Security holes fix | Custom Miners settings done to be tested

.gitignore

@@ -1,4 +1,5 @@
 conf/*.json
 conf/index.html
 application/logs
+minera-bin/custom/*
 *.log

application/controllers/app.php

@@ -53,8 +53,7 @@ public function login()
 	*/
 	public function dashboard()
 	{
-		if (!$this->session->userdata("loggedin"))
-			redirect('app/index');
+		$this->util_model->isLoggedIn();
 
 		$data['minerdPools'] = json_decode($this->util_model->getPools());
 		$data['btc'] = $this->util_model->getBtcUsdRates();
@@ -83,8 +82,7 @@ public function dashboard()
 	*/
 	public function charts()
 	{
-		if (!$this->session->userdata("loggedin"))
-			redirect('app/index');
+		$this->util_model->isLoggedIn();
 
 		$data['btc'] = $this->util_model->getBtcUsdRates();
 		$data['isOnline'] = $this->util_model->isOnline();
@@ -110,8 +108,7 @@ public function charts()
 	*/
 	public function settings()
 	{
-		if (!$this->session->userdata("loggedin"))
-			redirect('app/index');
+		$this->util_model->isLoggedIn();
 
 		$this->config->load('timezones');
 		$data['timezones'] = $this->config->item("timezones");
@@ -144,6 +141,11 @@ public function settings()
 		// Load Coin Rates
 		$data['btc'] = $this->util_model->getBtcUsdRates();
 
+		// Check custom miners
+		$data['customMiners'] = $this->util_model->readCustomMinerDir();
+
+		$data['activeCustomMiners'] = json_decode($this->redis->get('active_custom_miners'));
+
 		// Load miner settings
 		$data['minerdCommand'] = $this->config->item("minerd_command");
 		$data['minerdAutorestart'] = $this->redis->get('minerd_autorestart');
@@ -220,6 +222,8 @@ public function settings()
 	*/
 	public function save_settings()
 	{
+		$this->util_model->isLoggedIn();
+
 		$extramessages = false;
 		$dataObj = new stdClass();
 
@@ -261,7 +265,11 @@ public function save_settings()
 					}
 				}
 			}
-
+
+			// Save Custom miners
+			$dataObj->custom_miners = $this->input->post('active_custom_miners');
+			$this->redis->set('active_custom_miners', json_encode($this->input->post('active_custom_miners')));
+
 			// Start creating command options string
 			$settings = null;
 			$confArray = array();
@@ -597,6 +605,8 @@ public function save_settings()
 	*/
 	public function export()
 	{
+		$this->util_model->isLoggedIn();
+
 		$o = $this->redis->get("export_settings");
 		if ($this->util_model->isJson($o))
 		{
@@ -614,6 +624,8 @@ public function export()
 	*/
 	public function shutdown()
 	{	
+		$this->util_model->isLoggedIn();
+
 		if ($this->input->get('confirm'))
 		{
 			$data['message'] = "Please wait to unplug me.";
@@ -641,7 +653,9 @@ public function shutdown()
 	// Reboot controller (this should be in a different "system" controller file)
 	*/
 	public function reboot()
-	{	
+	{
+		$this->util_model->isLoggedIn();
+
 		if ($this->input->get('confirm'))
 		{
 			$data['message'] = "Please wait while I'm rebooting...";
@@ -670,6 +684,8 @@ public function reboot()
 	*/
 	public function start_miner()
 	{
+		$this->util_model->isLoggedIn();
+
 		if (!$this->session->userdata("loggedin"))
 			redirect('app/index');
 
@@ -689,6 +705,8 @@ public function start_miner()
 	*/
 	public function stop_miner()
 	{
+		$this->util_model->isLoggedIn();
+
 		if (!$this->session->userdata("loggedin"))
 			redirect('app/index');
 
@@ -702,6 +720,8 @@ public function stop_miner()
 	*/
 	public function restart_miner()
 	{
+		$this->util_model->isLoggedIn();
+
 		if (!$this->session->userdata("loggedin"))
 			redirect('app/index');
 
@@ -715,6 +735,8 @@ public function restart_miner()
 	*/
 	public function update()
 	{
+		$this->util_model->isLoggedIn();
+
 		if ($this->util_model->checkUpdate())
 		{
 			if ($this->input->get('confirm'))
@@ -751,6 +773,8 @@ public function update()
 	*/
 	public function api($command = false)
 	{
+		$this->util_model->isLoggedIn();
+
 		$cmd = ($command) ? $command : $this->input->get('command');
 
 		switch($cmd)
@@ -828,6 +852,8 @@ public function api($command = false)
 	*/
 	public function stats()
 	{
+		$this->util_model->isLoggedIn();
+
 		$stats = $this->util_model->getStats();
 
 		$this->output
@@ -840,6 +866,8 @@ public function stats()
 	*/
 	public function stored_stats()
 	{
+		$this->util_model->isLoggedIn();
+
 		$storedStats = $this->util_model->getStoredStats(3600);
 
 		$this->output

application/models/util_model.php

@@ -18,6 +18,17 @@ public function __construct()
 		parent::__construct();
 	}
 
+	public function isLoggedIn() 
+	{
+		if (!$this->session->userdata("loggedin"))
+		{
+			redirect('app/index');
+			return false;
+		}
+
+		return true;
+	}
+
 	public function switchMinerSoftware($software = false)
 	{
 		if ($this->redis->get("minerd_use_root"))
@@ -88,7 +99,7 @@ public function switchMinerSoftware($software = false)
 			$this->config->set_item('minerd_binary', $this->_minerdSoftware);
 			$this->config->set_item('screen_command', '/usr/bin/screen -dmS '.$this->_minerdSoftware);
 			$this->config->set_item('screen_command_stop', '/usr/bin/screen -S '.$this->_minerdSoftware.' -X quit');
-			$this->config->set_item('minerd_command', FCPATH.'minera-bin/'.$this->_minerdSoftware);
+			$this->config->set_item('minerd_command', FCPATH.'minera-bin/custom/'.$this->_minerdSoftware);
 			$this->config->set_item('minerd_log_file', '/var/log/minera/'.$this->_minerdSoftware.'.log');
 			$this->config->set_item('minerd_special_log', false);
 			$this->config->set_item('minerd_log_url', 'application/logs/'.$this->_minerdSoftware.'.log');
@@ -1106,6 +1117,22 @@ public function checkMinerIsUp()
 		return;
 	}
 
+	public function readCustomMinerDir()
+	{
+		$files = array();
+
+		if ($handle = opendir(FCPATH.'minera-bin/custom/')) {
+		    while (false !== ($entry = readdir($handle))) {
+		        if ($entry != "." && $entry != ".." && $entry != "README.custom")
+			        $files[] = $entry;
+		    }
+
+		    closedir($handle);
+		}
+
+		return $files;
+	}
+
 	// Call shutdown cmd
 	public function shutdown()
 	{

application/views/frontpage.php

@@ -1,7 +1,7 @@
 			<!-- Right side column. Contains the navbar and content of the page -->
-			<aside class="right-side ">				   
+			<aside class="right-side">				   
 				<!-- Content Header (Page header) -->
-				<section class="content-header">
+				<section class="content-header" data-toggle="dropdown">
 					<h1>
 						Mining
 						<small>Dashboard</small>

application/views/include/footer.php

@@ -1,3 +1,5 @@
+	<div class="copyright"><a href="http://getminera.com" target="_blank"><i class="fa fa-asterisk"></i> Minera</a> your next mining dashboard - Need a wallet? Try <a href="https://www.coinbase.com/join/michelem" target="_blank">Coinbase</a></div>
+
 	<!--  Coinbase tip script -->
 	<script>!function(d,s,id) {var js,cjs=d.getElementsByTagName(s)[0],e=d.getElementById(id);if(e){return;}js=d.createElement(s);js.id=id;js.src="https://www.coinbase.com/assets/tips.js";cjs.parentNode.insertBefore(js,cjs);}(document, 'script', 'coinbase-tips');</script>
 	<script src="https://www.coinbase.com/assets/button.js" type="text/javascript"></script>
@@ -38,6 +40,10 @@
 
 			startTime();
 
+			//$(document).ready(function(){
+         	//	bootstro.start();
+        	//});
+
 			function startTime()
             {
                 var today = new Date();

application/views/include/header.php

@@ -18,12 +18,13 @@
 	<link href="<?php echo base_url('assets/css/font-awesome.css') ?>" rel="stylesheet" />
 	<link href="<?php echo base_url('assets/css/ionicons.min.css') ?>" rel="stylesheet" />
 	<link href="<?php echo base_url('assets/css/datatables/dataTables.bootstrap.css') ?>" rel="stylesheet" />
-	<link href="<?php echo base_url('assets/css/custom.css?ver=20140819') ?>" rel="stylesheet" />
+	<link href="<?php echo base_url('assets/css/custom.css?ver=20141225') ?>" rel="stylesheet" />
 	<link href="<?php echo base_url('assets/css/morris.css') ?>" rel="stylesheet" />
 	<link href="<?php echo base_url('assets/css/jQueryUI/jquery-ui-1.10.3.custom.min.css') ?>" rel="stylesheet" />
 	<link href="<?php echo base_url('assets/css/AdminLTE.css') ?>" rel="stylesheet" />
 	<link href="<?php echo base_url('assets/css/ion.rangeSlider.css') ?>" rel="stylesheet" />
 	<link href="<?php echo base_url('assets/css/ion.rangeSlider.skinFlat.css') ?>" rel="stylesheet" />	
 	<link href="<?php echo base_url('assets/css/jquery.fileupload.css') ?>" rel="stylesheet" />	
-	<link href="<?php echo base_url('assets/css/jquery.fileupload-ui.css') ?>" rel="stylesheet" />	
+	<link href="<?php echo base_url('assets/css/jquery.fileupload-ui.css') ?>" rel="stylesheet" />
+	<link href="<?php echo base_url('assets/css/bootstro.min.css') ?>" rel="stylesheet" />
 </head>

application/views/settings.php

@@ -178,6 +178,7 @@
 												<!-- Skin colors -->
 												<div class="form-group">
 													<label>Skin</label>
+													<p>Select your favorite skin for your controller.</p>
 													<select name="dashboard_skin" id="dashboard-skin" class="form-control">
 														<option value="black" <?php if ($dashboardSkin == "black") : ?>selected<?php endif; ?>>Black</option>
 														<option value="blue" <?php if ($dashboardSkin == "blue") : ?>selected<?php endif; ?>>Blue</option>
@@ -380,15 +381,39 @@
 			                        </div>
 
 			                        <div class="box-body">
-								    	<p>Here you can add your own custom miners to be used with Minera, before you start please read this <a href="#" class="open-readme-custom-miners">important requirements</a>.</p>
+								    	<p>Here you can add your own custom miners to be used with Minera, before you start please read this <a href="#" class="open-readme-custom-miners">FAQ</a>.</p>
 
+								    	<div class="callout callout-info">
+									    	<?php if (count($customMiners) > 0) : ?>
+												<p>I found the following custom miners available, to add or remove just select on or off and save. You'll find them in the preferred miners select below.</p>
+									    		<?php foreach ($customMiners as $customMiner) : ?>
+										    		<div class="input-group margin-bottom">
+														<label>
+															<input type="checkbox" 
+																name="active_custom_miners[]" 
+																value="<?php echo $customMiner ?>" 
+																<?php if ($activeCustomMiners && in_array($customMiner, $activeCustomMiners)) : ?>checked<?php endif; ?> 
+																<?php if (strtolower($customMiner) == "bfgminer" || strtolower($customMiner) == "cpuminer" || strtolower($customMiner) == "cgminer" || strtolower($customMiner) == "cgminer-dmaxl-zeus") : ?>disabled<?php endif; ?> 
+															/>
+															<?php echo $customMiner ?>
+														</label>
+										    		</div>
+									    		<?php endforeach; ?>
+									    	<?php else : ?>
+									    		<p><h6>It seems you haven't any custom miner. If you wanna add it, you need to build your binary and put it in the custom miner folder:</h6> <code><?php echo FCPATH.'minera-bin/custom/'; ?></code></p>
+												<h6>Don't call your custom binary file as "bfgminer", "cgminer" or any other existent (built-in) miner. Minera won't permit you to use it. If this happens change the filename.</h6>
+									    	<?php endif; ?>
+								    	</div>
+
+										<h6>* After you turn on your custom miner and save, you need to select it from your preferred miner below and remember to setup it.</h6>
+
 								    	<div class="callout callout-grey readme-custom-miners" style="display:none;">
-							    		    <h6><strong>Can I upload any miner binary?</strong></h6>
+							    		    <h6><strong>Can I use any miner binary?</strong></h6>
 
 							    		    <p><strong>NO!</strong> <small>Miners must be forks of CGminer or BFGminer, there are small probability you can add different miners than those, the main problem is how the miner send stats and it must be compatibile to Minera.</small></p>
 
 							    		    <h6><strong>My miner should be compatible but it isn't working</strong></h6>
-							    		    <p><small>Check your binary works on your Minera system, SSH into it and try to launch it manually, probably it lacks on missing external libraries or you have compiled it with a wrong architecture</small></p>
+							    		    <p><small>Check your binary works on your Minera system, SSH into it and try to launch it manually, probably it lacks on missing external libraries or you have compiled it with a wrong architecture, try to recompile it on Minera.</small></p>
 
