Title: PHP / BTC Handling users xfers Post by: chrusso on August 02, 2018, 03:10:21 AM Hi everyone!
I'm looking for a minimal PHP / BTC system that allows users to transfer bitcoin into the website, generating a new address for each transfer, and enabling them to withdraw to any address they specify when requested. To be honest, I find this source very useful: https://github.com/zonedoutspace/BitWallet But in the other hand, being a development from 2015, I'm worried that there could be some public known security issues on it. Does anyone have any recommendation about how we could implement it, if it's safe, or if there's any other similar system that would allow us to handle the bitcoin xfers internally? We already have a working system, database and users. Kind regards; Chris C. Russo Title: Re: PHP / BTC Handling users xfers Post by: Coin-1 on August 02, 2018, 08:40:40 AM To be honest, I find this source very useful: https://github.com/zonedoutspace/BitWallet But in the other hand, being a development from 2015, I'm worried that there could be some public known security issues on it. I looked at this PHP-code. It seems that it locally works with JSON-RPC of bitcoind. I guess there is no any public known security issues. Perhaps this code is needed to be updated slightly. Just try to use it. Title: Re: PHP / BTC Handling users xfers Post by: bob123 on August 02, 2018, 11:04:40 AM To be honest, I find this source very useful: https://github.com/zonedoutspace/BitWallet This seems to be fine. I didn't find anything critical/vulnerable within 10 mins looking at it. This does NOT mean that it is safe to use. This does only mean there is nothing too obvious to find. The proper way of implementing such a system would be to build it yourself. Thats the only way you can be sure of what your system is really doing. This does of course require knowledge and time to be available. Depending on what kind of service you are providing (i.e. amount of users, amount of BTC involved, etc..) building it yourself with security in mind might be the only way to be (as good as possible) secured against malicious actors. Title: Re: PHP / BTC Handling users xfers Post by: Initscri on August 03, 2018, 04:46:17 AM It really depends on if you're willing to use a hosted API solution, or you HAVE to host the Bitcoin wallet yourself? You could leverage an API, for example: https://www.blockchain.com/api
I've leveraged this in the past to create wallets/addresses, detect transactions, etc. And then I would simply move the funds in excess over to cold storage using the API as well. Using an API would be infinitely more simple, but obviously there is some risk there if you don't program it correctly. If you use cold storage along with an online wallet API, it should be fine. Title: Re: PHP / BTC Handling users xfers Post by: chrusso on August 05, 2018, 04:53:33 AM Thanks everyone!!
It's actually for a game, not betting exactly, but an strategy game, based on bitcoin. We have been working on the game during the last months, and it's time to make the BTC implementation. I was as well considering to use a service, such as blockchain.com/api or blocks.io, but: 1) Do these services have any option that allow us to create temporary wallets for our users and then forward the funds into our "hot wallet"? Xfers should be redirected from the temporary wallets into the hot wallet and kept on it until a user requests a withdraw. As well we need to transfer our gains into our "cold" wallet for storing company profits, from the hot wallet. So, basically, it would use: - Quick self created wallets to receive and track user's deposits. - Transfer user's deposits into the hot wallet. - withdraw from the hot wallet to a user defined account. - withdraw from the hot wallet to a cold wallet the profits. Would you recommend any company? Kind regards; Chris Title: Re: PHP / BTC Handling users xfers Post by: Initscri on August 05, 2018, 08:15:18 AM Thanks everyone!! It's actually for a game, not betting exactly, but an strategy game, based on bitcoin. We have been working on the game during the last months, and it's time to make the BTC implementation. I was as well considering to use a service, such as blockchain.com/api or blocks.io, but: 1) Do these services have any option that allow us to create temporary wallets for our users and then forward the funds into our "hot wallet"? Xfers should be redirected from the temporary wallets into the hot wallet and kept on it until a user requests a withdraw. As well we need to transfer our gains into our "cold" wallet for storing company profits, from the hot wallet. So, basically, it would use: - Quick self created wallets to receive and track user's deposits. - Transfer user's deposits into the hot wallet. - withdraw from the hot wallet to a user defined account. - withdraw from the hot wallet to a cold wallet the profits. Would you recommend any company? Kind regards; Chris They have a wallet API here: https://www.blockchain.com/api/blockchain_wallet_api That will allow you to create a wallet on behalf of the user using the API. You could also just a address method, and save every address connected to a user in a database of your own. But obviously leveraging a wallet API and having each user have their own wallet is more ideal. I've worked on something similar in the past, it wasn't super difficult. I'd recommend blockchain.com's API, provided you have code to send the BTC to cold storage eventually |