From c453febd7922b1153ac80a8f17a73a65e60574df Mon Sep 17 00:00:00 2001 From: cryptochangements34 Date: Wed, 27 Dec 2017 18:30:34 -0600 Subject: [PATCH 1/4] Switch to instruction for view-only wallet A view only wallet is easier and more secure than a password for the real wallet --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ad731af..42d41d4 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,9 @@ The easiest way to find a remote node to connect to is to visit [moneroworld.com * Setup a monero wallet using the monero-wallet-cli tool. If you do not know how to do this you can learn about it at [getmonero.org](https://getmonero.org/resources/user-guides/monero-wallet-cli.html) -* Start the Wallet RPC and leave it running in the background. This can be accomplished by running `./monero-wallet-rpc --rpc-bind-port 18082 --rpc-login username:password --log-level 2 --wallet-file /path/walletfile` where "username:password" is the username and password that you want to use, seperated by a colon and "/path/walletfile" is your actual wallet file. If you wish to use a remote node you can add the `--daemon-address` flag followed by the address of the node. `--daemon-address node.moneroworld.com:18089` for example. +* Create a view-only wallet from that wallet for security. + +* Start the Wallet RPC and leave it running in the background. This can be accomplished by running `./monero-wallet-rpc --rpc-bind-port 18082 --disable-rpc-login --log-level 2 --wallet-file /path/viewOnlyWalletFile` where "/path/viewOnlyWalletFile" is the wallet file for your view-only wallet. If you wish to use a remote node you can add the `--daemon-address` flag followed by the address of the node. `--daemon-address node.moneroworld.com:18089` for example. ## Step 4: Setup Monero Gateway in WooCommerce @@ -58,8 +60,5 @@ The easiest way to find a remote node to connect to is to visit [moneroworld.com * Click on "Save changes" -## Info on server authentication -It is reccommended that you specify a username/password with your wallet rpc. This can be done by starting your wallet rpc with `monero-wallet-rpc --rpc-bind-port 18082 --rpc-login username:password --wallet-file /path/walletfile` where "username:password" is the username and password that you want to use, seperated by a colon. Alternatively, you can use the `--restricted-rpc` flag with the wallet rpc like so `./monero-wallet-rpc --testnet --rpc-bind-port 18082 --restricted-rpc --wallet-file wallet/path`. - -## Donating Me +## Donating to the Devs :) XMR Address : `44krVcL6TPkANjpFwS2GWvg1kJhTrN7y9heVeQiDJ3rP8iGbCd5GeA4f3c2NKYHC1R4mCgnW7dsUUUae2m9GiNBGT4T8s2X` From f561d4badf5e97ead636a028467f43edd356a702 Mon Sep 17 00:00:00 2001 From: cryptochangements34 Date: Wed, 27 Dec 2017 18:41:36 -0600 Subject: [PATCH 2/4] Remove password for view-only wallet A view-only wallet should be used instead as it is more secure and doesn't require a password to stay secure. --- monero/library.php | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/monero/library.php b/monero/library.php index 1b948fc..1e3d777 100644 --- a/monero/library.php +++ b/monero/library.php @@ -9,7 +9,6 @@ * @author Kacper Rowinski * http://implix.com * Modified to work with monero-rpc wallet by Serhack and cryptochangements - * This code isn't for Dark Net Markets, please report them to Authority! */ class Monero_Library { @@ -18,8 +17,8 @@ class Monero_Library CURLOPT_CONNECTTIMEOUT => 8, CURLOPT_TIMEOUT => 8 ); - private $username; - private $password; + protected $host; + protected $port; private $httpErrors = array( 400 => '400 Bad Request', 401 => '401 Unauthorized', @@ -33,14 +32,14 @@ class Monero_Library 503 => '503 Service Unavailable' ); - public function __construct($pUrl, $pUser, $pPass) + public function __construct($pHost, $pPort) { $this->validate(false === extension_loaded('curl'), 'The curl extension must be loaded to use this class!'); $this->validate(false === extension_loaded('json'), 'The json extension must be loaded to use this class!'); - - $this->url = $pUrl; - $this->username = $pUser; - $this->password = $pPass; + + $this->host = $pHost; + $this->port = $pPort; + $this->url = $pHost . ':' . $pPort . '/json_rpc'; } public function validate($pFailed, $pErrMsg) @@ -166,8 +165,6 @@ class Monero_Library throw new RuntimeException('Could\'t initialize a cURL session'); } curl_setopt($ch, CURLOPT_URL, $this->url); - curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST); - curl_setopt($ch, CURLOPT_USERPWD, $this->username . ":" . $this->password); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $pRequest); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type: application/json')); @@ -187,7 +184,7 @@ class Monero_Library } // check for curl error if (0 < curl_errno($ch)) { - echo 'Unable to connect to ' . $this->url . ' Error: ' . curl_error($ch); + echo '[ERROR] Failed to connect to monero-wallet-rpc at ' . $this->host . ' port '. $this->port .'
