PHP Wallet

[coder_guy]

Here is my dilemma. I have read up a bunch, but somehow, I still haven't been able to figure out if its possible to create a PHP bitcoin wallet where I can do the following:
-Check if I received payments dynamically.
-Send payments dynamically.
-Create new addresses dynamically.

 

I have the following resources available:
-A C-Panel server with MySql and PHP.
-An okayish amount of experience with PHP/Mysql

Obviously I would forward all payments from my wallet on the server to my personal wallet within seconds, so it doesn't really matter if it is some kind of non-persistent stored-in-memory wallet that will be screwed by a crash/shutdown.

Any tips? So far, all I've been able to find is a bunch of services that offer to do this FOR me, and how to use those services. What I really want is to do it by myself

[01BTC10]

There is a Bitcoin API. Hope this can help.

https://en.bitcoin.it/wiki/API_reference_(JSON-RPC)#PHP

[coder_guy]

I've actually been using bitcoin (for making payments) for a while now. Now I want to integrate it in one of my scripts

I saw the API, but that requires (if I'm understanding it correctly) command line access to the machine as well as additional tools being installed. Which means, the more I think about it, my goal is fairly unrealistic. Maybe my best bet is to simply create a bunch (like a ton) of extra address on my own machine (manually), copy the list of addresses to my server, so each new user for the next X users gets a single address on my computer associated with it, then use blockchain.info to verify payments were made? That seems a bit roundabout... but ya gotta do what y a gotta do.

[01BTC10]

You need to configure bitcoind RPC port and userpass to use the API without command line. Then you can interact remotely with the wallet without any command line. But it could be a major security issue if not implemented the right way. (By using a hot and cold wallet + SSL)

[coder_guy]

Also: How about the blockchain.info services? They claim they have ways to make it work for 0 fees, except they always seem to charge 1.5% even if I dissable the "anonymous payment" option.

[adamstgBit]

I'm also thinking about integrating a wallet on my site.

and i think installing bitcoind to mange the wallets is very scary. I'm thinking the safest way to go is to use what they call a "watch only" wallet. which is exactly what you described above.

deposits can be handled automatically, bitcoinmonitor.net can send a POST request to your php script every-time someone sends some coins to one of the addresses your watching. (not sure is blockchain.info can do this too)

withdraws are done manually within 24hour.

I think users will not mind the the long wait for withdraws, because they know their coins are safe in cold storage, and users are less likely to use the site as a ewallet, which is not what its meant for.

running bitcoind on a server manged by a third party is a HUGE security risk.

[gweedo]

running bitcoind on a server manged by a third party is a HUGE security risk.

This is true, but if done right, you shouldn't have anything worried about. I usually setup a frontend server and a backend bitcoind vps which allows it be off of any nmap attacks or any probes. But linux security and bitcoind security if done right you will not have to worry about if your server is managed by a third party, back up the wallet to your personal computer just so you can get your funds if they do shutdown your server.

[coder_guy]

I'm also thinking about integrating a wallet on my site.

and i think installing bitcoind to mange the wallets is very scary. I'm thinking the safest way to go is to use what they call a "watch only" wallet. which is exactly what you described above.

deposits can be handled automatically, bitcoinmonitor.net can send a POST request to your php script every-time someone sends some coins to one of the addresses your watching. (not sure is blockchain.info can do this too)

withdraws are done manually within 24hour.

I think users will not mind the the long wait for withdraws, because they know their coins are safe in cold storage, and users are less likely to use the site as a ewallet, which is not what its meant for.

running bitcoind on a server manged by a third party is a HUGE security risk.

This is essentially what I want to do, only I don't see how I could possibly do such a thing using only normal (and cheap) webhosting services.

I'd still like input as to whether you think making like 1000 addresses manually, on my computer, then making a huge list of them on my webhost, and assigning each new user to one, then using one of these sites as a way of monitoring transfer(s) to that e-wallet, would be a good way of doing it. Remember, I only have PHP and Mysql available to work with.

[salfter]

Maybe my best bet is to simply create a bunch (like a ton) of extra address on my own machine (manually), copy the list of addresses to my server, so each new user for the next X users gets a single address on my computer associated with it, then use blockchain.info to verify payments were made? That seems a bit roundabout... but ya gotta do what y a gotta do.

That's the intended purpose for the bulk-wallet feature of bitaddress.org. Have it generate a bunch of addresses on an offline machine. Filter out the private keys to produce a list you can INSERT into a database table. You can import the private keys into bitcoind for monitoring, or to sweep incoming funds to a paper wallet.

