diff --git a/core/config.php b/core/config.php index ab5ad0b..e83e76b 100644 --- a/core/config.php +++ b/core/config.php @@ -2,13 +2,16 @@ // Donation account $don_faucet = "FaucetDonations"; +// your private IP to access private server stats +$yourIP ="127.0.0.1"; + // RPC Settings $btclogin = array("username" => "username", "password" => "pass", "host" => "localhost", "port" => "8332"); // DB Settings $sqlogin = array("host" => "localhost", "dbname" => "faucet", "username" => - "root", "password" => "åass"); + "root", "password" => "�ass"); // sending settings .. $minleft = 0.01; // minimum left on account @@ -17,10 +20,10 @@ // NOT IMPLEMENTED YET ... $minfee = 0.1; // min. hard fee on all transactions $feeperc = 0.5; // fee for outgoing transactions in percentage -$fee_account = "KgHL1urqk1roN0eX67sC"; // set to your own KEY to recieve fee´s there +$fee_account = "KgHL1urqk1roN0eX67sC"; // set to your own KEY to recieve fee�s there $adscaptchaID = 3170; $adspubkey = "d655966c-541e-44c8-9a7d-a4f48a3d51a3"; $adsprivkey = "484fa3ac-8fcb-470f-8ee4-a3a91568071c"; -?> \ No newline at end of file +?> diff --git a/readme.txt b/readme.txt index 3e6f059..7ce8280 100644 --- a/readme.txt +++ b/readme.txt @@ -4,18 +4,58 @@ Forum Thread: https://bitcointalk.org/index.php?topic=101407.0 this is the simplest version of it, other might get released in time made by Greedi 2012 (c) +updated by Joseph White 2013-2014 (c) joesfreicoinpool@gmail.com http://pool.cr.rs -INSTALL: -put files in www dir, edit config.php with proper values -and dont forget faucet.sql for the db... -in templates/header.php you have to set you're IP, so you can see server link. -the same in server.php, set you're IP, so you can access to page. +INSTALL +=============== +Clone this repository with git +Put files in www dir (or subdirectory if you so wish) +Edit core/config.php with proper values (server address, username, bitcoin rpc info) + +Create the faucet database +$ mysql -u username -p -h host faucet < faucet.sql +> create database faucet; + +Import faucet.sql into mysql + +$ mysql -u username -p -h host faucet < faucet.sql + +If you wish to be able to see your servers statistics then you need to edit the +$yourIP in the config file is your private ip address of the computer you will access the faucet with +set you're IP, so you can access the server.php page + +Create a faucet donation account on bitcoind as well as a a sendout account +"FaucetDonations" - Faucet donation account +$ bitcoind getnewaddress FaucetDonations + +"SendOut" - Sendout account +$ bitcoind getnewaddress SendOut NOTE: Some wil maybe have to create the faucet donation account in there bitcoind account have to be FaucetDonations and/or SendOut +NOTES +=============== +This should work for any coin that uses RPC commands, just change the rpc ports and passwords +as needed. + +This has been noted to work on FreiCoin and properly takes demurrage in to account -Donate: +This updated code has not been throughly tested, use at your own risk. + +Do make sure to add more security checks. This is most likely still insecure. + + + +Donations +=============== +Greedi's addresses LTC: Lh4c3cYcmvoksUNJLFT2Z5zsUmKUFgAUF5 -BTC: 1MFH5dY85Ve4Q6KYPGJnfPmiHP2UxmXend \ No newline at end of file +BTC: 1MFH5dY85Ve4Q6KYPGJnfPmiHP2UxmXend + +Joe's address (FreiCoin FRC Please) +FRC: 1FRCJoeWXbYe47cmuW3do8VoqAr9HuWbpJ + +Joe's FreiCoin Faucet (running a much more heavily modified and secured version of this script) +http://frc.now.im diff --git a/server.php b/server.php index 8205cbe..6dab4a5 100644 --- a/server.php +++ b/server.php @@ -10,12 +10,13 @@ $uptime = $uptime[0] . ', ' . $uptime[1]; include ("core/wallet.php"); +include("core/config.php"); include ('templates/header.php'); ?>
×

Access Denied.

'; } else { $finishing_divs = "
"; diff --git a/submitted.php b/submitted.php index fdd3880..c8e1bfe 100644 --- a/submitted.php +++ b/submitted.php @@ -3,8 +3,24 @@ /** * @author Greedi * @copyright 2012 + * This update by Joseph White joesfreicoinpool@gmail.com pool.cr.rs + * + * "clean_input" function from "crafter" of stackoverflow.com + * http://stackoverflow.com/a/10558896 + * */ - error_reporting(E_ALL); +function clean_input($instr) { + + // Note that PHP performs addslashes() on GET/POST data. + // Avoid double escaping by checking the setting before doing this. + if(get_magic_quotes_gpc()) { + $str = stripslashes($instr); + } + return mysql_real_escape_string(strip_tags(trim($instr))); +} +//we don't want errors to be reported for now it just adds more vulnerability +// error_reporting(E_ALL); + include ('core/banned.php'); include_once ("core/wallet.php"); include_once ('templates/header.php'); @@ -42,7 +58,9 @@ function ordinal($a) include ('templates/footer.php'); die(); } else { - $ltcaddress = $_POST['BTC']; + //sanitize $ltcaddress a bit to increase security + //this is still able to be broken. please fix it further. this is just a quick patch + $ltcaddress = clean_input($_POST['BTC']); mysql_query("INSERT INTO dailyltc (ltcaddress, ip) SELECT * FROM (SELECT '$ltcaddress', '$ip') AS tmp WHERE NOT EXISTS ( diff --git a/templates/footer.php b/templates/footer.php index 3e93f4b..fcc1b85 100644 --- a/templates/footer.php +++ b/templates/footer.php @@ -4,7 +4,9 @@ diff --git a/templates/header.php b/templates/header.php index ab12ce4..e75eb4c 100644 --- a/templates/header.php +++ b/templates/header.php @@ -1,5 +1,6 @@ @@ -85,9 +86,9 @@