 							    		    <h6><strong>Can I use this feature if I'm completely newbie to mining and Linux?</strong></h6>
 							    		    <p><small>Well, short answer should be "No", the long one is: you could try, but it needs a lot of skills to do this and if you are a newbie it's recommended you start with a pre-compiled miner software, Minera has 4 built-in, start with them, then try to <a href="https://bitcointalk.org/index.php?topic=596620.0">ask to the forum</a> before playing with this feature.</small></p>
@@ -399,34 +424,10 @@
 							    		    <h6><strong>Is this feature stable enough to be used without any issue?</strong></h6>
 							    		    <p><strong>NO!</strong> <small>This is intended as "beta" feature, if you wanna live happy with your Minera, save/export always your settings before doing something like enabling this.</small></p>
 							    		</div>
-
-										<div class="import-export-box margin-bottom">
-											<span class="btn btn-success fileinput-button" data-toggle="tooltip" data-title="File must be a JSON export file from a Minera system">
-												<i class="glyphicon glyphicon-plus"></i>
-												Import file...
-												<input class="import-file" type="file" name="import_system_config">
-											</span>
-											<span class="btn btn-warning export-action" data-toggle="tooltip" data-title="This generates a JSON file to be imported into Minera">
-												<i class="glyphicon glyphicon-download-alt"></i>
-												Export Settings
-											</span> 
-											<span class="btn btn-default save-config-action" data-toggle="tooltip" data-title="This saves only the miner config to be used or shared later">
-												<i class="glyphicon glyphicon-floppy-disk"></i>
-												Save Miner Config
-											</span>
-										</div>
-
-										<!-- The global progress bar -->
-										<div id="progress" class="progress">
-											<div class="progress-bar progress-bar-success"></div>
-										</div>
-										<!-- The container for the uploaded files -->
-										<div id="files" class="files"></div>
-
+
 			                        </div>
 									<div class="box-footer">
-										<h6><em>*</em> Loading a saved miner config sets the manual settings mode with the saved command line, sets the miner software and completely overwrites the pools settings.</h6>
-										<h6><em>**</em> Sharing the miner config to the Minera community won't share your pools settings</h6>
+										<button type="submit" class="btn btn-primary save-minera-settings" name="save" value="1" data-toggle="tooltip" data-title="Remember to select it below after saved. This won't auto-select it, you need to do it manually.">Save</button>
 									</div>
 			                    </div>
 
@@ -453,6 +454,11 @@
 														<option value="bfgminer" <?php if ($minerdSoftware == "bfgminer") : ?>selected<?php endif; ?>>BFGminer 4.x (Official)</option>
 														<option value="cgminer" <?php if ($minerdSoftware == "cgminer") : ?>selected<?php endif; ?>>CGminer 4.x (Official)</option>
 														<option value="cgdmaxlzeus" <?php if ($minerdSoftware == "cgdmaxlzeus") : ?>selected<?php endif; ?>>CGminer (Dmax Zeus fork)</option>
+														<?php if ($activeCustomMiners) : ?>
+															<?php foreach ($activeCustomMiners as $activeCustomMiner) : ?>
+																<option value="<?php echo $activeCustomMiner ?>" <?php if ($minerdSoftware == $activeCustomMiner) : ?>selected<?php endif; ?>>[Custom Miner] <?php echo $activeCustomMiner ?></option>
+															<?php endforeach; ?>
+														<?php endif; ?>
 													</select>
 													<h6>Pay attention: Minera is not responsible of any problem related to the miner software you are using. Minera acts only as frontend to manage the miner software. Please refer to miner software's related authors if you have question about them and how to use them.</h6>
 												</div>

assets/css/AdminLTE.css

@@ -2507,6 +2507,9 @@ Component: timeline
 .skin-blue .navbar .nav .open > a:focus {
 	color: #333;
 }
+.skin-blue .navbar .nav .menu a {
+	color: #333;
+}
 .skin-blue .navbar .navbar-right > .nav {
   margin-right: 10px;
 }

assets/css/custom.css

@@ -46,7 +46,15 @@ body > .header { position: fixed !important; }
 
 .tip-button { float: left; padding: 9px 5px; margin-top: 4px; margin-right: 0; margin-bottom: 8px; margin-left: 5px; }
 .coinbase-donate-button { margin-left: 28px; margin-top: 20px;}
+.copyright { float: right; margin-right: 20px; font-size: small;}
+.copyright a { color: #FF4D50; }
+
+.bootstro-highlight { background-color: rgba(255, 255, 255, 0.2) !important; }
 
 @media all and (max-width : 960px) { 
 	.messages-menu { display: none !important;}
 }
+
+@media all and (max-width : 1090px) { 
+	.tip-button { display: none;}
+}