Pages:
Author

Topic: [Pre Alpha] PHPCoin - page 6. (Read 11031 times)

newbie
Activity: 56
Merit: 0
July 15, 2011, 05:58:30 PM
#19
PDO requires PDO and PECL, that's already alone dirtiest than dirt can be.  Wink

PHP 5.1.0 and newer comes with PDO already.
legendary
Activity: 1218
Merit: 1000
July 15, 2011, 03:13:21 PM
#18
@btcash,

The project is open source, when I release it you're welcome to implement whatever procedure to store passwords you want.

@smoothie

This isn't usable to mine anything, it's a storage frontend, not a mining one. Can be used, with some changes, to store namecoins also.
member
Activity: 62
Merit: 10
July 15, 2011, 02:48:05 PM
#17
This salt method of storing passwords would still leave you open to the same type attack MtGox had.  If the attack is based on getting a copy of the database, every account in database is at risk with current code.

Best option is two-factor auth. (ubikey, RSA key)
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
July 15, 2011, 12:46:19 PM
#16
Will it be usable to mine namecoins too?  Shocked
legendary
Activity: 1218
Merit: 1000
July 15, 2011, 11:20:55 AM
#15
Even though your way is secure (as long as you remember to call your function on all the values) I'd recommend using prepared statements with PDO, much cleaner and safer. Take a look on the PHP manual for more info.

PDO requires PDO and PECL, that's already alone dirtiest than dirt can be.  Wink

As I'm off now for a while, here's the incomplete code of the cron (it should run like each 5 minutes by php-cgi or so), hope this already gives you a better clue of what I'm working on:

Code:
  define("_V",1);
  
//This file must NOT be accessible from the Web!
  
$coin_install_path "/web/default/public_html";
  include(
$coin_install_path ."/sys/config.php");
  include(
$coin_install_path ."/inc/general_functions.php");
  
error_reporting(E_ALL);
  
ini_set("display_errors",1);
  include(
$coin_install_path ."/classes/jsonRPCClient.php");
  
  
//Starting CRON sequence
  
  
$b = new jsonRPCClient("http://$btc_user:$btc_pass@127.0.0.1:8332");
  
  
//Checking for new deposits
  
$accounts $b->listaccounts((int)$config['confirmations']['value']);
  
  foreach(
$accounts as $k => $a){
      if(
$a == 0) continue; //Nothing to do
      
$acc explode("_",$k);
      if(!
is_array($acc) || sizeof($acc) != 3) continue; //Invalid account identifier
      //Get the account
      
$sql "SELECT * FROM accounts WHERE uid = {$acc[1]} AND account_id = {$acc[2]}";
      
$q mysql_query($sql);
      if(!
mysql_num_rows($q)) continue; //Account not found
      
$act mysql_fetch_assoc($q);
      
$b->move($k,$config['central_account']['value'],$a);
      
$prevBal 0;
      
$sql "SELECT balance FROM movements WHERE account_id = {$act['id']} ORDER BY id DESC LIMIT 0,1";
      
$q mysql_query($sql);
      if(
mysql_num_rows($q)){
          
$pbal mysql_fetch_assoc($q);
          
$prevBal $pbal['balance'];
      }
      
$newBal $prevBal $a;
      
mysql_query("INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`) VALUES({$act['id']},'".date("Y-m-d H:i:s")."','Bitcoin deposit',$a,1,$newBal)");
      
mysql_query("UPDATE accounts SET balance = balance + $a WHERE id = {$act['id']}");
      
      
//Check if account is forwarded
      
if($act['forward'] == 1){
          
$isValid $b->validateaddress($act['forward_to']);
          if(
$isValid['isvalid'] != 1){
              
$invBTC makeSQLSafe($act['forward_to']);
              
mysql_query("INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'".date("Y-m-d H:i:s")."','ERROR Invalid address to forward your deposits to :: $invBTC. Amount remains in your account!')");
          }elseif(
$isValid['ismine'] == 1){
              
//It's forward to a local address, so we just move the balance
              
$recAct explode("_",$isValid['account']);
              
              if(!
is_array($recAct) || sizeof($recAct) != 3){
                
mysql_query("INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'".date("Y-m-d H:i:s")."','ERROR Invalid account to forward your deposits to - local account is not an user account :: $invBTC. Amount remains in your account!')");    
              }else{
                
$sql "SELECT * FROM accounts WHERE uid = {$recAct[1]} AND account_id = {$recAct[2]}";
                
$q mysql_query($sql);
                if(!
mysql_num_rows($q)){
                    
mysql_query("INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'".date("Y-m-d H:i:s")."','ERROR Invalid account to forward your deposits to - local account not found :: $invBTC. Amount remains in your account!')");                            
                }else{
                    
$receiver mysql_fetch_assoc($q);  
                    
$nextBal $newBal $a;    
                    
mysql_query("INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`) VALUES({$act['id']},'".date("Y-m-d H:i:s")."','Forward to {$act['forward_to']}',$a,0,$nextBal)");
                    
mysql_query("UPDATE accounts SET balance = balance - $a WHERE id = {$act['id']}"); 
                    
//A small issue; re-forwarded accounts will not forward to prevent loop attacks.
                    
                    
                    
                
}
              }
          }
         
// $nextBal = $newBal - $a;
         // $b->sendfrom();
      
}
  }
?>

legendary
Activity: 1400
Merit: 1005
July 15, 2011, 11:07:31 AM
#14
Well, this could be extremely useful for a project I have coming up!  Here's to hoping you get it finished up soon.
newbie
Activity: 56
Merit: 0
July 15, 2011, 11:04:07 AM
#13
Hi M'Tux,

Yes, to go live on internet with this system I intend to create some modules, changing passwords to SHA, enforce SSL and add captchas to prevent brutteforcing.

About SQLi, vars are passed this way:

Even though your way is secure (as long as you remember to call your function on all the values) I'd recommend using prepared statements with PDO, much cleaner and safer. Take a look on the PHP manual for more info.
legendary
Activity: 1372
Merit: 1002
July 15, 2011, 10:17:44 AM
#12
Your method is not good enough...

But your method was..  Roll Eyes

Too bad people only learn after the trouble...  Tongue
legendary
Activity: 1218
Merit: 1000
July 15, 2011, 09:37:56 AM
#11
While start to draft the most important part of the site, the CRON, here're two screens of it so far:




Let me explain also how I had this idea: I want to move my coins to a "minimalistic" Debian VM, and this is a way to access and manage the wallet on that VM.
newbie
Activity: 32
Merit: 0
July 15, 2011, 06:46:30 AM
#10
I'm starting a new project to go GPL OpenSource, I named it PHPCoin.

Great!  The PHP/bitcoin world needs more open source projects.


By now just someone with good design skills, later, as I publish it to GitHUB or SourceForge, PHP developers may join too. At this stage would mess up a bit as we may use different coding ways, making it inconsistent.

With all due respect: Good intentions are nice, but released code is what makes an open source project alive.

Release the code early and often.  Don't worry about ugly code, don't worry about bugs.  Those things can and will be fixed down the road.  Nothing will get messed up.

DO worry about your project turning into vaporware if you don't release code soon. 

If you're interested in browsing some bitcoin-related PHP open source projects:

https://github.com/mikegogulski/bitcoin-php
 - Bitcoin library for PHP
 - a basic PHP class for interacting with bitcoind
 - Hasn't been updated for a while, but still usable

https://github.com/zamgo/bitcoin-webskin
 - an open source PHP web interface to bitcoind 
 - my own project Wink
 
and a lot more out there on github and other places...
legendary
Activity: 1218
Merit: 1000
July 15, 2011, 06:24:28 AM
#9
How will this be different from bitcoin-php?  I guess your description is generic enough that I don't quite understand what the purpose of it is...

What is bitcoin-php? The only thing I know by such name is a class.

@smoothie

Not yet. Will put as soon as the basic functions are done. I'm around editing own account at the moment.
legendary
Activity: 1400
Merit: 1005
July 15, 2011, 02:32:05 AM
#8
How will this be different from bitcoin-php?  I guess your description is generic enough that I don't quite understand what the purpose of it is...
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
July 15, 2011, 02:27:06 AM
#7
legendary
Activity: 1218
Merit: 1000
July 14, 2011, 08:01:24 PM
#6
Hi M'Tux,

Yes, to go live on internet with this system I intend to create some modules, changing passwords to SHA, enforce SSL and add captchas to prevent brutteforcing.

About SQLi, vars are passed this way:

Code:
isset($_POST['user']) && trim($_POST['user']) ? $user makeSQLSafe(trim($_POST['user'])) : $e[] = "Username missing!";
//... which means to call the function bellow
  
function makeSQLSafe($str){
      if(
get_magic_quotes_gpc()) $str stripslashes($str);
      return 
mysql_real_escape_string($str);
  }
?>

vip
Activity: 608
Merit: 501
-
July 14, 2011, 07:01:40 PM
#5
hero member
Activity: 860
Merit: 1004
BTC OG and designer of the BitcoinMarket.com logo
July 14, 2011, 03:05:27 PM
#4
By now just someone with good design skills, later, as I publish it to GitHUB or SourceForge, PHP developers may join too. At this stage would mess up a bit as we may use different coding ways, making it inconsistent.

The overall goal is to provide an OpenSource system able to be used locally (like SWAT for Samba for an instance), or served in the web for services like MyBitcoin.

Been looking for something like this for quite a while,
please let us know when its up.

Cheers
legendary
Activity: 1218
Merit: 1000
July 14, 2011, 08:50:32 AM
#3
By now just someone with good design skills, later, as I publish it to GitHUB or SourceForge, PHP developers may join too. At this stage would mess up a bit as we may use different coding ways, making it inconsistent.

The overall goal is to provide an OpenSource system able to be used locally (like SWAT for Samba for an instance), or served in the web for services like MyBitcoin.
member
Activity: 74
Merit: 10
July 14, 2011, 08:45:46 AM
#2
Is there a 1 - 1 ratio of gambling apps to developers in the BtC Community? hehe

Are you just looking for a designer? or other PHP programmers?

Im looking for projects Smiley

What is the eventual goal/vision of this project? Sounds interesting.
legendary
Activity: 1218
Merit: 1000
July 14, 2011, 07:26:06 AM
#1
I'm starting a new project to go GPL OpenSource, I named it PHPCoin.

Here's the draft idea:

Basically it is a PHP frontend to bitcoind, which can be used for the local user or in a multiuser (mybitcoin-like) environment, operating as a bitcoin concentrator.
The modular system will allow also to attach modules as MtGox/TradeHill/etc analyzers.
The cron system will allow features as recurring payments or coin forwarding.
Allows creation of multiple accounts for the same user. Say: Account 1 - regular account, Account 2 - savings account... and so on. Each account will have different bitcoin addresses.
Bitcoin transactions are all moved to a central account, the movements and balance are recorded and managed by MySQL.

So far I'm finishing the login and register functions, but need a designer's help. If you interested, PM me.


As password security is the subject of the moment, due that MtGox thing, here's my system's function for it:

Code:
       $salt md5(rand().$name.microtime());
       
$passh hash("ripemd160",$pass.$salt);
       
mysql_query("INSERT INTO users(user,pass,name,email) VALUES('$user','$passh','$name','$email')");
       
$myuid mysql_insert_id();
       
mysql_query("INSERT INTO salt(uid,salt) VALUES($myuid,'$salt')");
       
$success "You're now registered to this system";
?>



Pre-Alpha can be downloaded from:

http://www.bcommerce.biz/phpcoin-pre-alpha-release.zip
Pages:
Jump to: