fixed the deploy, but i still cant seem to figure out why you are not seeing the charset properly ?
|
|
|
yep just noticed the same when checking mobile except the charset.
i was in to much of a hurry earlier today and deployed a buggy version.
i cant update for atleast another 12-14 hours as im bussy for a sec. im rlly sorry about the bad deploy.
can you provide more info regarding the charset, your browser, os, etc. as it displays proper for me ..
thx in advance.
|
|
|
UPDATE: all accounts, rolls and stats have been cleared, will now start testing the withdrawals with hexafraction
If all goes well we will be live before the end of this week !
|
|
|
changes:
-seedForm is sanitised upon submit -hide seedform between roll nand next roll (did not make sence changing seed when looking at result) -username minimum 6 chars -passwords minimum 8 chars -added captcha to faucet
i think we are going to be ready pretty soon ...
|
|
|
Any good bitcoin enthusiast,remove its backdoor and make it open source stuff voluntarily,
So that U can make money at the cost of other's sweat ? this
|
|
|
Very easy to do. Assuming you are going to take the time to root out manually the scammers, all you would need to do is use wordpress or some other (maybe tikiwiki?) cms, and keep adding to it.
It would be easier to do it manually, IMO, and a human touch is always better then a situation where someone is falsely accused.
If you want webspace for this, let me know. I can help you out free of charge.
same here, and can surely spare some dev hours here and there for the good cause
|
|
|
Vulnerabilities ^_^:
XSS (Cross site scripting) in the change seed thingie. "><script>alert(document.cookie)</script> There is also no CSRF protection on this either. Video: http://gyazo.com/9eaa38097d913eb8b78cd957a94e607ePossible places for vulnerabilities:
->On the withdraw page, you've got 2 post variables userAmount and realAmount. It seems that you validate userAmount but not realAmount. I cant test it as I cbf depositing $3 into your site but just make sure that the user cant put userAmount = 0.01 and realAmount = 5 and it will send them 5BTC sort of thing. I doubt you can, but just a heads up. -> You're able to do negative numbers on roll amounts. Although this probably wouldn't change anything, there isn't any validation for this. Silly errors:
0.00000100 BTC divide by 2 doesn't equal 5.70000000 . Video: http://gyazo.com/323eeb6bcc6deef1035005d2ea9b2300Suggestions:
-> Require a minimum password length. I could have one character and it would accept it. This is just in case of a DB leak, although it's not going to really help that much. -> Cloudflare would probably be good. ill add a token and a sanitiser to the clientseed form today. regarding the useramount. all calculations and processes are based on useramount. so if useramount is messed with. it doesnt really matter. it gets displayed. and is an inpit yes. but does not get processed (havent watched videos yet, im on mobile atm) so ill adress those as soon as i can pass length: your 100% right ill add you to the list of rewards and ill reply regarding the videos when i gwt to the office. thx
|
|
|
im liking the new design, really starting to look nice he
|
|
|
update: i wont be working much this weekend so ill see you guys monday!
no feedback on the new design and ajax implementation?
thx
decided to work after all more changelog: security changes confirm 2-fa auth code before actually enabling 2-fa added "points" changes to deposit modal dont allow faucet if balance > 0 faucet added blockchain api fixes info on transactions screen withdrawal iframe changes ajax betting errors fixed stay informed option on profile massive ajax changes Will i be rewarded for giving my opinions&helping u? for opinions, no, because everyone has them For helping ? Well like a stated in my first post, anyone who finds a bug gets rewarded, other then that, any info provided to me, that i feel is substantial, gets a reward.
|
|
|
update: i wont be working much this weekend so ill see you guys monday!
no feedback on the new design and ajax implementation?
