Merge pull request #2194 from iAmShorty/no-worker-without-coinaddress

[UPDATE] prevent adding/editing workers without valid coin address

Author: TheSerapher

include/config/admin_settings.inc.php

@@ -385,6 +385,13 @@
   'name' => 'disable_transactionsummary', 'value' => $setting->getValue('disable_transactionsummary'),
   'tooltip' => 'Disable transaction summaries. Helpful with large transaction tables.'
 );
+$aSettings['system'][] = array(
+  'display' => 'Disable Worker Edit without valid Coin Address', 'type' => 'select',
+  'options' => array( 0 => 'No', 1 => 'Yes'),
+  'default' => 0,
+  'name' => 'disable_worker_edit', 'value' => $setting->getValue('disable_worker_edit'),
+  'tooltip' => 'No worker editing without valid Payout Address set in User Config.'
+);
 $aSettings['system'][] = array(
   'display' => 'IRC Chat Channel', 'type' => 'text',
   'size' => 25,

include/pages/account/workers.inc.php

@@ -2,50 +2,61 @@
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 
 if ($user->isAuthenticated()) {
-  switch (@$_REQUEST['do']) {
-  case 'delete':
-    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
-      if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
-        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'alert alert-success');
+
+
+  if (!$user->getCoinAddress($_SESSION['USERDATA']['id']) AND $setting->getValue('disable_worker_edit')) {
+  
+    $_SESSION['POPUP'][] = array('CONTENT' => 'You have no payout address set.', 'TYPE' => 'alert alert-danger');
+    $_SESSION['POPUP'][] = array('CONTENT' => 'You can not add workers unless a valid Payout Address is set in your User Settings.', 'TYPE' => 'alert alert-danger');
+    $smarty->assign('CONTENT', 'disabled.tpl');
+    
+  } else {
+    switch (@$_REQUEST['do']) {
+    case 'delete':
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
+        if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
+          $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'alert alert-success');
+        } else {
+          $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        }
       } else {
-        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
       }
-    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
-    }
-    break;
+      break;
 
-  case 'add':
-    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
-      if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
-        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker added', 'TYPE' => 'alert alert-success');
+    case 'add':
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
+        if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
+          $_SESSION['POPUP'][] = array('CONTENT' => 'Worker added', 'TYPE' => 'alert alert-success');
+        } else {
+          $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        }
       } else {
-        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
       }
-    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
-    }
-    break;
+      break;
 
-  case 'update':
-    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
-      if ($worker->updateWorkers($_SESSION['USERDATA']['id'], @$_POST['data'])) {
-        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated', 'TYPE' => 'alert alert-success');
+    case 'update':
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
+        if ($worker->updateWorkers($_SESSION['USERDATA']['id'], @$_POST['data'])) {
+          $_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated', 'TYPE' => 'alert alert-success');
+        } else {
+          $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        }
       } else {
-        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'alert alert-danger');
+        $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
       }
-    } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'alert alert-warning');
+      break;
     }
-    break;
-  }
 
-  $smarty->assign('DISABLE_IDLEWORKERNOTIFICATIONS', $setting->getValue('notifications_disable_idle_worker'));
-  $aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
-  if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'alert alert-danger');
+    $smarty->assign('DISABLE_IDLEWORKERNOTIFICATIONS', $setting->getValue('notifications_disable_idle_worker'));
+    $aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
+    if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'alert alert-danger');
 
-  $smarty->assign('WORKERS', $aWorkers);
+    $smarty->assign('WORKERS', $aWorkers);
+    $smarty->assign('CONTENT', 'default.tpl');
+  }
 }
-$smarty->assign('CONTENT', 'default.tpl');
+
 
 ?>

include/smarty_globals.inc.php

@@ -78,6 +78,7 @@
     'disable_auto_payouts' => $setting->getValue('disable_auto_payouts'),
     'disable_contactform' => $setting->getValue('disable_contactform'),
     'disable_contactform_guest' => $setting->getValue('disable_contactform_guest'),
+    'disable_worker_edit' => $setting->getValue('disable_worker_edit'),
     'algorithm' => $config['algorithm'],
     'getbalancewithunconfirmed' => $config['getbalancewithunconfirmed'],
     'target_bits' => $coin->getTargetBits(),