Author

Topic: What do you guys think? (Read 1166 times)

legendary
Activity: 1442
Merit: 1186
September 28, 2014, 12:06:59 AM
#11
http://btcthreads.com/easyDice

Here's the rebuilt version doing all the scoring server side. Added some string sanitation as well.
full member
Activity: 1498
Merit: 146
September 24, 2014, 06:23:02 PM
#10
Send 1 variable to the php....the number they pick....you do the math in php and send back WIN or FAIL with the win amount.  Store each game played and the winning (paid out) game number in a db with the amount paid and time stamp...That way you can check against the DB to make sure the game hasn't been paid out. That'd prevent me from copying someones game number that you publicly display, and forging a pay slip like I did before.

Before paying out a win you check the db for: game number that matches, datetime, amount won
Once it's paid, mark that db entry as paid..maybe a column names isPayed = 0/1 

You paid me for a game I never played....It's a cool game, but it needs some security.
legendary
Activity: 1442
Merit: 1186
September 24, 2014, 06:01:38 PM
#9
I'd suggest doing all calculations server side. 

When you say doing it server side do you mean do it in php? How do I get the calculations to the server without using POST? Sorry for the newb questions, I'm just starting to get into php and javascript.
legendary
Activity: 1442
Merit: 1186
September 24, 2014, 05:58:52 PM
#8
I used Charles Web proxy to set a breakpoint and modify your your post vars.  I'll be glad to refund the tips as well. It was fun though.

No, please keep the tip Smiley  Are there any resources you could point me to that will show me how to prevent this sort of attack?

full member
Activity: 1498
Merit: 146
September 24, 2014, 05:33:42 PM
#7
I'd suggest doing all calculations server side. 
full member
Activity: 1498
Merit: 146
September 24, 2014, 05:31:31 PM
#6
I used Charles Web proxy to set a breakpoint and modify your your post vars.  I'll be glad to refund the tips as well. It was fun though.
legendary
Activity: 1442
Merit: 1186
September 24, 2014, 04:30:29 PM
#5
Point to ponder: the game comes without the BS waiting time of other faucets. Now time paces by with you so engaged, clicking ALL the time and probably missing what any other faucet might have given you by then.  Grin

Seriously, the game is good and shows you that there's no free lunch. Even to teach kids both about both probability and bitcoin (yet kids would only get it if they could easily buy popsicles with bitcoin). Or, to help gambling addicts recover. After a few clickety-clicks.

And, yes, it might be more attractive (even if odds of getting to 700 were the same or _slightly_ better) if you granted the first 200 or 350 satoshi and user might preserve those few even if he she lost whatever he added afterwards... under special circumstances.  What circumstances? Well, I don't know, I guess the game could be a little more intrincate, allowing for special bonus and "not-all-or-nothing" situations.
[ Mario and Luigi not dieing but only becoming smaller comes to mind ]


That being said, I did my first 700. Thanks for sharing the game.

S.

Thanks Samperio,
 I really like your ideas, with granting a few hundred satoshi upfront, and adding additional circumstances instead of always being all or nothing. I will start to implement these ideas but first it looks like I need to work on security
legendary
Activity: 1442
Merit: 1186
September 24, 2014, 04:09:14 PM
#4
Thanks for the input, looks like someone already hacked it and was able to enter their own high score.

If it was someone here can you let me know how you did it? Was it a $_POST exploit or JS exploit?
member
Activity: 82
Merit: 10
Picture this: Francisco de Quevedo.
September 24, 2014, 02:44:52 PM
#3
Point to ponder: the game comes without the BS waiting time of other faucets. Now time paces by with you so engaged, clicking ALL the time and probably missing what any other faucet might have given you by then.  Grin

Seriously, the game is good and shows you that there's no free lunch. Even to teach kids both about both probability and bitcoin (yet kids would only get it if they could easily buy popsicles with bitcoin). Or, to help gambling addicts recover. After a few clickety-clicks.

And, yes, it might be more attractive (even if odds of getting to 700 were the same or _slightly_ better) if you granted the first 200 or 350 satoshi and user might preserve those few even if he she lost whatever he added afterwards... under special circumstances.  What circumstances? Well, I don't know, I guess the game could be a little more intrincate, allowing for special bonus and "not-all-or-nothing" situations.
[ Mario and Luigi not dieing but only becoming smaller comes to mind ]


That being said, I did my first 700. Thanks for sharing the game.

S.
hero member
Activity: 924
Merit: 511
September 24, 2014, 01:40:45 PM
#2
Game is pretty dope, kinda happy (as a client) that you dont have captcha, but from a webmaster end, I could easily make a bot :/

I would advise throwing a simple bootstrap as the barebone, bascially put everything you have into a div container within the bootstrap.

It doesnt allow you to gamble right? I guess then, you dont need an SSL cert.
legendary
Activity: 1442
Merit: 1186
September 23, 2014, 08:11:43 PM
#1
UPDATE: 9/27/14 - http://btcthreads.com/easyDice

Here's the rebuilt version doing all the scoring server side and some string sanitation.


I had a BTC domain I wasn't using so I made this.

btcthreads.com  (yea the site was going to be a bitcoin forum, LOL but that ended pretty quickly considering this site and reddit.)

You can play and top up your changetip account. It's pretty much a faucet, but without all the BS waiting times that come with faucets.  You can cashout almost instantly.

It takes a little patience and persistence. Don't get discouraged after your first few tries, I'm able to hit the cashout limit pretty consistently in just a few minutes.

OBJECT of the game is to pick a number less than what the computer picks. Low #'s are safer but low payout, higher #'s are riskier but bigger payout.



I posted this here instead of services because I'm still in the testing stages and looking for input.

Oh and BTW to all the hackers out there there are no coins are stored on the server.
Jump to: