[PHP] BitLuck Lottery Script - Released under MIT License - page 2.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Quote from: bitlotto on April 27, 2011, 05:51:31 PM

Quote from: BitLex on April 27, 2011, 11:58:11 AM

if an operator wants to cheat, he can easily cheat.
doesnt matter if it's a lottery-script, or a bubble-script, or my randomizer-script, even a mining-pool,
could all be cheating, i don't get it.

why not move this "be careful who and where to send your coins to" discussion to a new thread, if you want to warn people?

Ok I'm done. If you can cheat it, perhaps more work needs to be done on it before it's used! I'm saying that if you want to use this for a lottery perhaps a feature where it lists all the entries is needed with a method for picking the winner separate from the operator after the list is made. That's all. I like the script and think it has potential.

The point is, I don't plan on using this script. I've released it for educational purposes. I don't plan on editing it or changing it because it does not benefit me at all. You can cheat anything. Hell, you could cheat your own system, bitlotto.

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Quote from: BitLex on April 27, 2011, 11:58:11 AM

if an operator wants to cheat, he can easily cheat.
doesnt matter if it's a lottery-script, or a bubble-script, or my randomizer-script, even a mining-pool,
could all be cheating, i don't get it.

why not move this "be careful who and where to send your coins to" discussion to a new thread, if you want to warn people?

Ok I'm done. If you can cheat it, perhaps more work needs to be done on it before it's used! I'm saying that if you want to use this for a lottery perhaps a feature where it lists all the entries is needed with a method for picking the winner separate from the operator after the list is made. That's all. I like the script and think it has potential.

BitLex

hero member

Activity: 532

Merit: 505

if an operator wants to cheat, he can easily cheat.
doesnt matter if it's a lottery-script, or a bubble-script, or my randomizer-script, even a mining-pool,
could all be cheating, i don't get it.

why not move this "be careful who and where to send your coins to" discussion to a new thread, if you want to warn people?

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Quote from: lulzplzkthx on April 27, 2011, 06:17:15 AM

I really don't get what you're trying to say. Any script can be rigged just as easily. Why? Because the script is server-side. There is no validation of it the client can do client-side. Watch where you're spending your money. It's the same way I might trust MyBitcoin, etc.

Agreed, I was trying to say that's why any lottery that depends on stuff done server-side is easy to fake results. The biggest difference is that with a manipulated script the lottery can run for a while before anyone catches on that it is a scam. The operator can cheat and keep taking the pot. A lottery done such that the operator CAN'T manipulate it, is more ideal because it boils down to if they paid the legitimate winner or not. If done correctly everyone can know who the winner is WITHOUT the operator saying. If they don't pay the proper person it's game over for the lottery. If the lottery has no transparency, the operator can take multiple jackpots before people catch on.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Quote from: FreeMoney on April 27, 2011, 06:21:34 AM

We already had a lottery (taabl) where you didn't have to trust the operator not to pick the winner. He did it by using the last digits of the hash of a predetermined block as a ticket. Still had to trust him to pay out of course, but we'd know right away if he didn't.

Yes, I was looking at BitLotto's which is similar. I could have done it that way, but I didn't. So yes, while it is transparently being picked, that doesn't mean the *script* could be as easily rigged. See, if TAABL released their script, I could mess with it just as easily.

FreeMoney

legendary

Activity: 1246

Merit: 1016

Strength in numbers

We already had a lottery (taabl) where you didn't have to trust the operator not to pick the winner. He did it by using the last digits of the hash of a predetermined block as a ticket. Still had to trust him to pay out of course, but we'd know right away if he didn't.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Quote from: bitlotto on April 26, 2011, 10:27:17 PM

Quote from: lulzplzkthx on April 26, 2011, 10:17:54 PM

This was the point I was trying to get across. You have to trust the website, not the script BitLotto.

~lulzplzkthx

Agreed. I was merely trying to say that more trust is needed when using this script. Trust is always needed no matter what. Some systems are just easier/harder to rig than others. I just want people to be careful. That's all.

I really don't get what you're trying to say. Any script can be rigged just as easily. Why? Because the script is server-side. There is no validation of it the client can do client-side. Watch where you're spending your money. It's the same way I might trust MyBitcoin, etc.

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Quote from: lulzplzkthx on April 26, 2011, 10:17:54 PM

This was the point I was trying to get across. You have to trust the website, not the script BitLotto.

~lulzplzkthx

Agreed. I was merely trying to say that more trust is needed when using this script. Trust is always needed no matter what. Some systems are just easier/harder to rig than others. I just want people to be careful. That's all.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Quote from: BitLex on April 26, 2011, 10:13:34 PM

how would people know, if a lottery is using this script, or any other?
people should be careful about where to send their coins, or give their money each and every time they do,
no matter what for.

doesnt have anything todo with this script.

This was the point I was trying to get across. You have to trust the website, not the script BitLotto.