[w00ty]

You'll run into problems with people using up the addresses faster than expected, either maliciously or accidentally.

Create some sort of API, and have the server talk with a daemon you have set up to relay such things as new address creation, request current balances, etc, to bitcoind.

[coder_guy]

Can somebody please explain bitaddress.org? I see it generates addresses. Couldn't I just use their source to allow my webhost (heck, even a free one!) to generate an address whenever a user signs up, and save in a DB somewhere that bitcoin address and the private key? Then when I want to spend bitcoins, I just import the private keys into my local machine and POOF, tons of coins?

And also, one more thing, how do I import the private key into my wallet? Do I just copy it into wallets.dat? (My wallets.dat file is encrypted, so I doubt that would work).

Thanks!

[gweedo]

Can somebody please explain bitaddress.org? I see it generates addresses. Couldn't I just use their source to allow my webhost (heck, even a free one!) to generate an address whenever a user signs up, and save in a DB somewhere that bitcoin address and the private key? Then when I want to spend bitcoins, I just import the private keys into my local machine and POOF, tons of coins?

And also, one more thing, how do I import the private key into my wallet? Do I just copy it into wallets.dat? (My wallets.dat file is encrypted, so I doubt that would work).

Thanks!

there is a

Code:

importprivkey <bitcoinprivkey> [label]

command

remember to unlock your wallet first

[coder_guy]

Can somebody please explain bitaddress.org? I see it generates addresses. Couldn't I just use their source to allow my webhost (heck, even a free one!) to generate an address whenever a user signs up, and save in a DB somewhere that bitcoin address and the private key? Then when I want to spend bitcoins, I just import the private keys into my local machine and POOF, tons of coins?

And also, one more thing, how do I import the private key into my wallet? Do I just copy it into wallets.dat? (My wallets.dat file is encrypted, so I doubt that would work).

Thanks!

there is a

Code:

importprivkey <bitcoinprivkey> [label]

command

remember to unlock your wallet first

Wow! Great!

Then this just became a lot easier.

Run with me to get the process straight.

Step 1: Implement some form of this (https://github.com/pointbiz/bitaddress.org) on my webserver. Not sure how (I'll get to that part later )
Step 2: Make a function generateaddress() that creates a bitcoin address and a private key.
Step 3: Assign each user that signs up an individual address.
Step 4: Wait for payments to come
Step 5: Whenever I feel like it, I log onto my webhost, download all the private keys, and import them all using importprivkey. Probably delete them from the webhost after I do this.

Sounds good. The only part that sounds potentially deadly is turning https://github.com/pointbiz/bitaddress.org into a php function that generates an address and stores the private key. But at least that sounds dooable!

[coder_guy]

Well screw. I knew it couldn't be that easy.

So nobody can think of any way of safely generating bitcoin addresses on the fly from a server with only PHP/HTML/Javascript?

[w00ty]

I still stand by my API idea, but most PHP installations will have SSL, and a scraper would be fairly easy, the containing divs are conveniently named "pubaddress" and "private"

[coder_guy]

I agree your API idea is great, but I simply don't have the resources to set it up. I only have PHP, HTML, and Javascript. Using these 3 tools I must somehow accept payments securely.

[Deafboy]

if done right you will not have to worry about if your server is managed by a third party

Go and tell that to Linode users

[gweedo]

if done right you will not have to worry about if your server is managed by a third party

Go and tell that to Linode users

Those wallets were unencrypted so yea I will tell the linode user, they didn't do it right.

[coder_guy]

Okay, one final thing. I think I've finally got this all implemented (I just made a huge list of addresses, exploded them, and imported into database) but I can't find some stuff that should honestly be very simple: I.e, a way of finding total amount sent to a specific wallet.

Basically I want the "total received" and "final balance" values found on pages like this one: http://blockchain.info/address/194FMenoHY4QjwF2VqeZGGfVDLLtNZGmnt.

I could just get the HTML of the page and filter it out of there, but then they add one more tag to their HTML in the wrong place and my site is screwed over. Is there a simpler/better way of doing this?

Thanks.

[PrintCoins]

I just use the api on this page
http://blockexplorer.com/q
to find out how much has been sent to an address.

I generate about 1000 addresses on bitcoinaddress.org and import them into my wallet. I take the csv bulk wallet, import into excel, and copy out the public addresses. I paste them into mysql in the server as a table of unused addresses. I then mark them as used whenever I add them to an order.

If you need more nitty gritty details, just ask (I know I just glossed over it all).