thx
decided to work after all more changelog: security changes confirm 2-fa auth code before actually enabling 2-fa added "points" changes to deposit modal dont allow faucet if balance > 0 faucet added blockchain api fixes info on transactions screen withdrawal iframe changes ajax betting errors fixed stay informed option on profile massive ajax changes
|
|
|
Although it's a good idea but it will take a lot of work, as others have already suggested you would have a hard time deciding who to trust, if someone accuses someone else of scamming, you need to have a way of getting to the bottom of the truth and prove before tagging them as scammers. If you have resources and you can do this, go ahead but make sure you have proofs before putting up names.
exactly. you would need a way of verifying that the erson providin feedback on a sepcific transaction, is in fact the peron owning the sending wallet, and the person receiving the money, to be te actul owner of the receiving wallet. if you can verify this. then your good to go i guess no ? bu t theres no way of doing this. . so how about taking it a step higher, you could create a platform to do just that (dont ak me how) an whil i kno most ppl use btc BECAUSE its anon, but im sure there are many people that would benefit from a platform to vetify wallet owners, both owners and checkers would benefit obviously edit: you CAN do this !! heres how, to verify a wallet owner. have them send 0.0000001 to a specific address. BOOM. "veriied" its how pp verifies your bnking account aswell im liking this idea !! someone better jump on ths before i do ... edit : srry for typos. typin on mobile
|
|
|
hi. im a developer located in Belgium. feel free to get in touch if interrested
|
|
|
or how about. instead of identifying scammers, make something to identify trustworthy bitcoin adresses..
(sort of like the trust system here)
where you can only give someone "positive" trust. when a transaction actually occured from that adress to yours. amount of trust based on btc amount, again, like the system on this forum.
because indeed. how are you going to prevent false feedback ? only allow feedback upon transactions i guess ?
|
|
|
hi
your english
mcuh impresivve
i so impress
with u english
i will not
give u domain
u can get cheap
at namecheap
but i highly
discourage u do dis
if u cannot speek
enlish
Really, if you can't even speak English, why are you aspiring to create your own faucet? Apart from that, I don't recommend JpFaucetNet simply because of their super high and shitty setup fee.
Other than that their service might be nice.
hahaha. but all kidding apart, he might be building a faucet catering to another country.. but i agree, proper English would defenantly help you out.. as you will be dealing with English speaking companies (most likely)
|
|
|
update: i wont be working much this weekend so ill see you guys monday!
no feedback on the new design and ajax implementation?
thx
|
|
|
Also, hexa, can you pm me the name of one of your test accounts on the site, so i can start making preperations for the testing of the transactions, i will disable them for all users except the ones i choose
EDIT: just deployed some significant design changes, working on ajax now
EDIT: just added an ajax implenetation, check it out and see if you guys like it ..
also, i know that error reporting is broken atm, due to the ajax, so i'll get to that very soon (bet too small or big will not give a visual error atm)
|
|
|
change the name of you phpMyAdmin, and the index.php within said folder to secure it.. Oh, and remove it from your root directory, it does'nt need to be in the root to work phpmyadmin has been secured. Ive also added google authenticator!
|
|
|
Update
deposit and withdrawal are finished, but disabled atm (you wont see the buttons, only specific users will...)
profile page is done, will let you change your password, email adres and bitcoin payout wallet.
113ef50 layout and type fixes + missing url 1f854b8 fixes 7755abe more withdraw stuff aa3d268 change wallet id via profile a34j268 change email via profile 8f0d478 change password via profile 0322c64 more on withdraw d4ba0af more on withdrawls 7e61540 link to has info page, on transactions page 7998ff3 deposit fix 589b719 many changes + more deposit stuff 2277e2c many changes + more deposit stuff ed3aaff many changes + start deposit stuff
|
|
|
Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.
the phpmyadmin will be hidden soon, but like i said. its the phpmyadmin for a different server.. 2way auth will be added aswell and regarding the email adress, ill make it so its optional, so you can set one, IF you want. in case of pass resets if forgotten and the ability to change your pass when logged in. just woke up. will be starting work in a few hours. will deploy asap
|
|
|
quick update. on mobile. not much time
implemented withdrawls and deposits. havent deployed yet. i will this evening or tommorow.
thx
s
|
|
|
|