~lulzplzkthx

BitLex

hero member

Activity: 532

Merit: 505

how would people know, if a lottery is using this script, or any other?
people should be careful about where to send their coins, or give their money each and every time they do,
no matter what for.

doesnt have anything todo with this script.

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Quote from: lulzplzkthx on April 26, 2011, 10:04:03 PM

No, the script is a script. It does what it's supposed to, and anybody can modify it as they would like. That's what the GPL and LGPL licenses are designed for. I have created and script, released it, and hope it will be used for good. Yes, it could be used for nefarious purposes, just as Tor or Bitcoin could.

That's why the web-of-trust and similar concepts exist.

And a MySQL RAND() is beyond the control of the operator. If they choose to change the script, that's not my fault. I don't control that. You can feel free to implement another method, and post that if you would like.

Don't get me wrong, you did a pretty cool job making a lottery script.

I was merely pointing out the flaws/stuff more for other people reading to be *VERY* careful playing a lottery using this script. That's all.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Quote from: bitlotto on April 26, 2011, 09:52:21 PM

Quote from: lulzplzkthx on April 26, 2011, 09:42:42 PM

Trust is an essential point of Bitcoin, yes. Or really any lottery script.

~lulz

Yes, BUT the script makes it WAY too easy for scammers to rig the results. All they have to do is make a new Bitcoin address for each "win". Every so often let "real" people win to avoid suspicion.
I'm just worried about people using this script to scam people. It's too easy to rip people off.
I'm not saying people are doing this now but with this script but it will happen.

The main problems is:
-all players need to be itemized before the draw somehow with a random way of picking the winner BEYOND the control of the operator

No, the script is a script. It does what it's supposed to, and anybody can modify it as they would like. That's what the GPL and LGPL licenses are designed for. I have created and script, released it, and hope it will be used for good. Yes, it could be used for nefarious purposes, just as Tor or Bitcoin could.

That's why the web-of-trust and similar concepts exist.

And a MySQL RAND() is beyond the control of the operator. If they choose to change the script, that's not my fault. I don't control that. You can feel free to implement another method, and post that if you would like. In fact, you might notice the script is divided into two parts: a front-end (paying), and a back-end (drawing). It makes it very easy to change how tickets are drawn to a more transparent way if whoever uses it would like.

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Quote from: lulzplzkthx on April 26, 2011, 09:42:42 PM

Trust is an essential point of Bitcoin, yes. Or really any lottery script.

~lulz

Yes, BUT the script makes it WAY too easy for scammers to rig the results. All they have to do is make a new Bitcoin address for each "win". Every so often let "real" people win to avoid suspicion.
I'm just worried about people using this script to scam people. It's too easy to rip people off.
I'm not saying people are doing this now but with this script but it will happen.

The main problems is:
-all players need to be itemized before the draw somehow with a random way of picking the winner BEYOND the control of the operator

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Trust is an essential point of Bitcoin, yes. Or really any lottery script.

~lulz

BitLex

hero member

Activity: 532

Merit: 505

that's true i guess,
but people would notice sooner or later if no *real player* wins and start complaining.

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Quote from: BitLex on April 26, 2011, 08:14:14 PM

yeah, i also thought about that,
have to add some stats/overview of entered addresses and maybe last winners or such,
should be no big deal.

Except proving that you didn't just pick whatever winner you wanted. (I guess people will just have to trust you.)

BitLex

hero member

Activity: 532

Merit: 505

yeah, i also thought about that,
have to add some stats/overview of entered addresses and maybe last winners or such,
should be no big deal.

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Interesting! How do the players keep track of who played/won? (It's cool as it is, I'm just worried lot's of scammers setting up something that looks just like it with the exception that it always pays to one of their own plays instead of using random like it should. I guess you have to trust the operator a little bit more I guess...)

BitLex

hero member

Activity: 532

Merit: 505

if anyone want's to see this in action,
i'v set up a test-lottery on http://fxnet.co.cc/lottery

didnt change much, except for some of the text.
i had some troubles to get it to work on my main-server due to the lack of mysqli,
so (for testing) it's set up on a different server.

seems to work alright so far.

lulzplzkthx

sr. member

Activity: 322

Merit: 251

Quote from: HostFat on April 21, 2011, 09:07:29 AM

I added some modifications

https://www.wuala.com/Slyck/bitcoin/lottery_V0.1_mod_by_Joozero.7z/?key=G0vvFcXPtnDz

I'm not an expert php developer, neither sql ... so I hope that you can take it as a simple idea.
If you like it, I'm sure that you will make a better one Wink

I did it to avoid the point 5.
( 5. Setup cron, or a similar service to run give_prize.php at the time you wish the prize to be drawn. )

Now it auto-restart simple with the help of users Grin

( they just have to visit the page )

Please, can you give a look?

Nice setup. I considered incorporating this into the original, and would add your mod to it, but there's always a chance it could take a long time for a user to view the page, and the funds may not be sent for quite some time. I decided to use the cron as it insures they will be sent on time.

~lulz

Topic: [PHP] BitLuck Lottery Script - Released under MIT License - page 2. (Read 29885 times)