muddafudda
Legendary
 Offline
Activity: 1008
Merit: 1022
|
 |
November 29, 2013, 04:53:43 AM |
|
Openex insurance soon available. Insure yourself against running devs coming soon.
|
|
|
|
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
wtman
Legendary
Offline
Activity: 1030
Merit: 1000
|
|
November 30, 2013, 02:51:34 PM |
|
Openex insurance soon available. Insure yourself against running devs coming soon.
trolololol |
|
|
|
|
|
newflesh
|
|
December 01, 2013, 02:22:15 PM |
|
Hey, any updates on Openex?
|
|
|
|
|
|
r3wt (OP)
|
|
December 01, 2013, 05:37:32 PM |
|
Hey, any updates on Openex?
yep. you can track current progress @ http://dev.openex.pw |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
slavo
|
|
December 04, 2013, 03:43:47 PM |
|
We need quark for openex release !
Is it hard to make it work ?
That would be awesome. It can be traded with lot of volume soon.
|
|
|
|
|
|
r3wt (OP)
|
|
December 04, 2013, 03:45:53 PM |
|
We need quark for openex release !
Is it hard to make it work ?
That would be awesome. It can be traded with lot of volume soon.
no, it isn't anymore different than the rest of the coins |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
slavo
|
|
December 07, 2013, 07:23:15 AM |
|
If another mod is needed for openex chat I can do it.
Any launch date ? An estimation is fine ^^
|
|
|
|
|
|
r3wt (OP)
|
|
December 07, 2013, 07:27:29 AM |
|
If another mod is needed for openex chat I can do it.
Any launch date ? An estimation is fine ^^
i know this makes me look bad since i said two weeks and its now up, but unfortunately the processors for our main server are on backorder. the host company is shooting for sometime this week. i imagine that justin and i will only need a few days to get it up and in beta mode. should everything work as planned, its reasonable to think the site could be officially launched as soon as we would like. i think it will probably take a few days to compile and sync all the wallets though. as soon as the servers deliverd, i could give you a better estimate. As for the mod position, we are generally looking for someone who is fluent in chinese. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
slavo
|
|
December 07, 2013, 07:40:55 AM |
|
Ok ok, keep on the good work. I am nOt fluent in chinese at all, but I was just offering my services to help openex as I can  Keep us informed ! (What about mzking nxt tradable on openex ? It only have one exhange, and people start being interested in it. I assume it's not as ez as other crypto to add, but to have more people faster it can be good) |
|
|
|
|
|
r3wt (OP)
|
|
December 07, 2013, 07:49:18 AM |
|
Ok ok, keep on the good work. I am nOt fluent in chinese at all, but I was just offering my services to help openex as I can Keep us informed ! (What about mzking nxt tradable on openex ? It only have one exhange, and people start being interested in it. I assume it's not as ez as other crypto to add, but to have more people faster it can be good) we have discussed this privately, and we will only take one more coin. Currently we are researching on what coin is worthy. I can pretty much guarantee you it wont be NXT. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
slavo
|
|
December 07, 2013, 10:18:28 AM |
|
|
|
|
|
|
|
r3wt (OP)
|
|
December 07, 2013, 06:06:25 PM |
|
we may include quarkcoin. not sure. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
r3wt (OP)
|
|
December 08, 2013, 09:01:43 AM |
|
thanks to an audit by Gorgo Rom, an XSS vulnerability has been patched. this was a server level vulnerability, i think i may have stumbled into another vulnerability in the process. tomorrow i'm gonna test to see what i can do with it. may be as simple as overriding php.ini to ignore cache settings of the user browser.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
|
|
r3wt (OP)
|
|
December 17, 2013, 11:23:21 PM |
|
The github is now up to date with the project. https://github.com/r3wt/openex |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
r3wt (OP)
|
|
December 18, 2013, 11:18:59 PM |
|
I added a new feature today, building on the access violation system that i previously built into the application. now, for every 10 access violations per unique ip address, an ip is banned. access violation history is recorded on a per instance basis, and the count feature of mysql is used to sort the count of each violation per ip address. access_denied.php<?php
require_once("models/config.php");
$account = $loggedInUser->display_username;
$uagent = mysql_real_escape_string(getuseragent()); //get user agent
$ip = mysql_real_escape_string(getIP()); //get user ip
if(isUserLoggedIn) {
if ($account != null) {
$account = mysql_real_escape_string($loggedInUser->display_username);
}
else {
$account = mysql_real_escape_string("Guest/Not Logged In");
}
}
$date = mysql_real_escape_string(gettime());
$sql = @mysql_query("INSERT INTO access_violations (username, ip, user_agent, time) VALUES ('$account', '$ip', '$uagent', '$date');");
$getcountip = mysql_query("SELECT ip,COUNT(*) as count FROM access_violations GROUP BY ip ORDER BY count DESC;");
while($row = mysql_fetch_assoc($getcountip)) {
if($row['count'] > 10) {
$factors = $row['ip'];
$sql2 = mysql_query("SELECT ip FROM bantables_ip WHERE ip = '$factors';");
$number_of_rows = mysql_num_rows($sql2);
if ($number_of_rows > 0) {
/*--Do nothing--*/
}else {
$date2 = mysql_real_escape_string(gettime());
$ip_address = mysql_real_escape_string($row['ip']);
$sqlxz = mysql_query("INSERT INTO bantables_ip (ip, date) VALUES ( '$ip_address', '$date2');");
}
}
}
echo "<style>html { width:100%; height:100%; background:url(assets/img/access_denied.gif) center center no-repeat; background-color: #00000 !important;}</style>";
echo '<link rel="icon" type="image/x-icon" href="assets/img/the_eye.ico" />';
?>
when an ip address has more than 10 violations, the application checks the database table if a record exists in the bantable for the ip. if it does, nothing is done. if it does not exist, the ip is added. a function, isIPbanned(), checks to see if a visitor is in the ban table. if he is, he is greeted with a message that his ip address is banned. if he is not banned, he is greeted with the normal index page. function isIPbanned()<?php
function isIPbanned() {
$ipvars = mysql_real_escape_string(getIP());
$sqlxyzr = mysql_query("SELECT * FROM bantables_ip WHERE `ip`='$ipvars'");
if (mysql_num_rows($sqlxyzr) > 0) {
return true;
}else{
return false;
}
}
?>
that sounds great r3wt, but what about forged ip address in http headers? great question. functiong getIP()--this makes it difficult to cloak or forge the ip address. <?php
function getIP()
{
foreach (array(
'HTTP_CLIENT_IP',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'REMOTE_ADDR'
) as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
return $ip;
}
}
}
}
}
?>
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
joschua011
Member
Offline
Activity: 86
Merit: 10
|
|
December 19, 2013, 04:12:18 PM |
|
that sounds great r3wt, but what about forged ip address in http headers? great question. functiong getIP()--this makes it difficult to cloak or forge the ip address. <?php
function getIP()
{
foreach (array(
'HTTP_CLIENT_IP',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'REMOTE_ADDR'
) as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
return $ip;
}
}
}
}
}
?>
Works IF a user does not use a Proxy that does not send HTTP_X_FORWARD Headers or a VPN. I could not post this here at the time (newbie)but please read this: https://bitcointalk.org/index.php?topic=374922.0 |
|
|
|
|
|
oncebitcoinedtwiceshy
|
|
December 19, 2013, 05:13:44 PM |
|
we have discussed this privately, and we will only take one more coin. Currently we are researching on what coin is worthy.
r3wt : I guess there is no harm in me asking if SBC could be included in that research for the 'one more coin'. Dev is back on it and working to get the additional features into it & bitcointalk thread is well attended. Either way, good luck with the release! |
|
|
|
|
|
r3wt (OP)
|
|
December 19, 2013, 08:15:43 PM |
|
we have discussed this privately, and we will only take one more coin. Currently we are researching on what coin is worthy.
r3wt : I guess there is no harm in me asking if SBC could be included in that research for the 'one more coin'. Dev is back on it and working to get the additional features into it & bitcointalk thread is well attended. Either way, good luck with the release! Stablecoin may in fact find a home on the exchange, since we are having problems with Gridcoin and there are varying reports on whether the coin actually works as intended or not. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
r3wt (OP)
|
|
December 19, 2013, 08:21:46 PM |
|
that sounds great r3wt, but what about forged ip address in http headers? great question. functiong getIP()--this makes it difficult to cloak or forge the ip address. <?php
function getIP()
{
foreach (array(
'HTTP_CLIENT_IP',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'REMOTE_ADDR'
) as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
return $ip;
}
}
}
}
}
?>
Works IF a user does not use a Proxy that does not send HTTP_X_FORWARD Headers or a VPN. I could not post this here at the time (newbie)but please read this: https://bitcointalk.org/index.php?topic=374922.0It doesn't matter if the user is using a proxy, the autoincrementing function will ban ip's without prejudice. i read your dissection and agree. however you, were looking at an extremely old primitive release. would love for you to come poke around the new code since i have updated it. we generally do not release updates to github immediately. you will not be able to doublespend coins on the exchange. we've done extensive testing to insure of this. if you are serious about programming, you are welcome to join the team, if not get the fuck out, we got this. you have to understand, we started from userCake. alot of the functions(password generation being one of them) are old and out of date. we are slowly building onto it. i'll push and update later today so you can see what has changed. |
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
|
