[FEATURE] Add option to lock phpminer webfront with a password

[nicoschtein]

I know many users have their rigs open to the internet and there is not any protection for phpminer webfront, anyone can enter, so i would suggest adding a password, or user password combination that can be set in a config file.

We should check for a valid session before any change is made. And prevent direct address to POST or GET requests in every file.

[prdatur]

I currently work on an access manager with user groups and users.

[prdatur]

because someone maybe will have > 500 users I decided to remove the json files and use a sqlite database instead, mysql or other database "servers" is for me currently no option because i don't want a new software dependency more. what you think?

[DanielNagy]

currently i'm using apache's .htaccess .htpasswd method.. very simple to implement in the short term.

[prdatur]

Yes but i have some other people who want to use the phpminer in a customer service, they build the rig and configure it and the customer can also show up the stats and change pools etc, but not changing O.C. settings or main system settings. So i need this mega monster access restrictions thing anyway :)

[prdatur]

Please check the update. I've implemented the access management

[DanielNagy]

updated mine, attempted to change something on settings page, save config button does nothing now. unable to save.

[prdatur]

Hi,

The problem with those answers is, that I can't debug good. When you click on a button and it does really nothing. Please open the miner in chrome, when not already. Then press F12. First go to the Network tab. then do the things which don't work for exmaple change setting X to Y and press button Z. After that a new "POST" request is listed in the entry. click on it and at the right side there will be a "Response" tab. Click on that and copy the output which you should always include within the bug report. Then go to console and copy & paste all red lines too if there exist one. Otherweise mostly I can not reproduce such errors. In my situation what I have done to test if it works well, I removed the phpminer.db and open phpminer than I went to the settings page and just click on save config. No errors and a dialog appeard "Configuration saved successfully.".

[DanielNagy]

on the "Notifications/auto tasks" page, if i make a change, and disable email notifications, and press save config, it works fine, and a dialog box pops up, and says success (i even checked sqlite3 phpminer.db).

On the "settings" page, I can change any setting (rig pages/ access control / offline pools), but when i press save config, Nothing happens. No dialog box. no changes done in .db

Tried deleting phpminer.db . No change, its broken.

[prdatur]

Yes than you have a good state where we can debug. Please do the things which i wrote with the chrome browser, press F12 and copy & paste the output of the request which is made.

The reason why you don't see anything is that the response must be valid json data, but when a php error appears this error text is also included within the response and break the json output. So the javascript behind can not parse the response.

[DanielNagy]

Fatal error: Cannot unset string offsets in /var/www/phpminer/includes/Config.class.php on line 648

[prdatur]

Can we debug this within a teamviewer session? I am online beween 19:00 and 23:30 GMT + 1 (Currently my time is 22:50).

[DanielNagy]

thats mornings for me, usually when im in transit for work.

settings[ajax_refresh_intervall]:5000 settings[enable_donation]:0 settings[allow_offline_pools]:0 settings[enable_access_control]:0 settings[socket_timout]:5 settings[overview_sort_mode]:configured settings[enable_paging]:0

[prdatur]

the settings are just normal, i think i really need a teamviewer session, what about next weekend, currently it is 12:47 and there i think we can find a good time. For me i can be awake at 09:00 till 23:30. there should be some timeframe :)

[DanielNagy]

i've updated to the new version, with mysql. the save settings problem has gone away now.

Also.. Is phpminer supposed to prompt for a username / password when browsing to it when access management is enabled?

I enabled it, it asked for a user / password, and i can still access it. never asked for a u/p

[prdatur]

Did you provided a username and a password? I only ask for a user / pass when access management is enabled and at least one user exists. Else it would make no sense to lock you self out :)

[DanielNagy]

Yeah, if i click on access control page, i can see a user there. But its never asked me to log in

[prdatur]

Strange. Will test it again, but for me it worked so far. after enable access i got redirected to the access management to create the first user, after creating first user (by click the save button) I directly was asked for the username / password.

I use the basic http authentication protocol, maybe you use the same username / password for another basic auth on the same realm?

Can you test it with a different browser ? and close / open the browser before testing?

[DanielNagy]

Is this because i've modified my .htaccess file to do apache based .htpasswd type access?

[prdatur]

Hmm that can be the problem. test it without apache htpasswd

[DanielNagy]

Update: Yes. this was the reason why. I've removed my entries from .htaccess, and Override AuthConfig from apache vhost file, and access control works fine now :)

[prdatur]

nice :)