Topic: Bitcoin address valiation (Read 1342 times)
Last 4 chars of a B58 encoded address is the checksum. You can use that to validate.
Here is better php validation code, which was actually created by theymos and Mike Gogulski. Should work on a stock php5 install.
Code:
private static $base58chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
public static function checkAddress($addr, $addressversion = 00) {
$addr = self::decodeBase58(trim($addr));
if(strlen($addr)!=50){
return false;
}
$version = substr($addr, 0, 2);
if(hexdec($version) > hexdec($addressversion)) {
return false;
}
$check = substr($addr, 0, strlen($addr) - 8);
$check = pack("H*", $check);
$check = strtoupper(hash("sha256", hash("sha256", $check, true)));
$check = substr($check, 0, 8);
return $check == substr($addr, strlen($addr) - 8);
}
private static function decodeBase58($base58) {
$origbase58 = $base58;
$return = "0";
for ($i = 0; $i < strlen($base58); $i++) {
$current = (string) strpos(Bitcoin::$base58chars, $base58[$i]);
$return = (string) bcmul($return, "58", 0);
$return = (string) bcadd($return, $current, 0);
}
public static function checkAddress($addr, $addressversion = 00) {
$addr = self::decodeBase58(trim($addr));
if(strlen($addr)!=50){
return false;
}
$version = substr($addr, 0, 2);
if(hexdec($version) > hexdec($addressversion)) {
return false;
}
$check = substr($addr, 0, strlen($addr) - 8);
$check = pack("H*", $check);
$check = strtoupper(hash("sha256", hash("sha256", $check, true)));
$check = substr($check, 0, 8);
return $check == substr($addr, strlen($addr) - 8);
}
private static function decodeBase58($base58) {
$origbase58 = $base58;
$return = "0";
for ($i = 0; $i < strlen($base58); $i++) {
$current = (string) strpos(Bitcoin::$base58chars, $base58[$i]);
$return = (string) bcmul($return, "58", 0);
$return = (string) bcadd($return, $current, 0);
}
Thanks for the code snippet. I read somewhere that most of the time standalone PHP codes are unable to validate Pay2PubKeyHash addresses and Pay2ScriptHash addresses at a time. Does this validate both type of addresses ?
Here is better php validation code, which was actually created by theymos and Mike Gogulski. Should work on a stock php5 install.
Code:
private static $base58chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
public static function checkAddress($addr, $addressversion = 00) {
$addr = self::decodeBase58(trim($addr));
if(strlen($addr)!=50){
return false;
}
$version = substr($addr, 0, 2);
if(hexdec($version) > hexdec($addressversion)) {
return false;
}
$check = substr($addr, 0, strlen($addr) - 8);
$check = pack("H*", $check);
$check = strtoupper(hash("sha256", hash("sha256", $check, true)));
$check = substr($check, 0, 8);
return $check == substr($addr, strlen($addr) - 8);
}
private static function decodeBase58($base58) {
$origbase58 = $base58;
$return = "0";
for ($i = 0; $i < strlen($base58); $i++) {
$current = (string) strpos(Bitcoin::$base58chars, $base58[$i]);
$return = (string) bcmul($return, "58", 0);
$return = (string) bcadd($return, $current, 0);
}
public static function checkAddress($addr, $addressversion = 00) {
$addr = self::decodeBase58(trim($addr));
if(strlen($addr)!=50){
return false;
}
$version = substr($addr, 0, 2);
if(hexdec($version) > hexdec($addressversion)) {
return false;
}
$check = substr($addr, 0, strlen($addr) - 8);
$check = pack("H*", $check);
$check = strtoupper(hash("sha256", hash("sha256", $check, true)));
$check = substr($check, 0, 8);
return $check == substr($addr, strlen($addr) - 8);
}
private static function decodeBase58($base58) {
$origbase58 = $base58;
$return = "0";
for ($i = 0; $i < strlen($base58); $i++) {
$current = (string) strpos(Bitcoin::$base58chars, $base58[$i]);
$return = (string) bcmul($return, "58", 0);
$return = (string) bcadd($return, $current, 0);
}
Yes, there could be an issue. $address could contain an XSS attack. Validate $address to be greater than the required length.
Another potential attack would be a lot of processing server side. While that is very unlikely it is not unthinkable.
Another potential attack would be a lot of processing server side. While that is very unlikely it is not unthinkable.
Thanks for pointing out. I think the following code may validate the address size...
Code:
function validateAddress($address){
$validated = false;
if(strlen($address) > 25 && strlen($address) < 35){
$addressURL = "https://blockchain.info/q/addressbalance/".$address;
$addressBalance = file_get_contents($addressURL);
$validated = is_int($addressBalance);
}
return $validated;
}
$validated = false;
if(strlen($address) > 25 && strlen($address) < 35){
$addressURL = "https://blockchain.info/q/addressbalance/".$address;
$addressBalance = file_get_contents($addressURL);
$validated = is_int($addressBalance);
}
return $validated;
}
Would work most times, but you should insert a code snippet which checks if blockchain.info returns any good result, otherwise you might find yourself having false negatives when blockchain.info is down or asking your PHP script for a captcha. (Sometimes CloudFlare locks out your PHP script)
Yep... the uptime of blockchain.info is now a problem. Do u know any API to check blockchain.info status ? I think simple ping check or HTTP header checking wont work as they are behind cloudflare.
Would work most times, but you should insert a code snippet which checks if blockchain.info returns any good result, otherwise you might find yourself having false negatives when blockchain.info is down or asking your PHP script for a captcha. (Sometimes CloudFlare locks out your PHP script)
Yes, there could be an issue. $address could contain an XSS attack. Validate $address to be greater than the required length.
Another potential attack would be a lot of processing server side. While that is very unlikely it is not unthinkable.
Another potential attack would be a lot of processing server side. While that is very unlikely it is not unthinkable.
Can there be any issue if I validate a bitcoin address with the following code snippet ?
Code:
function validateAddress($address){
$addressURL = "https://blockchain.info/q/addressbalance/".$address;
$addressBalance = file_get_contents($addressURL);
$validated = is_int($addressBalance);
return $validated;
}
$addressURL = "https://blockchain.info/q/addressbalance/".$address;
$addressBalance = file_get_contents($addressURL);
$validated = is_int($addressBalance);
return $validated;
}
Jump to: