valid when $act is active
+	
+	//Make sure an authPin is set and valid when $act is active
 	if(isset($_POST["act"]) && $authPin == $inputAuthPin) {
 		$act = $_POST["act"];
-		//Update information if needed
-		if($act == "UpdateMainPageSettings"){
-			try {		
-				$settings->setsetting("sitepayoutaddress", mysql_real_escape_string($_POST["paymentAddress"]));
-				$settings->setsetting("sitepercent", mysql_real_escape_string($_POST["percentageFee"]));
-				$settings->setsetting("websitename", mysql_real_escape_string($_POST["headerTitle"]));
-				$settings->setsetting("pagetitle", mysql_real_escape_string($_POST["pageTitle"]));
-				$settings->setsetting("slogan", mysql_real_escape_string($_POST["headerSlogan"]));
-				$settings->setsetting("siterewardtype", mysql_real_escape_string($_POST["rewardType"]));
+		//Update information if needed
+		if($act == "UpdateMainPageSettings"){
+			try {		
+				$settings->setsetting("sitepayoutaddress", mysql_real_escape_string($_POST["paymentAddress"]));
+				$settings->setsetting("sitepercent", mysql_real_escape_string($_POST["percentageFee"]));
+				$settings->setsetting("websitename", mysql_real_escape_string($_POST["headerTitle"]));
+				$settings->setsetting("pagetitle", mysql_real_escape_string($_POST["pageTitle"]));
+				$settings->setsetting("slogan", mysql_real_escape_string($_POST["headerSlogan"]));
+				$settings->setsetting("siterewardtype", mysql_real_escape_string($_POST["rewardType"]));
 				$settings->setsetting("sitetxfee", mysql_real_escape_string($_POST["transactionFee"]));
-				$settings->loadsettings(); //refresh settings
-				$goodMessage = "Successfully updated general settings";
-			} catch (Exception $e) {
-				$returnError = "Database Failed - General settings was not updated";
-			}
-		}
-	} else if($act && $authPin != $inputAuthPin){
-		$returnError = "Authorization Pin # - Invalid";
-	}
-}
-
-//Display Error and Good Messages(If Any)
-echo "<span class=\"goodMessage\">".antiXss($goodMessage)."</span><br/>";
-echo "<span class=\"returnMessage\">".antiXss($returnError)."</span>";
-
-?>
-
-<div id="AdminContainer">
-	<h1 style="text-decoration:underline;">Welcome back admin</h1><br/>
-	<h3>General Settings</h3>
+				$settings->loadsettings(); //refresh settings
+				$goodMessage = "Successfully updated general settings";
+			} catch (Exception $e) {
+				$returnError = "Database Failed - General settings was not updated";
+			}
+		}
+	} else if($act && $authPin != $inputAuthPin){
+		$returnError = "Authorization Pin # - Invalid";
+	}
+}
+
+//Display Error and Good Messages(If Any)
+echo "<span class=\"goodMessage\">".antiXss($goodMessage)."</span><br/>";
+echo "<span class=\"returnMessage\">".antiXss($returnError)."</span>";
+
+?>
+
+<div id="AdminContainer">
+	<h1 style="text-decoration:underline;">Welcome back admin</h1><br/>
+	<h3>General Settings</h3>
 	<hr size="1" width="80%"></hr>
-	<!--Begin main page edits-->
-	<form action="/adminPanel.php" method="post">
-		<input type="hidden" name="act" value="UpdateMainPageSettings">
-		Page Title <input type="text" name="pageTitle" value="<?php echo antiXss($settings->getsetting("pagetitle"));?>"><br/>
-		Header Title <input type="text" name="headerTitle" value="<?php echo antiXss($settings->getsetting("websitename"));?>"><br/>
-		Header Slogan <input type="text" name="headerSlogan" value="<?php echo antiXss($settings->getsetting("slogan"));?>"><br/>
-		Percentage Fee <input type="text" name="percentageFee" size="10" maxlength="10" value="<?php echo antiXss($settings->getsetting("sitepercent")); ?>">%<br/>
+	<!--Begin main page edits-->
+	<form action="/adminPanel.php" method="post">
+		<input type="hidden" name="act" value="UpdateMainPageSettings">
+		Page Title <input type="text" name="pageTitle" value="<?php echo antiXss($settings->getsetting("pagetitle"));?>"><br/>
+		Header Title <input type="text" name="headerTitle" value="<?php echo antiXss($settings->getsetting("websitename"));?>"><br/>
+		Header Slogan <input type="text" name="headerSlogan" value="<?php echo antiXss($settings->getsetting("slogan"));?>"><br/>
+		Percentage Fee <input type="text" name="percentageFee" size="10" maxlength="10" value="<?php echo antiXss($settings->getsetting("sitepercent")); ?>">%<br/>
 		Transaction Fee <input type="text" name="transactionFee" size="10" maxlength="10" value="<?php echo antiXss($settings->getsetting("sitetxfee")); ?>" /> BTC<br/>
 		Fee Address <input type="text" name="paymentAddress" size="60" value="<?php echo antiXss($settings->getsetting("sitepayoutaddress"));?>"><br/>
-		Default Reward Type <select name="rewardType">
+		Default Reward Type <select name="rewardType">
 		<option value="0" <?php if ($settings->getsetting("siterewardtype") == 0) echo "selected"; ?>>Last N Shares</option>
-		<option value="1" <?php if ($settings->getsetting("siterewardtype") == 1) echo "selected"; ?>>Proportional</option>
-		</select>
-		<br/><br/>
-		Authorization Pin <input type="password" size="4" maxlength="4" name="authPin"><br/>
-		<input type="submit" value="Update Main Page Settings">
-	</form>
-	<br/><br/>
+		<option value="1" <?php if ($settings->getsetting("siterewardtype") == 1) echo "selected"; ?>>Proportional</option>
+		</select>
+		<br/><br/>
+		Authorization Pin <input type="password" size="4" maxlength="4" name="authPin"><br/>
+		<input type="submit" value="Update Main Page Settings">
+	</form>
+	<br/><br/>
 	<h3>Info</h3>
 	<hr size="1" width="80%"></hr>
-
-	<? 
-
+
+	<?php 
+
 	$sitewallet = mysql_query("SELECT sum(balance) FROM `accountBalance` WHERE `balance` > 0")or sqlerr(__FILE__, __LINE__);
 	$sitewalletq = mysql_fetch_row($sitewallet);
 	$usersbalance = $sitewalletq[0];
@@ -115,4 +116,4 @@
 	<a href=users.php style="color: blue">Show USers</a>
 </div>
 
-<?include ("includes/footer.php");?>
+<?include ("includes/footer.php");?>