OpenEx: Progress Report - 95% launching this week

[gorgorom]

so you're from mexico, have 12 posts, and your email address is crt.ferguson@gmail, a caucasian last name, and you would like to work on the exchange. what could possibly go wrong? 

Plus one this

[1714843712]

1714843712

[1714843712]

1714843712

[1714843712]

1714843712

[1714843712]

1714843712

[1714843712]

1714843712

[ahmed_bodi]

hurry up with openex!

[r3wt]

We're moving into the home stretch people!  

Updates:

jquery ui and page transition animations are functional look nice!

rebuilt admin interface.

built debug mode navigation system.

trade engine has been tested and works great.

wallet system works as expected as well.


Now for an insight into our work log

To Do:
1. Withdrawals
priority: extremely high
-withdrawal requests are sent into a queue for admin approval.
-once admin approval occurs, withdraw is processed.
**ive built a template for you: pages/withdraw.php


2.password reset page
priority: high
-users need a way to reset passwords
-add mysql and functions.
**ive built a template for you: pages/reset.php


3.API
priority: low
-priority on this is : low
**template pages/api.php

4.access_denied.php
priority: high
-add mysql to gather information about the user(ive documented it for you nicely so this should be a 5 minute job tops).
-add logic to increment number of times a user has seen this page.
-add table `access violations` row(s) `username` `ip` `count` <-number of violations.
**template access_denied.php
**when you finish this, i will build a page for us to track this table and add it to the admin pages.

5.json
priority: high
-fix this so that our withdraw/deposit functions work.
-ensure the security of this.
-investigate if this is compatible with rpcssl flag of clients(i think it is as the traffic should be automatically encrypted/decrypted by the server.

6.create function to prevent Sitebanned users from logging in.
priority: medium
-add a row for this to database.

7.Add option to pages/admin.php to click and ban users(both chatban and siteban).
priority: medium

8.Chat
priority: low

[r3wt]

bump

[r3wt]

Beta version of the chat has been completed! woo! that was kind of exhausting but i learned to use ajax, so on the plus side, i now can make the trade page dynamic.

we still have a ways to go but things are looking nice.

[r3wt]

Updated Work Log.

1. Withdrawals
priority: extremely high
-withdrawal requests are sent into a queue for admin approval.
-once admin approval occurs, withdraw is processed.
**ive built a template for you: pages/withdraw.php


2.password reset page
priority: high
-users need a way to reset passwords
-add mysql and functions.
**ive built a template for you: pages/reset.php


3.API
priority: low
-priority on this is : low
**template pages/api.php

5.json
priority: high
-fix this so that our withdraw/deposit functions work.
-ensure the security of this.
-investigate if this is compatible with rpcssl flag of clients(i think it is as the traffic should be automatically encrypted/decrypted by the server.

6.create function to prevent Sitebanned users from logging in.
priority: medium
-add a row for this to database.

7.Add option to pages/admin.php to click and ban users(both chatban and siteban).
priority: medium

8.Chat
--check input with jquery
--sanitize mysqli
priority: mediumDone!

9. XSS formkeys
--ive created the class and functions. you can find it in funcs.general.php
--just need to add them to forms and then validate them in each script.
--this should eliminate session jacking/cross site scripting hacks.
priority: low

10.Fee shares.
--ability to track fee shares in account page.
--automate fee shares.
priority: low
comment: we can work on this after the site launches.

[unfocus]

Updated Work Log.

1. Withdrawals
priority: extremely high
-withdrawal requests are sent into a queue for admin approval.
-once admin approval occurs, withdraw is processed.
**ive built a template for you: pages/withdraw.php

I don't know why withdrawal can't be automated. Why would it need any approval??

[r3wt]

Updated Work Log.

1. Withdrawals
priority: extremely high
-withdrawal requests are sent into a queue for admin approval.
-once admin approval occurs, withdraw is processed.
**ive built a template for you: pages/withdraw.php

I don't know why withdrawal can't be automated. Why would it need any approval??

security measure just in case an exploit occurs, wallets go offline automatically while database is rolledback. if attacker exploits db somehow he won't be able to withdraw unless he can bruteforce the rpcssl connection, which is unlikely. whereas, with automated withdrawal attacker could squeeze the funds out before we'd know what hit us. this is why we are hiring so much staff.

[bob131313]

How about posting some bug bounties. Peeking at the github, this would be fun once it goes live.

Maybe bounties ranging from 0.1 btc to 1 btc. 

Hate for you to go live with this one a shiny new server that winds up with a shell the first day.

[r3wt]

How about posting some bug bounties. Peeking at the github, this would be fun once it goes live.

Maybe bounties ranging from 0.1 btc to 1 btc.  

Hate for you to go live with this one a shiny new server that winds up with a shell the first day.

the github is pretty far behind the current version of the site. we're pretty confident in the live version. we're looing for two penetration/bug/vuln tester for the site. this is a paid staff position. the previous guy we had lined up has went AWOL.

see the first post here https://bitcointalk.org/index.php?topic=344084.msg3686527#msg3686527

[cryptohunter]

this is quite awesome

[r3wt]

Alot has changed in the past few days.

Tasks now complete:

Chat backend.
-Banned users now may not post.( a message is shown: " system: <user> has been banned from chat."
-moderators are orange, admins are blue, and users are black.

Mod class:
-created the mod users and isUserMod() function.
-moderators may hand down chat bans from the mod screen.

Chatbanned class
-chatbanned user class
-isUserCBanned() function;

Access Denied:
-timestamps are logged along with ip, user account, and browser string. i'll give you a peak at the code this is a very complex script.

Code:

require_once("models/config.php");
$account = $loggedInUser->display_username;
if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE) {
			$u_agent = mysql_real_escape_string("Internet Explorer");
		}
		elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome') !== FALSE) {
			$u_agent = mysql_real_escape_string("Google Chrome");
		}
		elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Opera Mini') !== FALSE) {
			$u_agent = mysql_real_escape_string("Opera Mini");
		}
		elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) {
			$u_agent = mysql_real_escape_string("Opera");
		}
		elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox/25.0') == TRUE) {
			$u_agent = mysql_real_escape_string("Mozilla Firefox");
		}
		elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Safari') !== FALSE) {
			$u_agent = mysql_real_escape_string("Safari");
		}
		else { 
			$u_agent = mysql_real_escape_string("Unknown");
		}	
$ip = mysql_real_escape_string(getIP()); //get user ip
//show the access denied message no matter what
echo "<style>html { width:100%; height:100%; background:url(assets/img/access_denied.gif) center center no-repeat; background-color: #00000 !important;}</style>"; 

//check if user is logged in
if(isUserLoggedIn) {
	//get user info's
	if ($account != null) {
		$account = $loggedInUser->display_username;
	}
	else {
		$account = mysql_real_escape_string("Guest/Not Logged In");
	}
	}
//log with mysql
	$date = date("F j, Y, g:i a");
	$sql = @mysql_query("INSERT INTO access_violations (username, ip, user_agent, time) VALUES ('$account', '$ip', '$u_agent', '$date');");

//--support system--//
last night, i spent time pouring through viewticket.php, the threaded view of a support ticket and all responses. i refactored the code and built a new css layout thats very user friendly and pleasant to look at now. i think you will like it. next i will reflect the changes in new ticket, just so that the theme is nice and consistent within the support system.


I'll try and update everyone a bit later on the updated work log.

Right now, i'm working on:

-mod functions to ban, and adding a table to show who the user was banned by, so mods will be able to see who is banned at anygiven time as well as who the ban was given by.

Next I'll be working on:
-converting the entire site to mysqli OOP prepared statements for maintainability and peace of mind.

Other participants:
-Don't know what justin's working on. he's supposed to be helping with sql and such but i find he's doing less and less contributing and more and more talking, which is never good, this is a business, and freeloading is not tolerated, talented programmer or not. last i heard he was going to build a permission system in order to make our functions more flexible and changeable at anytime.

-Ivan Peter. I have outsourced some jquery animations for the index, animation and scrolling functions of the chat, and ajax for the trade page to this guy. We'll see what happens with it.

[wtman]

Pretty good going so far. Can you tell me who among the staff are actual coders?

Would you be willing to take any suggestions privately via chat?

Good luck!

[r3wt]

Pretty good going so far. Can you tell me who among the staff are actual coders?

Would you be willing to take any suggestions privately via chat?

Good luck!

justin and i do all of the coding. and yes, i know we need to stop concatenating strings together and switch to PDO. this is like the roughdraft.

[r3wt]

the exchange is 95% complete!

new features:

view server load.

view all servers.

ping servers, restart servers, restart coin clients.

user agreement added to registration page.

index.php trimmed of fat, all procedural code converted into functions and moved to funcs.general.php

change passwords.

send activation emails.

reset passwords by mail.

jquery loading animations complete(update spinner, slide up slide down)

chat scrolling animations fixed. works great now.

json wallet class complete and ready for beta testing.

withdrawal page completed with password confirmation. justin is working on email confirmations.

sitebanning. sitebanned users may no longer log in

lowered fee's: trade fee is .5%, withdrawal fee .1%

Tasks remaining:

click to ban users from mod page

Ajax handling of trade page, so tables are updated in real time.

order stacking(order, combine)

comprehensive vulnerability testing

beta test rpc

beta test trade engine(again)

MISC low priority tasks(either before or after launch depends on how much time we have.

API

General site improvements

Responsive layout.

[muddafudda]

Considering the team consists of two devs which coins have failed what reassurance when shit for wrong that the team will not bail on their responsibilities like they did with their alts?

[r3wt]

I started building a new gui this morning for launch. i was supposed to be taking a break for thanksgiving, but i just couldn't help myself. i ended up doing something no one has ever accomplished before, utilizing jquery to style the viewport with css3 animations. i think you're gonna like it, it looks pretty sick. think windows metro 8 start screen ;P

[muddafudda]

Withdrawals are not automated because no one knows how

[r3wt]

Withdrawals are not automated because no one knows how

you're so right muddafudda. we built a trade engine that handles 900,000 queries per second and we can't figure out for the life of us how to handle withdrawals with jsonRPCphp...

Code:

<?php
...
$id = mysql_real_escape_string($_GET["id"]);

$sql = mysql_query("SELECT * FROM Wallets WHERE `id`='$id'");

$coin = mysql_result($sql,0,"Acronymn");

$ip = mysql_result($sql,0,"ip");

$port = mysql_result($sql,0,"port");

$bitcoin = establishRPCConnection($ip,$port);
$bitcoin->sendfromaccount($loggedInUser->display_username);

?>

[muddafudda]

Did someone say mcx now?