'; } // close the connection curl_close($ch); From 76602ebc3a53f54fa1f8d7e6175d55b257cafd15 Mon Sep 17 00:00:00 2001 From: cryptochangements34 Date: Wed, 27 Dec 2017 18:44:13 -0600 Subject: [PATCH 3/4] Updates Remove password fields, a view-only wallet should instead be used. Improve some of the text. --- monero/include/monero_payments.php | 55 ++++++++++++------------------ 1 file changed, 21 insertions(+), 34 deletions(-) diff --git a/monero/include/monero_payments.php b/monero/include/monero_payments.php index 9b37829..e507a59 100644 --- a/monero/include/monero_payments.php +++ b/monero/include/monero_payments.php @@ -30,8 +30,6 @@ class Monero_Gateway extends WC_Payment_Gateway $this->host = $this->get_option('daemon_host'); $this->port = $this->get_option('daemon_port'); $this->address = $this->get_option('monero_address'); - $this->username = $this->get_option('username'); - $this->password = $this->get_option('password'); $this->discount = $this->get_option('discount'); // After init_settings() is called, you can get the settings and load them into variables, e.g: @@ -53,7 +51,7 @@ class Monero_Gateway extends WC_Payment_Gateway add_filter('woocommerce_currency_symbol', 'add_my_currency_symbol', 10, 2); add_action('woocommerce_email_before_order_table', array($this, 'email_instructions'), 10, 2); } - $this->monero_daemon = new Monero_Library($this->host . ':' . $this->port . '/json_rpc', $this->username, $this->password); + $this->monero_daemon = new Monero_Library($this->host, $this->port); } public function init_form_fields() @@ -97,21 +95,6 @@ class Monero_Gateway extends WC_Payment_Gateway 'desc_tip' => __('This is the Daemon Host/IP to authorize the payment with port', 'monero_gateway'), 'default' => '18080', ), - 'username' => array( - 'title' => __('Monero Wallet username', 'monero_gateway'), - 'desc_tip' => __('This is the username that you used with your monero wallet-rpc', 'monero_gateway'), - 'type' => __('text'), - 'default' => __('username', 'monero_gateway'), - - ), - 'password' => array( - 'title' => __('Monero wallet RPC password', 'monero_gateway'), - 'desc_tip' => __('This is the password that you used with your monero wallet-rpc', 'monero_gateway'), - 'description' => __('you can leave these fields empty if you did not set', 'monero_gateway'), - 'type' => __('text'), - 'default' => '' - - ), 'discount' => array( 'title' => __('% discount for using XMR', 'monero_gateway'), @@ -122,15 +105,15 @@ class Monero_Gateway extends WC_Payment_Gateway ), 'environment' => array( - 'title' => __(' Test Mode', 'monero_gateway'), - 'label' => __('Enable Test Mode', 'monero_gateway'), + 'title' => __(' Testnet', 'monero_gateway'), + 'label' => __(' Check this if you are using testnet ', 'monero_gateway'), 'type' => 'checkbox', 'description' => __('Check this box if you are using testnet', 'monero_gateway'), 'default' => 'no' ), 'onion_service' => array( - 'title' => __(' Onion Service', 'monero_gateway'), - 'label' => __('Enable Onion Service', 'monero_gateway'), + 'title' => __(' SSL warnings ', 'monero_gateway'), + 'label' => __(' Check to Silence SSL warnings', 'monero_gateway'), 'type' => 'checkbox', 'description' => __('Check this box if you are running on an Onion Service (Suppress SSL errors)', 'monero_gateway'), 'default' => 'no' @@ -174,18 +157,21 @@ class Monero_Gateway extends WC_Payment_Gateway { $wallet_amount = $this->monero_daemon->getbalance(); if (!isset($wallet_amount)) { - $this->log->add('Monero_gateway', '[ERROR] No connection with daemon'); - $wallet_amount['balance'] = "0"; - $wallet_amount['unlocked_balance'] = "0"; + $this->log->add('Monero_gateway', '[ERROR] Can not connect to monero-wallet-rpc'); + echo "
Your balance is: Not Avaliable
"; + echo "Unlocked balance: Not Avaliable"; } - $real_wallet_amount = $wallet_amount['balance'] / 1000000000000; - $real_amount_rounded = round($real_wallet_amount, 6); + else + { + $real_wallet_amount = $wallet_amount['balance'] / 1000000000000; + $real_amount_rounded = round($real_wallet_amount, 6); - $unlocked_wallet_amount = $wallet_amount['unlocked_balance'] / 1000000000000; - $unlocked_amount_rounded = round($unlocked_wallet_amount, 6); - - echo "Your balance is: " . $real_amount_rounded . " XMR
"; - echo "Unlocked balance: " . $unlocked_amount_rounded . " XMR
"; + $unlocked_wallet_amount = $wallet_amount['unlocked_balance'] / 1000000000000; + $unlocked_amount_rounded = round($unlocked_wallet_amount, 6); + + echo "Your balance is: " . $real_amount_rounded . " XMR
"; + echo "Unlocked balance: " . $unlocked_amount_rounded . " XMR
"; + } } public function process_payment($order_id) @@ -243,7 +229,7 @@ class Monero_Gateway extends WC_Payment_Gateway $uri = "monero:$address?amount=$amount?payment_id=$payment_id"; $array_integrated_address = $this->monero_daemon->make_integrated_address($payment_id); if (!isset($array_integrated_address)) { - $this->log->add('Monero_Gateway', '[ERROR] Unable to getting integrated address'); + $this->log->add('Monero_Gateway', '[ERROR] Unable get integrated address'); // Seems that we can't connect with daemon, then set array_integrated_address, little hack $array_integrated_address["integrated_address"] = $address; } @@ -344,7 +330,8 @@ class Monero_Gateway extends WC_Payment_Gateway $stored_rate_transformed = $stored_rate[0]->rate / 100; //this will turn the stored rate back into a decimaled number if (isset($this->discount)) { - $discount_decimal = $this->discount / 100; + $sanatized_discount = preg_replace('/[^0-9]/', '', $this->discount); + $discount_decimal = $sanatized_discount / 100; $new_amount = $amount / $stored_rate_transformed; $discount = $new_amount * $discount_decimal; $final_amount = $new_amount - $discount; From fbd51c059359d3b8004d7fead56f8cc5f16d6760 Mon Sep 17 00:00:00 2001 From: cryptochangements34 Date: Wed, 27 Dec 2017 22:45:56 -0600 Subject: [PATCH 4/4] Add view-only tutorial link Add a link to a tutorial for creating view-only wallets on the monero stackexchange --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 42d41d4..efefcb7 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ The easiest way to find a remote node to connect to is to visit [moneroworld.com * Setup a monero wallet using the monero-wallet-cli tool. If you do not know how to do this you can learn about it at [getmonero.org](https://getmonero.org/resources/user-guides/monero-wallet-cli.html) -* Create a view-only wallet from that wallet for security. +* [Create a view-only wallet from that wallet for security.](https://monero.stackexchange.com/questions/3178/how-to-create-a-view-only-wallet-for-the-gui/4582#4582) * Start the Wallet RPC and leave it running in the background. This can be accomplished by running `./monero-wallet-rpc --rpc-bind-port 18082 --disable-rpc-login --log-level 2 --wallet-file /path/viewOnlyWalletFile` where "/path/viewOnlyWalletFile" is the wallet file for your view-only wallet. If you wish to use a remote node you can add the `--daemon-address` flag followed by the address of the node. `--daemon-address node.moneroworld.com:18089` for example.