1141
|
Bitcoin / Project Development / Re: [Pre Alpha] PHPCoin
|
on: August 15, 2011, 12:58:22 PM
|
BTW, those "hacker forums" are normally like those guys who finish high school virgins; they make the hardest and most long shot attack look like the easiest thing around, yet they never actually did any, just like those boys who never actually got anyone but will jump on claim to had half of the school girls.
I love how you bring up the "hacker forums" talking about them being high school virgins. I used to be one of the main PHP coder for our group on hack forums. Hack Forums is not a hacking Forum, is a Social Network for Wannabe Hackers... Gotta Love them though, and respect them for trying to help. The Typical Hacker: -) Had an above average grade in school (didn't do so well in history, excelled in math). -) Over exaggerated number of girlfriends in high-school (probably 2-3 would be the truth, but they end up saying they had 10-20 girls). The Hacker that Manipulates People: -) Did well in Math (Thinks in Logic), had a decent grade in History (still hates it), loves English. -) Exaggerates number of girlfriends by a little-bit but just enough to make you believe them (roughly 5-7). ...there are more, but that's about the only two categories I've been in.
|
|
|
1142
|
Bitcoin / Project Development / Re: [Pre Alpha] PHPCoin
|
on: August 15, 2011, 05:50:33 AM
|
Ok, lets state some facts that i found:
1) Entire system is exploitable with XSS. 2) Entire system lacks CSRF protection. 3) Messy structure, mixed frontend/backend could lead to mistakes and issues. 4) Stupid not to filter _ALL_ inputs, not just the ones that does SQL-queries. (It's easier and safer) 6) Never ever trust ANYTHING a user enters. That includes amounts(!) and lengths of all inputs. 6.1) I've seen DDoS attacks with users entering huge amount of data to make the server do 50000 hashes on a string thats a couple of MBs.
For fuck sake, cannot SOMEONE learn to develop correctly structured PHP? It's not _THAT_ hard. Implement a MVC structure or base the project on some open source frameword (CI, Symfony, Zend or whatever) This will also take care of 90% of the security you guys are talking about.
CI have a neat implementation of prepared statments (that's really easy to use) and Symfony/Zend have similar ORM's.
Advices from someone that have actually developed PHP for the past.... many years.
These are easy things to fix. Thanks for pointing them out. I'll be sure my site get's updated with these fixes by tomorrow.
|
|
|
1146
|
Economy / Lending / Re: Loan request
|
on: August 15, 2011, 03:20:32 AM
|
Give this forum a shot, I'm trying to make feedback the core if it.. http://btcmarket.usIt has been quite difficult to get traffic though.. That's because you are using SMF...derp I don't understand your derp... Bitcoin Forum is running on SMF... Without the Bitcoin Community, this forum would be dead. You need a few things like Moderators.
|
|
|
1147
|
Economy / Speculation / Re: Quick math question.
|
on: August 15, 2011, 03:19:09 AM
|
Thanks alot man, you should put your donate address on the page.
I will donate when I mine a few more.
Glad other people think this was a good idea too!
Mike
Thanks, added to the page. If anyone has something I should add, let me know. other way around. like how much money equals bitcoins minus fee. I don't understand.
|
|
|
1154
|
Other / Beginners & Help / Re: Just did the most newb thing ever...
|
on: August 14, 2011, 09:58:34 PM
|
Under the condition of a normal environment (a computer [win,linux,mac...]), there is a very LOW chance of you getting the wallet.dat back. As for an Android, I don't understand it's environment nor the environment the developers used.
My guess: There isn't a way to get it back on the phone.
|
|
|
1155
|
Bitcoin / Project Development / Re: [Pre Alpha] PHPCoin
|
on: August 14, 2011, 09:53:49 PM
|
No, that line means:
If no account is selected, then select <account Prefix from config>_<user id>_<first account - which is ALWAYS 1>
if you do this, and taken $account_id isn't set, will mean PC_1_<nothing here... empty>
Ah, yes...my bad.
|
|
|
1156
|
Bitcoin / Project Development / Re: [Pre Alpha] PHPCoin
|
on: August 14, 2011, 09:46:19 PM
|
Just created a GitHub repo: https://github.com/BCEmporium/PHPCoin@Xephan; Fair enough, I'm not up to waste time in those sort of discussions. But to the end, if one gets your db, other than a dump: mysql_query("UPDATE users SET `password` = '$mynewHash' WHERE uid = $target_id"); or, moving with money: mysql_query("UPDATE users SET `balance` = 10000000 WHERE uid = $my_id"); Bottom line, "assuming that someone can get the database" isn't security. If someone gets the db is already too late... only solution probably: sudo /etc/init.d/mysql stop && shutdown -hP now Attached to that "theoretical" exploit, would be good to have auto-forwarding on. Also, thanks for pushing to github. [Edit]: Just looked at the index.php and noticed something that could be changed. if(!isset($_SESSION['btaccount'])) $_SESSION['btaccount'] = $config['account_prefix']['value'] ."_" . $_SESSION['id'] . "_1"; Instead of _1, have it do _".$accout_id;
|
|
|
1157
|
Bitcoin / Project Development / Re: [Pre Alpha] PHPCoin
|
on: August 14, 2011, 07:48:25 PM
|
Arg, I forgot to add the command for adding a new account in the bitcoind environment when making a new account. So, what's your updates looking like? Sorry... damn! Changing OS is a pain Tried with VirtualBox to fire my Debian VM, but it was eating 100% CPU, means this was slower than a turtle with a broken leg. Then software; 1st try: Geany, now trying Aptana Studio. Coding the Admin block now. I'll drop you a PM with my updates and you can choose whether or not to use them.
|
|
|
1159
|
Bitcoin / Bitcoin Discussion / Re: What if mining gets less expensive?
|
on: August 14, 2011, 01:04:52 PM
|
I can see it now... You first thought "Free money with your CPU"? Then it was "Little bit of money to buy a decent GPU"?? Now it's "FREE MONEY FOR " Oh yeah, MIND POWER! Our brains have something that computers won't have... Understanding, we can see patterns. Oh, what's that?? You say computers can do that as well?? Who designed the pattern reader?? o.O --Sorry, tired...
|
|
|
1160
|
Economy / Trading Discussion / Re: I admit to being a scammer, and having multiple accounts.
|
on: August 14, 2011, 12:48:30 PM
|
are you the same guy that scammed me over $800? can you please fukin pay me that amount back? and even if you're not him, can you pay me that amount back anyways for his actions? all scammers are the same to me. it left a really bitter taste in my mouth paying with non-reversible bitcoins to purchase items. that was my very first BTC transaction too
|
|
|
|