Topic: Exchange based on Drupal modules (Read 4850 times)
KK thanks for taking your time
Ok i understand a little bit better now thanks
When you say "accepted by someone else" is that the option on where it says fill ?
Say you want 10 shares @ 0.1 LTC this will not be accepted by another person if the share is worth 5 LTC each say.. (Thats what i meant about it being a silly offer)
When you say "accepted by someone else" is that the option on where it says fill ?
Say you want 10 shares @ 0.1 LTC this will not be accepted by another person if the share is worth 5 LTC each say.. (Thats what i meant about it being a silly offer)
If you place a "silly" order, it will have the status as placed and will be pending until it is not silly anymore to someone. If someone is willing to give you the shares at the rate you are offering, then you order will be filled at the rate you defined.
Best
Ok when buying and selling coins why can you change the Rate 
and if you choose something silly what happens ??
Sorry for my Ignorance
and if you choose something silly what happens ??
Sorry for my Ignorance
No reason for you to be sorry. I have to apologize since I do not understand your question.
You can set the rate at which you want to buy or sell.
Basically you have two options:
- You can buy or sell at the rate someone is offering coins
- You can place your own offer which can be accepted by someone else.
For the second most of the time you want to define your own rate.
And what you mean with "choose something silly"?
best
Ok i understand a little bit better now thanks
When you say "accepted by someone else" is that the option on where it says fill ?
Say you want 10 shares @ 0.1 LTC this will not be accepted by another person if the share is worth 5 LTC each say.. (Thats what i meant about it being a silly offer)
hey i want to integrate your exchange to my website www.ltc-charts.com to generate some charts
unfortunately your API is only providing some sort of orderbook but no trade history.
please send me an email to [email protected] to talk about the integration if you want this. would be good advertising for your exchange
unfortunately your API is only providing some sort of orderbook but no trade history.
please send me an email to [email protected] to talk about the integration if you want this. would be good advertising for your exchange
Thank you for your interest and support.
Actually the documentation of the API was not complete. I fixed it now. Indexing orders you can pass an attribute "type". If you set this to "filled", you will receive the trade history for a certain currency pair.
best
mugen
Ok when buying and selling coins why can you change the Rate
and if you choose something silly what happens ??
Sorry for my Ignorance
and if you choose something silly what happens ??
Sorry for my Ignorance
No reason for you to be sorry. I have to apologize since I do not understand your question.
You can set the rate at which you want to buy or sell.
Basically you have two options:
- You can buy or sell at the rate someone is offering coins
- You can place your own offer which can be accepted by someone else.
For the second most of the time you want to define your own rate.
And what you mean with "choose something silly"?
best
hey i want to integrate your exchange to my website www.ltc-charts.com to generate some charts
unfortunately your API is only providing some sort of orderbook but no trade history.
please send me an email to [email protected] to talk about the integration if you want this. would be good advertising for your exchange
unfortunately your API is only providing some sort of orderbook but no trade history.
please send me an email to [email protected] to talk about the integration if you want this. would be good advertising for your exchange
Ok when buying and selling coins why can you change the Rate
and if you choose something silly what happens ??
Sorry for my Ignorance
and if you choose something silly what happens ??
Sorry for my Ignorance
this is ok. i dont need the yubikey
login is working now!!!
veery strange.
login is working now!!!
veery strange.good to hear, that it works now. I can only guess but maybe it is related to bringing the site in maintenance mode. During maintenance maybe all cookie sessions are canceled leading to these problems. Anyway, its good to hear, that everything is working.
best
this is ok. i dont need the yubikey
login is working now!!! veery strange.
login is working now!!!
veery strange. ok tried again. password reset.
then tried to add a yubikey (i think the mtgox keys are different?)
1. go to "yubikey idendities"
2. pressed my yubikey
3. it generates a key
4. error message
then tried to add a yubikey (i think the mtgox keys are different?)
1. go to "yubikey idendities"
2. pressed my yubikey
3. it generates a key
4. error message
Code:
Error message
YubiKey OTP validation failed with message: NO_VALID_ANSWER
YubiKey OTP validation failed with message: NO_VALID_ANSWER
Then it seems to me, that the MtGox Yubikey is not only a special labeled one it also has branded to only work with MtGox. I am sorry for this but it seems it cannot be used for this site.
best
hm i think i am too stupid.
ok once again what i did exactly this way 5 minutes ago
1. reset password
2. got an email. clicked on the link
3. entered new password twice
4. message: "Status message. The changes have been saved."
i dont have provided ga or yubikey because i see this
5. logout
6. login again
7. error message: "Error message. Sorry, unrecognized username or password. Have you forgotten your password?"
did i do something wrong?
ok once again what i did exactly this way 5 minutes ago
1. reset password
2. got an email. clicked on the link
3. entered new password twice
4. message: "Status message. The changes have been saved."
i dont have provided ga or yubikey because i see this
Code:
Withdraw has been suspended for your account, since you have only setup 0 of 1 required authenticator. You may use the following authenticators to confirm your transactions:
YubiKey, Google Authenticator
YubiKey, Google Authenticator
5. logout
6. login again
7. error message: "Error message. Sorry, unrecognized username or password. Have you forgotten your password?"
did i do something wrong?
hmm this is very strange. If I follow your steps this does not happen to me. Do you have some other errors which may cause this problem?
best
mugen
ok tried again. password reset.
then tried to add a yubikey (i think the mtgox keys are different?)
