From b32cce7c40c8562e461a2c7454cc062d69375d54 Mon Sep 17 00:00:00 2001
From: iAmShorty <rafta@gmx.net>
Date: Fri, 16 May 2014 15:45:10 +0200
Subject: [PATCH] [UPDATE] prevent adding/editing workers unless a valid coin
 address is set in config

---
 include/config/admin_settings.inc.php         |  7 ++
 include/pages/account/workers.inc.php         | 77 +++++++++++--------
 include/smarty_globals.inc.php                |  1 +
 .../bootstrap/account/workers/disabled.tpl    |  0
 4 files changed, 52 insertions(+), 33 deletions(-)
 create mode 100644 templates/bootstrap/account/workers/disabled.tpl

diff --git a/include/config/admin_settings.inc.php b/include/config/admin_settings.inc.php
index 0a66e8314..4c0ed167b 100644
--- a/include/config/admin_settings.inc.php
+++ b/include/config/admin_settings.inc.php
@@ -385,6 +385,13 @@
   'name' => 'disable_transactionsummary', 'value' => $setting->getValue('disable_transactionsummary'),
   'tooltip' => 'Disable transaction summaries. Helpful with large transaction tables.'
 );
+$aSettings['system'][] = array(
+  'display' => 'Disable Worker Edit without valid Coin Address', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes'),
+  'default' => 0,
+  'name' => 'disable_worker_edit', 'value' => $setting->getValue('disable_worker_edit'),
+  'tooltip' => 'No worker editing without valid Payout Address set in User Config.'
+);
 $aSettings['system'][] = array(
   'display' => 'IRC Chat Channel', 'type' => 'text',
   'size' => 25,
diff --git a/include/pages/account/workers.inc.php b/include/pages/account/workers.inc.php
index 2284aa412..eeb9fb267 100644
--- a/include/pages/account/workers.inc.php
+++ b/include/pages/account/workers.inc.php
@@ -2,50 +2,61 @@
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) {
-  switch (@$_REQUEST['do']) {
-  case 'delete':
-    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
-      if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
-        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'alert alert-success');
+
+
+  if (!$user->getCoinAddress($_SESSION['USERDATA']['id']) AND $setting->getValue('disable_worker_edit')) {
+  
+    $_SESSION['POPUP'][] = array('CONTENT' => 'You have no payout address set.', 'TYPE' => 'alert alert-danger');
+    $_SESSION['POPUP'][] = array('CONTENT' => 'You can not add workers unless a valid Payout Address is set in your User Settings.', 'TYPE' => 'alert alert-danger');
+    $smarty->assign('CONTENT', 'disabled.tpl');
+    
+  } else {
+    switch (@$_REQUEST['do']) {
+    case 'delete':
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
+        if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
+          $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'alert alert-success');
+        } else {
+          $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        }
       } else {
-        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
       }
-    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
-    }
-    break;
+      break;
 
-  case 'add':
-    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
-      if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
-        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker added', 'TYPE' => 'alert alert-success');
+    case 'add':
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
+        if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
+          $_SESSION['POPUP'][] = array('CONTENT' => 'Worker added', 'TYPE' => 'alert alert-success');
+        } else {
+          $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        }
       } else {
-        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
       }
-    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
-    }
-    break;
+      break;
 
-  case 'update':
-    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
-      if ($worker->updateWorkers($_SESSION['USERDATA']['id'], @$_POST['data'])) {
-        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated', 'TYPE' => 'alert alert-success');
+    case 'update':
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
+        if ($worker->updateWorkers($_SESSION['USERDATA']['id'], @$_POST['data'])) {
+          $_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated', 'TYPE' => 'alert alert-success');
+        } else {
+          $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        }
       } else {
-        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
       }
-    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
+      break;
     }
-    break;
-  }
 
-  $smarty->assign('DISABLE_IDLEWORKERNOTIFICATIONS', $setting->getValue('notifications_disable_idle_worker'));
-  $aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
-  if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'alert alert-danger');
+    $smarty->assign('DISABLE_IDLEWORKERNOTIFICATIONS', $setting->getValue('notifications_disable_idle_worker'));
+    $aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
+    if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'alert alert-danger');
 
-  $smarty->assign('WORKERS', $aWorkers);
+    $smarty->assign('WORKERS', $aWorkers);
+    $smarty->assign('CONTENT', 'default.tpl');
+  }
 }
-$smarty->assign('CONTENT', 'default.tpl');
+
 
 ?>
diff --git a/include/smarty_globals.inc.php b/include/smarty_globals.inc.php
index 4b16205f7..de1fce445 100644
--- a/include/smarty_globals.inc.php
+++ b/include/smarty_globals.inc.php
@@ -78,6 +78,7 @@
     'disable_auto_payouts' => $setting->getValue('disable_auto_payouts'),
     'disable_contactform' => $setting->getValue('disable_contactform'),
     'disable_contactform_guest' => $setting->getValue('disable_contactform_guest'),
+    'disable_worker_edit' => $setting->getValue('disable_worker_edit'),
     'algorithm' => $config['algorithm'],
     'getbalancewithunconfirmed' => $config['getbalancewithunconfirmed'],
     'target_bits' => $coin->getTargetBits(),
diff --git a/templates/bootstrap/account/workers/disabled.tpl b/templates/bootstrap/account/workers/disabled.tpl
new file mode 100644
index 000000000..e69de29bb