Bitcoin Forum
December 08, 2016, 04:30:49 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 »  All
  Print  
Author Topic: [Pre Alpha] PHPCoin  (Read 9832 times)
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 14, 2011, 12:26:06 PM
 #1

I'm starting a new project to go GPL OpenSource, I named it PHPCoin.

Here's the draft idea:

Basically it is a PHP frontend to bitcoind, which can be used for the local user or in a multiuser (mybitcoin-like) environment, operating as a bitcoin concentrator.
The modular system will allow also to attach modules as MtGox/TradeHill/etc analyzers.
The cron system will allow features as recurring payments or coin forwarding.
Allows creation of multiple accounts for the same user. Say: Account 1 - regular account, Account 2 - savings account... and so on. Each account will have different bitcoin addresses.
Bitcoin transactions are all moved to a central account, the movements and balance are recorded and managed by MySQL.

So far I'm finishing the login and register functions, but need a designer's help. If you interested, PM me.


As password security is the subject of the moment, due that MtGox thing, here's my system's function for it:

Code:
<?php
       $salt 
md5(rand().$name.microtime());
       
$passh hash("ripemd160",$pass.$salt);
       
mysql_query("INSERT INTO users(user,pass,name,email) VALUES('$user','$passh','$name','$email')");
       
$myuid mysql_insert_id();
       
mysql_query("INSERT INTO salt(uid,salt) VALUES($myuid,'$salt')");
       
$success "You're now registered to this system";
?>



Pre-Alpha can be downloaded from:

http://www.bcommerce.biz/phpcoin-pre-alpha-release.zip
1481171449
Hero Member
*
Offline Offline

Posts: 1481171449

View Profile Personal Message (Offline)

Ignore
1481171449
Reply with quote  #2

1481171449
Report to moderator
1481171449
Hero Member
*
Offline Offline

Posts: 1481171449

View Profile Personal Message (Offline)

Ignore
1481171449
Reply with quote  #2

1481171449
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
RJau
Member
**
Offline Offline

Activity: 74


View Profile
July 14, 2011, 01:45:46 PM
 #2

Is there a 1 - 1 ratio of gambling apps to developers in the BtC Community? hehe

Are you just looking for a designer? or other PHP programmers?

Im looking for projects Smiley

What is the eventual goal/vision of this project? Sounds interesting.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 14, 2011, 01:50:32 PM
 #3

By now just someone with good design skills, later, as I publish it to GitHUB or SourceForge, PHP developers may join too. At this stage would mess up a bit as we may use different coding ways, making it inconsistent.

The overall goal is to provide an OpenSource system able to be used locally (like SWAT for Samba for an instance), or served in the web for services like MyBitcoin.
idev
Hero Member
*****
Offline Offline

Activity: 846


View Profile WWW
July 14, 2011, 08:05:27 PM
 #4

By now just someone with good design skills, later, as I publish it to GitHUB or SourceForge, PHP developers may join too. At this stage would mess up a bit as we may use different coding ways, making it inconsistent.

The overall goal is to provide an OpenSource system able to be used locally (like SWAT for Samba for an instance), or served in the web for services like MyBitcoin.

Been looking for something like this for quite a while,
please let us know when its up.

Cheers
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
July 15, 2011, 12:01:40 AM
 #5

As password security is the subject of the moment, due that MtGox thing, here's my system's function for it:

Code:
<?php
       $salt 
md5(rand().$name.microtime());
       
$passh hash("ripemd160",$pass.$salt);
       
mysql_query("INSERT INTO users(user,pass,name,email) VALUES('$user','$passh','$name','$email')");
       
$myuid mysql_insert_id();
       
mysql_query("INSERT INTO salt(uid,salt) VALUES($myuid,'$salt')");
       
$success "You're now registered to this system";
?>


Your method is not good enough (not mentioning it seems you are not escaping properly variables when passing them to mysql).

I could do 50000 iterations of ripemd160 in 94.16ms without any optimization. I'd suggest you at least add some iterations to make bruteforcing harder.

BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 15, 2011, 01:01:24 AM
 #6

Hi M'Tux,

Yes, to go live on internet with this system I intend to create some modules, changing passwords to SHA, enforce SSL and add captchas to prevent brutteforcing.

About SQLi, vars are passed this way:

Code:
<?php
isset($_POST['user']) && trim($_POST['user']) ? $user makeSQLSafe(trim($_POST['user'])) : $e[] = "Username missing!";
//... which means to call the function bellow
  
function makeSQLSafe($str){
      if(
get_magic_quotes_gpc()) $str stripslashes($str);
      return 
mysql_real_escape_string($str);
  }
?>

smoothie
Legendary
*
Offline Offline

Activity: 1848


LEALANA Monero Physical Silver Coins


View Profile
July 15, 2011, 07:27:06 AM
 #7

Hi M'Tux,

Yes, to go live on internet with this system I intend to create some modules, changing passwords to SHA, enforce SSL and add captchas to prevent brutteforcing.

About SQLi, vars are passed this way:

Code:
<?php
isset($_POST['user']) && trim($_POST['user']) ? $user makeSQLSafe(trim($_POST['user'])) : $e[] = "Username missing!";
//... which means to call the function bellow
  
function makeSQLSafe($str){
      if(
get_magic_quotes_gpc()) $str stripslashes($str);
      return 
mysql_real_escape_string($str);
  }
?>


Got any screen shots?

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.        SMOOTHIE'S HEALTH AND FITNESS JOURNAL          History of Monero development Visualization ★☆ .
LEALANA  PHYSICAL MONERO COINS 999 FINE SILVER.
 
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
July 15, 2011, 07:32:05 AM
 #8

How will this be different from bitcoin-php?  I guess your description is generic enough that I don't quite understand what the purpose of it is...
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 15, 2011, 11:24:28 AM
 #9

How will this be different from bitcoin-php?  I guess your description is generic enough that I don't quite understand what the purpose of it is...

What is bitcoin-php? The only thing I know by such name is a class.

@smoothie

Not yet. Will put as soon as the basic functions are done. I'm around editing own account at the moment.
zamgo
Jr. Member
*
Offline Offline

Activity: 32


View Profile
July 15, 2011, 11:46:30 AM
 #10

I'm starting a new project to go GPL OpenSource, I named it PHPCoin.

Great!  The PHP/bitcoin world needs more open source projects.


By now just someone with good design skills, later, as I publish it to GitHUB or SourceForge, PHP developers may join too. At this stage would mess up a bit as we may use different coding ways, making it inconsistent.

With all due respect: Good intentions are nice, but released code is what makes an open source project alive.

Release the code early and often.  Don't worry about ugly code, don't worry about bugs.  Those things can and will be fixed down the road.  Nothing will get messed up.

DO worry about your project turning into vaporware if you don't release code soon. 

If you're interested in browsing some bitcoin-related PHP open source projects:

https://github.com/mikegogulski/bitcoin-php
 - Bitcoin library for PHP
 - a basic PHP class for interacting with bitcoind
 - Hasn't been updated for a while, but still usable

https://github.com/zamgo/bitcoin-webskin
 - an open source PHP web interface to bitcoind 
 - my own project Wink
 
and a lot more out there on github and other places...
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 15, 2011, 02:37:56 PM
 #11

While start to draft the most important part of the site, the CRON, here're two screens of it so far:




Let me explain also how I had this idea: I want to move my coins to a "minimalistic" Debian VM, and this is a way to access and manage the wallet on that VM.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 15, 2011, 03:17:44 PM
 #12

Your method is not good enough...

But your method was..  Roll Eyes

Too bad people only learn after the trouble...  Tongue

naturallaw
Jr. Member
*
Offline Offline

Activity: 56


View Profile
July 15, 2011, 04:04:07 PM
 #13

Hi M'Tux,

Yes, to go live on internet with this system I intend to create some modules, changing passwords to SHA, enforce SSL and add captchas to prevent brutteforcing.

About SQLi, vars are passed this way:

Even though your way is secure (as long as you remember to call your function on all the values) I'd recommend using prepared statements with PDO, much cleaner and safer. Take a look on the PHP manual for more info.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
July 15, 2011, 04:07:31 PM
 #14

Well, this could be extremely useful for a project I have coming up!  Here's to hoping you get it finished up soon.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 15, 2011, 04:20:55 PM
 #15

Even though your way is secure (as long as you remember to call your function on all the values) I'd recommend using prepared statements with PDO, much cleaner and safer. Take a look on the PHP manual for more info.

PDO requires PDO and PECL, that's already alone dirtiest than dirt can be.  Wink

As I'm off now for a while, here's the incomplete code of the cron (it should run like each 5 minutes by php-cgi or so), hope this already gives you a better clue of what I'm working on:

Code:
<?php
  define
("_V",1);
  
//This file must NOT be accessible from the Web!
  
$coin_install_path "/web/default/public_html";
  include(
$coin_install_path ."/sys/config.php");
  include(
$coin_install_path ."/inc/general_functions.php");
  
error_reporting(E_ALL);
  
ini_set("display_errors",1);
  include(
$coin_install_path ."/classes/jsonRPCClient.php");
  
  
//Starting CRON sequence
  
  
$b = new jsonRPCClient("http://$btc_user:$btc_pass@127.0.0.1:8332");
  
  
//Checking for new deposits
  
$accounts $b->listaccounts((int)$config['confirmations']['value']);
  
  foreach(
$accounts as $k => $a){
      if(
$a == 0) continue; //Nothing to do
      
$acc explode("_",$k);
      if(!
is_array($acc) || sizeof($acc) != 3) continue; //Invalid account identifier
      //Get the account
      
$sql "SELECT * FROM accounts WHERE uid = {$acc[1]} AND account_id = {$acc[2]}";
      
$q mysql_query($sql);
      if(!
mysql_num_rows($q)) continue; //Account not found
      
$act mysql_fetch_assoc($q);
      
$b->move($k,$config['central_account']['value'],$a);
      
$prevBal 0;
      
$sql "SELECT balance FROM movements WHERE account_id = {$act['id']} ORDER BY id DESC LIMIT 0,1";
      
$q mysql_query($sql);
      if(
mysql_num_rows($q)){
          
$pbal mysql_fetch_assoc($q);
          
$prevBal $pbal['balance'];
      }
      
$newBal $prevBal $a;
      
mysql_query("INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`) VALUES({$act['id']},'".date("Y-m-d H:i:s")."','Bitcoin deposit',$a,1,$newBal)");
      
mysql_query("UPDATE accounts SET balance = balance + $a WHERE id = {$act['id']}");
      
      
//Check if account is forwarded
      
if($act['forward'] == 1){
          
$isValid $b->validateaddress($act['forward_to']);
          if(
$isValid['isvalid'] != 1){
              
$invBTC makeSQLSafe($act['forward_to']);
              
mysql_query("INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'".date("Y-m-d H:i:s")."','ERROR Invalid address to forward your deposits to :: $invBTC. Amount remains in your account!')");
          }elseif(
$isValid['ismine'] == 1){
              
//It's forward to a local address, so we just move the balance
              
$recAct explode("_",$isValid['account']);
              
              if(!
is_array($recAct) || sizeof($recAct) != 3){
                
mysql_query("INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'".date("Y-m-d H:i:s")."','ERROR Invalid account to forward your deposits to - local account is not an user account :: $invBTC. Amount remains in your account!')");    
              }else{
                
$sql "SELECT * FROM accounts WHERE uid = {$recAct[1]} AND account_id = {$recAct[2]}";
                
$q mysql_query($sql);
                if(!
mysql_num_rows($q)){
                    
mysql_query("INSERT INTO messages(`uid`,`dtime`,`message`) VALUES({$acc[1]},'".date("Y-m-d H:i:s")."','ERROR Invalid account to forward your deposits to - local account not found :: $invBTC. Amount remains in your account!')");                            
                }else{
                    
$receiver mysql_fetch_assoc($q);  
                    
$nextBal $newBal $a;    
                    
mysql_query("INSERT INTO movements(`account_id`,`dtime`,`description`,`amount`,`credit`,`balance`) VALUES({$act['id']},'".date("Y-m-d H:i:s")."','Forward to {$act['forward_to']}',$a,0,$nextBal)");
                    
mysql_query("UPDATE accounts SET balance = balance - $a WHERE id = {$act['id']}"); 
                    
//A small issue; re-forwarded accounts will not forward to prevent loop attacks.
                    
                    
                    
                
}
              }
          }
         
// $nextBal = $newBal - $a;
         // $b->sendfrom();
      
}
  }
?>

smoothie
Legendary
*
Offline Offline

Activity: 1848


LEALANA Monero Physical Silver Coins


View Profile
July 15, 2011, 05:46:19 PM
 #16

Will it be usable to mine namecoins too?  Shocked

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.        SMOOTHIE'S HEALTH AND FITNESS JOURNAL          History of Monero development Visualization ★☆ .
LEALANA  PHYSICAL MONERO COINS 999 FINE SILVER.
 
brandon@sourcewerks
Member
**
Offline Offline

Activity: 62



View Profile
July 15, 2011, 07:48:05 PM
 #17

This salt method of storing passwords would still leave you open to the same type attack MtGox had.  If the attack is based on getting a copy of the database, every account in database is at risk with current code.

Best option is two-factor auth. (ubikey, RSA key)
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 15, 2011, 08:13:21 PM
 #18

@btcash,

The project is open source, when I release it you're welcome to implement whatever procedure to store passwords you want.

@smoothie

This isn't usable to mine anything, it's a storage frontend, not a mining one. Can be used, with some changes, to store namecoins also.
naturallaw
Jr. Member
*
Offline Offline

Activity: 56


View Profile
July 15, 2011, 10:58:30 PM
 #19

PDO requires PDO and PECL, that's already alone dirtiest than dirt can be.  Wink

PHP 5.1.0 and newer comes with PDO already.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 15, 2011, 11:53:05 PM
 #20

@AnnihilaT I keep saying the most important feature of password security is you to *know* your db was compromised, encryption will only make you gain some time to do something about... but they don't believe it.

Now... while waiting another deposit to get 6 blocks, to test deposit forwarding, here're some screens of what has been made so far:








Database "config" table look:



Roadmap to PreAlpha: Withdraw functions - once done I'll pre-release it by my website. Alpha will be at SourceForge or GitHUB
Pages: [1] 2 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!