1. go to "yubikey idendities"
2. pressed my yubikey
3. it generates a key
4. error message
then tried to add a yubikey (i think the mtgox keys are different?)
1. go to "yubikey idendities"
2. pressed my yubikey
3. it generates a key
4. error message
Code:
Error message
YubiKey OTP validation failed with message: NO_VALID_ANSWER
YubiKey OTP validation failed with message: NO_VALID_ANSWER
hm i think i am too stupid.
ok once again what i did exactly this way 5 minutes ago
1. reset password
2. got an email. clicked on the link
3. entered new password twice
4. message: "Status message. The changes have been saved."
i dont have provided ga or yubikey because i see this
5. logout
6. login again
7. error message: "Error message. Sorry, unrecognized username or password. Have you forgotten your password?"
did i do something wrong?
ok once again what i did exactly this way 5 minutes ago
1. reset password
2. got an email. clicked on the link
3. entered new password twice
4. message: "Status message. The changes have been saved."
i dont have provided ga or yubikey because i see this
Code:
Withdraw has been suspended for your account, since you have only setup 0 of 1 required authenticator. You may use the following authenticators to confirm your transactions:
YubiKey, Google Authenticator
YubiKey, Google Authenticator
5. logout
6. login again
7. error message: "Error message. Sorry, unrecognized username or password. Have you forgotten your password?"
did i do something wrong?
havent provided google authenticator code
and mtgox yubikey isnt working
and mtgox yubikey isnt working
Code:
Error message
Sorry, unrecognized username or password. Have you forgotten your password?
Sorry, unrecognized username or password. Have you forgotten your password?
to make a mtgox yubikey working you first have to assign it with your account in your user profile.
If you have not assigned anything (no google authentificator nor a yubikey) login will only require username and password.
I tried it with my own testing account and I have not problems with login, with or without 2 factor. After reseting the password you should setup a new password. The link provided in the email only works once.
best
havent provided google authenticator code
and mtgox yubikey isnt working
and mtgox yubikey isnt working
Code:
Error message
Sorry, unrecognized username or password. Have you forgotten your password?
Sorry, unrecognized username or password. Have you forgotten your password?
hey i cant login at your page
i do always have to reset my password. always!
what is the input field "code" meant do be?
i do also have an mtgox yubikey. is it possible to get this key working?
i do always have to reset my password. always!
what is the input field "code" meant do be?
i do also have an mtgox yubikey. is it possible to get this key working?
I renamed "Code" to "Google Authenticator Code". I hope it becomes more clear. If you have setup such a Google Authenticator Code you have to provide it during login.
YubiKey:
Yes, normally you should also be able to use a mtgox yubikey on this exchange.
hey i cant login at your page
i do always have to reset my password. always!
what is the input field "code" meant do be?
i do also have an mtgox yubikey. is it possible to get this key working?
i do always have to reset my password. always!
what is the input field "code" meant do be?
i do also have an mtgox yubikey. is it possible to get this key working?
+1 me also cannot login
hey i cant login at your page
i do always have to reset my password. always!
what is the input field "code" meant do be?
i do also have an mtgox yubikey. is it possible to get this key working?
i do always have to reset my password. always!
what is the input field "code" meant do be?
i do also have an mtgox yubikey. is it possible to get this key working?
Are you planing to open the code at all ?
Yes, I am still planing this. However, I really want to do a deep review concerning the access control and security related issues. I also looked in all security issues published for Drupal 7 (older versions do not count). Here are my considerations:
SA-CORE-2011-001 http://drupal.org/node/1168756
1 critical Reflected cross site scripting vulnerability in error handler: not critical if following the guideline for productive websites. Effects cryptocoin modules.
1 Cross site scripting vulnerability in Color module: Requires higher rights "Administer themes" Might effect cryptocoin modules
1 Bypass access to private files: Does not effect cryptocoin modules
SA-CORE-2011-002 http://drupal.org/node/1204582
1 Highly critical: Access bypass in node listings. Requires additional modules to be critical. Does not effect cryptocoin modules
SA-CORE-2011-003 http://drupal.org/node/1231510
1 less critical: download of shared files without permissions by guessing the file name. Does not effect cryptocoin modules
SA-CORE-2012-001 http://drupal.org/node/1425084
1 denial of service in aggregator module. Does not effect cryptocoin modules
1 issue in OpenID also effects Drupal if this module is enabled (view user information), might be an issue
1 download of shared files without permissions in combination with other not core modules. Does not effect cryptocoin modules
SA-CORE-2012-002 http://drupal.org/node/1557938
critical
1 denial of service: requires higher right: "post comments" or "Forum topic: Create new content". Does not effect cryptocoin modules
1 Unvalidated form redirect: requires social engineering. Effects cryptocoin modules (of course it is social engineering)
1 Access bypass - forum listing: showing last unpublished node, even if user has no access. Does not effect cryptocoin modules
1 Access bypass - private images: view of private images without permissions. Does not effect cryptocoin modules
1 Access bypass - content administration: requires higher rights "Access the content overview page" and additional modules. Does not effect cryptocoin modules
For 4 of the reported issues the hacker may have access to the user account, but not to the administration interface. The attacker cannot control the daemon!
Concerning the user account, as said, I am think of 2 factor authorization. If an attacker can access the user account, he still cannot send the coins out.
I do not consider other modules which could cause a risk. It is like saying windows in insecure, because Adobe Acrobat has a security issue. Drupal's core is reasonable hard to attack I think.
Are you planing to open the code at all ?
Jump to: