Added to README and fixed queries with IN clauses which were not work…

…ing correctly with prepared statements.

README.md

@@ -22,7 +22,7 @@ Next, configure cron to poll PolyCash every minute. This keeps PolyCash in sync
 * * * * * root /usr/bin/php /var/www/html/polycash/src/cron/minutely.php
 ```
 
-Set "pageview_tracking_enabled" = true in your config.json if you want to track all pageviews.  This may help you to detect malicious activity on your server.  If you don't set this parameter, no IP addresses or pageviews will be tracked.
+Set "pageview_tracking_enabled" = true in your config.json if you want to track all pageviews.  If you don't set this parameter, no IP addresses or pageviews will be tracked.
 
 Next, point your browser to http://localhost/install.php?key=<operator_key> where <operator_key> is the random string that you generated above.  If Apache, MySQL and PHP are all installed correctly, PolyCash should automatically install.
 
@@ -46,4 +46,10 @@ a2enmod rewrite
 For faster page loads, make sure that browser caching is enabled
 ```
 a2enmod expires
-```
+```
+
+The user account you set up when installing has special permissions.  Use this account to import any game definitions for crypto assets that you want to run on your node.  Any time you update PolyCash from github, make sure to visit the install page and any new database migrations will automatically be applied.
+
+Use the install page to enter the RPC parameters for any blockchains that you want to use.  Install and start your blockchains as full nodes before entering the RPC parameters.  To install full nodes, make sure to set txindex=1 in bitcoin.conf, litecoin.conf etc.  After entering blockchain RPC parameters, use the "reset & synchronize" link on the install page to quickly insert initial empty blocks.
+
+You need to set the right value for "first required block" for any blockchains that you install.  You should set the first required block for each blockchain at least as early as the lowest starting block for any games that you plan to install on that blockchain.  You should try to avoid ever changing the first required block to a lower value because this will cause the entire blockchain to re-sync with PolyCash which can take hours or days.

src/accounts.php

@@ -99,12 +99,8 @@
 
 							if ($addresses_needed > 0) {
 								if (count($address_ids) > 0) {
-									$app->run_query("UPDATE addresses SET user_id=NULL WHERE address_id IN (:address_ids);", [
-										'address_ids' => implode(",", $address_ids)
-									]);
-									$app->run_query("UPDATE address_keys SET account_id=NULL WHERE address_key_id IN (:address_key_ids);", [
-										'address_key_ids' => implode(",", $address_key_ids)
-									]);
+									$app->run_query("UPDATE addresses SET user_id=NULL WHERE address_id IN (".implode(",", array_map("intval", $address_ids)).");");
+									$app->run_query("UPDATE address_keys SET account_id=NULL WHERE address_key_id IN (".implode(",", array_map("intval", $address_key_ids)).");");
 								}
 								die("Not enough free addresses (still need $addresses_needed/$quantity).");
 							}
@@ -220,12 +216,8 @@
 
 							if ($addresses_needed > 0) {
 								if (count($address_ids) > 0) {
-									$app->run_query("UPDATE addresses SET user_id=NULL WHERE address_id IN (:address_ids);", [
-										'address_ids' => implode(",", $address_ids)
-									]);
-									$app->run_query("UPDATE address_keys SET account_id=NULL WHERE address_key_id IN (:address_key_ids);", [
-										'address_key_ids' => implode(",", $address_key_ids)
-									]);
+									$app->run_query("UPDATE addresses SET user_id=NULL WHERE address_id IN (".implode(",", array_map("intval", $address_ids)).");");
+									$app->run_query("UPDATE address_keys SET account_id=NULL WHERE address_key_id IN (".implode(",", array_map("intval", $address_key_ids)).");");
 								}
 								die("Not enough free addresses (still need $addresses_needed/$quantity).");
 							}

src/ajax/place_bets.php

@@ -40,13 +40,11 @@
 		$amount_sum += (int) $amounts[$i];
 	}
 
-	$gio_info = $app->run_query("SELECT COUNT(*), SUM(gio.colored_amount) FROM transaction_ios io JOIN address_keys k ON io.address_id=k.address_id JOIN transaction_game_ios gio ON io.io_id=gio.io_id WHERE io.io_id IN (:io_ids) AND k.account_id=:account_id;", [
-		'io_ids' => implode(",", $io_ids),
+	$gio_info = $app->run_query("SELECT COUNT(*), SUM(gio.colored_amount) FROM transaction_ios io JOIN address_keys k ON io.address_id=k.address_id JOIN transaction_game_ios gio ON io.io_id=gio.io_id WHERE io.io_id IN (".implode(",", array_map("intval", $io_ids)).") AND k.account_id=:account_id;", [
 		'account_id' => $user_game['account_id']
 	])->fetch();
 
-	$io_info = $app->run_query("SELECT COUNT(*), SUM(io.amount) FROM transaction_ios io JOIN address_keys k ON io.address_id=k.address_id WHERE io.io_id IN (:io_ids) AND k.account_id=:account_id;", [
-		'io_ids' => implode(",", $io_ids),
+	$io_info = $app->run_query("SELECT COUNT(*), SUM(io.amount) FROM transaction_ios io JOIN address_keys k ON io.address_id=k.address_id WHERE io.io_id IN (".implode(",", array_map("intval", $io_ids)).") AND k.account_id=:account_id;", [
 		'account_id' => $user_game['account_id']
 	])->fetch();
 

src/classes/App.php

@@ -498,15 +498,11 @@ public function cancel_transaction($transaction_id, $affected_input_ids, $create
 		$this->run_query("DELETE FROM transactions WHERE transaction_id=:transaction_id;", ['transaction_id'=>$transaction_id]);
 
 		if (count($affected_input_ids) > 0) {
-			$this->run_query("UPDATE transaction_ios SET spend_status='unspent', spend_transaction_id=NULL, spend_block_id=NULL WHERE io_id IN (:affected_input_ids);", [
-				'affected_input_ids' => implode(",", $affected_input_ids)
-			]);
+			$this->run_query("UPDATE transaction_ios SET spend_status='unspent', spend_transaction_id=NULL, spend_block_id=NULL WHERE io_id IN (".implode(",", array_map('intval', $affected_input_ids)).");");
 		}
 
 		if ($created_input_ids && count($created_input_ids) > 0) {
-			$this->run_query("DELETE FROM transaction_ios WHERE io_id IN (:created_input_ids);", [
-				'created_input_ids' => implode(",", $created_input_ids)
-			]);
+			$this->run_query("DELETE FROM transaction_ios WHERE io_id IN (".implode(",", array_map('intval', $created_input_ids)).");");
 		}
 	}
 
@@ -3169,15 +3165,13 @@ public function fetch_addresses_in_account(&$account, $option_index, $quantity)
 					$addresses_needed = $quantity-count($addresses);
 
 					if (!empty($account['user_id'])) {
-						$this->run_query("UPDATE addresses SET user_id=:user_id WHERE address_id IN (:address_ids);", [
-							'user_id' => $account['user_id'],
-							'address_ids' => implode(",", $add_address_ids)
+						$this->run_query("UPDATE addresses SET user_id=:user_id WHERE address_id IN (".implode(",", array_map('intval', $add_address_ids)).");", [
+							'user_id' => $account['user_id']
 						]);
 					}
 
-					$this->run_query("UPDATE address_keys SET account_id=:account_id WHERE address_id IN (:address_ids);", [
-						'account_id' => $account['account_id'],
-						'address_ids' => implode(",", $add_address_ids)
+					$this->run_query("UPDATE address_keys SET account_id=:account_id WHERE address_id IN (".implode(",", array_map('intval', $add_address_ids)).");", [
+						'account_id' => $account['account_id']
 					]);
 				}
 				$this->dbh->commit();

src/classes/Blockchain.php

@@ -32,13 +32,16 @@ public function load_coin_rpc() {
 
 	public function associated_games($filter_statuses) {
 		$associated_games = [];
-		$associated_games_params = [
-			'blockchain_id' => $this->db_blockchain['blockchain_id'],
-		];
-		$associated_games_q = "SELECT * FROM games WHERE blockchain_id=:blockchain_id";
+		$associated_games_params = [$this->db_blockchain['blockchain_id']];
+		$associated_games_q = "SELECT * FROM games WHERE blockchain_id=?";
+
 		if (!empty($filter_statuses)) {
-			$associated_games_q .= " AND game_status IN (:filter_game_statuses)";
-			$associated_games_params['filter_game_statuses'] = "'".implode("','", $filter_statuses)."'";
+			$associated_games_q .= " AND (";
+			foreach ($filter_statuses as $filter_status) {
+				$associated_games_q .= "game_status =? OR ";
+				array_push($associated_games_params, $filter_status);
+			}
+			$associated_games_q = substr($associated_games_q, 0, strlen($associated_games_q)-4).")";
 		}
 		$associated_games_q .= ";";
 		$associated_games_r = $this->app->run_query($associated_games_q, $associated_games_params);
@@ -670,9 +673,8 @@ public function add_transaction($tx_hash, $block_height, $require_inputs, &$succ
 
 						$events_by_option_id = [];
 
-						$db_color_games = $this->app->run_query("SELECT g.game_id, SUM(gio.colored_amount) AS game_amount_sum, SUM(gio.colored_amount*(:ref_block_id-io.create_block_id)) AS ref_coin_block_sum FROM transaction_game_ios gio JOIN transaction_ios io ON gio.io_id=io.io_id JOIN games g ON gio.game_id=g.game_id WHERE io.io_id IN (:spend_io_ids) GROUP BY gio.game_id ORDER BY g.game_id ASC;", [
-							'ref_block_id' => $ref_block_id,
-							'spend_io_ids' => implode(",", $spend_io_ids)
+						$db_color_games = $this->app->run_query("SELECT g.game_id, SUM(gio.colored_amount) AS game_amount_sum, SUM(gio.colored_amount*(:ref_block_id-io.create_block_id)) AS ref_coin_block_sum FROM transaction_game_ios gio JOIN transaction_ios io ON gio.io_id=io.io_id JOIN games g ON gio.game_id=g.game_id WHERE io.io_id IN (".implode(",", array_map('intval', $spend_io_ids)).") GROUP BY gio.game_id ORDER BY g.game_id ASC;", [
+							'ref_block_id' => $ref_block_id
 						]);
 
 						while ($db_color_game = $db_color_games->fetch()) {
@@ -682,15 +684,12 @@ public function add_transaction($tx_hash, $block_height, $require_inputs, &$succ
 							$tx_game_input_sum = $db_color_game['game_amount_sum'];
 							$cbd_in = $db_color_game['ref_coin_block_sum'];
 
-							$in_stats = $this->app->run_query("SELECT SUM(colored_amount*(:ref_round_id-create_round_id)) AS ref_coin_round_sum FROM transaction_game_ios WHERE io_id IN (:spend_io_ids);", [
-								'ref_round_id' => $ref_round_id,
-								'spend_io_ids' => implode(",", $spend_io_ids)
+							$in_stats = $this->app->run_query("SELECT SUM(colored_amount*(:ref_round_id-create_round_id)) AS ref_coin_round_sum FROM transaction_game_ios WHERE io_id IN (".implode(",", array_map('intval', $spend_io_ids)).");", [
+								'ref_round_id' => $ref_round_id
 							])->fetch();
 							$crd_in = $in_stats['ref_coin_round_sum'];
 
-							$tx_chain_input_sum = $this->app->run_query("SELECT SUM(amount) FROM transaction_ios WHERE io_id IN (:spend_io_ids);", [
-								'spend_io_ids' => implode(",", $spend_io_ids)
-							])->fetch()['SUM(amount)'];
+							$tx_chain_input_sum = $this->app->run_query("SELECT SUM(amount) FROM transaction_ios WHERE io_id IN (".implode(",", array_map('intval', $spend_io_ids)).");")->fetch()['SUM(amount)'];
 
 							$tx_chain_destroy_sum = 0;
 							$tx_chain_output_sum = 0;
@@ -1761,9 +1760,7 @@ public function create_transaction($type, $amounts, $block_id, $io_ids, $address
 		$utxo_balance = 0;
 
 		if ($type != "coinbase") {
-			$utxo_balance = (int)($this->app->run_query("SELECT SUM(amount) FROM transaction_ios WHERE io_id IN (:io_ids);", [
-				'io_ids' => implode(",", $io_ids)
-			])->fetch(PDO::FETCH_NUM)[0]);
+			$utxo_balance = (int)($this->app->run_query("SELECT SUM(amount) FROM transaction_ios WHERE io_id IN (".implode(",", array_map("intval", $io_ids)).");")->fetch(PDO::FETCH_NUM)[0]);
 		}
 
 		$raw_txin = [];
@@ -1802,9 +1799,8 @@ public function create_transaction($type, $amounts, $block_id, $io_ids, $address
 
 			if ($type == "coinbase") {}
 			else {
-				$tx_inputs = $this->app->run_query("SELECT *, io.address_id AS address_id, io.amount AS amount FROM transaction_ios io JOIN transactions t ON io.create_transaction_id=t.transaction_id WHERE io.spend_status IN ('unspent','unconfirmed') AND io.blockchain_id=:blockchain_id AND io.io_id IN (:io_ids) ORDER BY io.amount ASC;", [
-					'blockchain_id' => $this->db_blockchain['blockchain_id'],
-					'io_ids' => implode(",", $io_ids)
+				$tx_inputs = $this->app->run_query("SELECT *, io.address_id AS address_id, io.amount AS amount FROM transaction_ios io JOIN transactions t ON io.create_transaction_id=t.transaction_id WHERE io.spend_status IN ('unspent','unconfirmed') AND io.blockchain_id=:blockchain_id AND io.io_id IN (".implode(",", array_map("intval", $io_ids)).") ORDER BY io.amount ASC;", [
+					'blockchain_id' => $this->db_blockchain['blockchain_id']
 				]);
 
 				$ref_block_id = $this->last_block_id()+1;

src/classes/Game.php

@@ -63,7 +63,7 @@ public function create_transaction($option_ids, $amounts, $user_game, $block_id,
 
 		$utxo_balance = false;
 		if ($io_ids) {
-			$utxo_balance = $this->blockchain->app->run_query("SELECT SUM(amount) FROM transaction_ios WHERE io_id IN (:io_ids);", ['io_ids'=>implode(",", $io_ids)])->fetch(PDO::FETCH_NUM)[0];
+			$utxo_balance = $this->blockchain->app->run_query("SELECT SUM(amount) FROM transaction_ios WHERE io_id IN (".implode(",", array_map("intval", $io_ids)).");")->fetch(PDO::FETCH_NUM)[0];
 		}
 
 		$raw_txin = [];
@@ -114,12 +114,10 @@ public function create_transaction($option_ids, $amounts, $user_game, $block_id,
 					$tx_inputs_params['ref_block_id'] = $this->blockchain->last_block_id()-$this->db_game['maturity'];
 				}
 				if ($io_ids) {
-					$tx_inputs_q .= " AND io.io_id IN (:io_ids)";
-					$tx_inputs_params['io_ids'] = implode(",", $io_ids);
+					$tx_inputs_q .= " AND io.io_id IN (".implode(",", array_map("intval", $io_ids)).")";
 				}
 				else {
-					$tx_inputs_q .= " AND gio.game_io_id IN (:game_io_ids)";
-					$tx_inputs_params['game_io_ids'] = $this->mature_io_ids_csv($user_game);
+					$tx_inputs_q .= " AND gio.game_io_id IN (".implode(",", array_map("intval", $this->mature_io_ids_csv($user_game))).")";
 				}
 				$tx_inputs_q .= " GROUP BY io.io_id ORDER BY io.amount ASC;";
 				$tx_inputs = $this->blockchain->app->run_query($tx_inputs_q, $tx_inputs_params);

src/cron/ensure_user_addresses.php

@@ -114,9 +114,7 @@
 		}
 
 		if (count($need_address_blockchain_ids) > 0) {
-			$need_address_db_blockchains = $app->run_query("SELECT * FROM blockchains WHERE blockchain_id IN (:need_address_blockchain_ids);", [
-				'need_address_blockchain_ids' => implode(",", $need_address_blockchain_ids)
-			])->fetchAll();
+			$need_address_db_blockchains = $app->run_query("SELECT * FROM blockchains WHERE blockchain_id IN (".implode(",", array_map("intval", $need_address_blockchain_ids)).");")->fetchAll();
 			$blockchain_loop_i = 0;
 
 			do {

src/install.php

@@ -55,16 +55,12 @@
 				$existing_blockchain = $app->fetch_blockchain_by_id($blockchain_id);
 
 				if ($existing_blockchain) {
-					$rpc_host = $_REQUEST['rpc_host'];
-					$rpc_username = $_REQUEST['rpc_username'];
-					$rpc_password = $_REQUEST['rpc_password'];
-					$rpc_port = (int) $_REQUEST['rpc_port'];
-
-					$app->run_query("UPDATE blockchains SET rpc_host=:rpc_host, rpc_username=:rpc_username, rpc_password=:rpc_password, rpc_port=:rpc_port WHERE blockchain_id=:blockchain_id;", [
-						'rpc_host' => $rpc_host,
-						'rpc_username' => $rpc_username,
-						'rpc_password' => $rpc_password,
-						'rpc_port' => $rpc_port,
+					$app->run_query("UPDATE blockchains SET rpc_host=:rpc_host, rpc_username=:rpc_username, rpc_password=:rpc_password, rpc_port=:rpc_port, first_required_block=:first_required_block WHERE blockchain_id=:blockchain_id;", [
+						'rpc_host' => $_REQUEST['rpc_host'],
+						'rpc_username' => $_REQUEST['rpc_username'],
+						'rpc_password' => $_REQUEST['rpc_password'],
+						'rpc_port' => $_REQUEST['rpc_port'],
+						'first_required_block' => $_REQUEST['first_required_block'],
 						'blockchain_id' => $existing_blockchain['blockchain_id']
 					]);
 				}
@@ -225,6 +221,7 @@
 									<input class="form-control" name="rpc_username" placeholder="RPC username" />
 									<input class="form-control" name="rpc_password" placeholder="RPC password" autocomplete="off" />
 									<input class="form-control" name="rpc_port" value="<?php echo $db_blockchain['default_rpc_port']; ?>" placeholder="RPC port" />
+									<input class="form-control" name="first_required_block" value="<?php echo $db_blockchain['first_required_block']; ?>" placeholder="First required block" />
 									<input type="submit" class="btn btn-primary" value="Save" />
 									<?php if ($tried_rpc) echo ' &nbsp;&nbsp; or &nbsp;&nbsp; <a href="" onclick="$(\'#display_rpc_'.$db_blockchain['blockchain_id'].'\').show(\'fast\'); $(\'#edit_rpc_'.$db_blockchain['blockchain_id'].'\').hide(); return false;">Cancel</a>'; ?>
 								</form>

src/scripts/check_blocks.php

@@ -1,5 +1,5 @@
 <?php
-ini_set('memory_limit', '1024M');
+ini_set('memory_limit', '4096M');
 require_once(dirname(dirname(__FILE__))."/includes/connect.php");
 
 $allowed_params = ['blockchain_id'];