Bitcoin Forum

I am trying to develop a php web application (a game, and not a gambling site) where users can make in-game purchases. Now if I am understanding it right, The architecture (using bitcoind and Json-rpc api) should be:

1. When a new user registers - generate a new address for the new user: $bitcoin->getnewaddress("username");

2. Store that wallet address for later use in my DB.

3. Display that address and let a user send bitcoins to that address.

3. Check the balance of that address using the  $bitcoin->getbalance($username,0)  for unonfirmed balance  and getbalance($username,6) confirmed balance.
 
4. Now I can let the user buy my in-game items and use $bitcoin->move($useraddress, $myaddress, $amount) to debit his account and give him the stuff he needs.


Questions:
1. Does this sound about right?  Or am I completely off here!
2. How long does it take for the unconfirmed balance to show up?  [$bitcoin->getbalance($username,0)]
3. $bitcoin->move($useraddress, $myaddress, $amount)  is a change of bitcoins between addresses within my wallet, so this should be offchain and instantaneous, right?
4.  How can some gambling dice sites like coinroll.it ( https://bitcointalk.org/index.php?topic=191176.0) accept unconfirmed transactions and lets  people play instantly? are they just taking the risk or there is something that I am not aware of.
5. How can I test out my bitcoind/php application with testnet? Anyone has any experience of this?
6. Suggestions on Security are welcome...

I am going to make parts of my code open source when I figure this shit out.

1. if a user can buy one time, it's ok. but if someone can buy A/B/C/etc items, use different address (so you can track what did he buy and what not. and use user_id !
3. 3-4 confirmation is need for avoid double spell, thats 1 hour (~15 min is btc blocktime)
4. risk
5. run the daemon with -testnet parameter
6. run the main (=$myaddress) node at different server. and the purchase checker nodes send the money to this server.

Elbandi

Thanks for the response mate!

1. So you are suggesting, I generate different addresses for the same user everytime he wants to deposit bitcoin in my web app? Is there a reason for that (security may be?) why can't he just deposit how ever much bitcoin he wants in his generated address, and I keep deducting the right amount whenever he makes a purchase. That seems less complicated, doesn't it?

3. Thanks!

4. Thought so!

5. I will have to play with it before I screw up with real money

6. Ah thank you!  - but the moment I use move between two wallets ...doesn't that become "one the blockchain" so to speak? not that it is terribly important for me to be offchain.

Using the -testnet parameter aren't you supposed to mine for testnet coins first ? or are they just available directly .. im notsure about that one

Ref point number 1 if this is the first time user purchasing something then generate a new address and save that address in database corresponding to his username, he comes back to make another purchase check the database if that username have any bitcoin address allocated to him if yes show him the same address otherwise generate a new one.

P.S wheres the point not 2 ??? Do you count like 1,3,4,5,6,7, and so on ?

haha, was responding to elbandi ...he did not bring up 2


I figured, I would use some testnet faucet to get hold of testnet BTC somehow. I have not really thought it through.