gorgorom
Full Member
Offline
Activity: 238
Merit: 100
Inject Its Venom Into Your Veins
|
|
November 18, 2013, 01:29:58 PM |
|
so you're from mexico, have 12 posts, and your email address is crt.ferguson@gmail, a caucasian last name, and you would like to work on the exchange. what could possibly go wrong? Plus one this
|
|
|
|
|
|
|
|
|
Bitcoin addresses contain a checksum, so it is very unlikely that mistyping an address will cause you to lose money.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
ahmed_bodi
|
|
November 18, 2013, 02:45:43 PM |
|
hurry up with openex!
|
Bitrated user: ahmedbodi.
|
|
|
r3wt (OP)
|
|
November 20, 2013, 06:03:25 AM |
|
We're moving into the home stretch people! Updates:jquery ui and page transition animations are functional look nice! rebuilt admin interface. built debug mode navigation system. trade engine has been tested and works great. wallet system works as expected as well. Now for an insight into our work log To Do: 1. Withdrawals priority: extremely high -withdrawal requests are sent into a queue for admin approval. -once admin approval occurs, withdraw is processed. **ive built a template for you: pages/withdraw.php
2.password reset page priority: high -users need a way to reset passwords -add mysql and functions. **ive built a template for you: pages/reset.php
3.API priority: low -priority on this is : low **template pages/api.php
4.access_denied.php priority: high -add mysql to gather information about the user(ive documented it for you nicely so this should be a 5 minute job tops). -add logic to increment number of times a user has seen this page. -add table `access violations` row(s) `username` `ip` `count` <-number of violations. **template access_denied.php **when you finish this, i will build a page for us to track this table and add it to the admin pages.
5.json priority: high -fix this so that our withdraw/deposit functions work. -ensure the security of this. -investigate if this is compatible with rpcssl flag of clients(i think it is as the traffic should be automatically encrypted/decrypted by the server.
6.create function to prevent Sitebanned users from logging in. priority: medium -add a row for this to database.
7.Add option to pages/admin.php to click and ban users(both chatban and siteban). priority: medium
8.Chat priority: low
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
r3wt (OP)
|
|
November 20, 2013, 03:41:52 PM |
|
bump
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
r3wt (OP)
|
|
November 21, 2013, 01:22:58 PM |
|
Beta version of the chat has been completed! woo! that was kind of exhausting but i learned to use ajax, so on the plus side, i now can make the trade page dynamic.
we still have a ways to go but things are looking nice.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
r3wt (OP)
|
|
November 23, 2013, 03:36:55 PM Last edit: November 24, 2013, 01:40:52 AM by r3wt |
|
Updated Work Log.
1. Withdrawals priority: extremely high -withdrawal requests are sent into a queue for admin approval. -once admin approval occurs, withdraw is processed. **ive built a template for you: pages/withdraw.php
2.password reset page priority: high -users need a way to reset passwords -add mysql and functions. **ive built a template for you: pages/reset.php
3.API priority: low -priority on this is : low **template pages/api.php
5.json priority: high -fix this so that our withdraw/deposit functions work. -ensure the security of this. -investigate if this is compatible with rpcssl flag of clients(i think it is as the traffic should be automatically encrypted/decrypted by the server.
6.create function to prevent Sitebanned users from logging in. priority: medium -add a row for this to database.
7.Add option to pages/admin.php to click and ban users(both chatban and siteban). priority: medium
8.Chat --check input with jquery --sanitize mysqli priority: mediumDone!
9. XSS formkeys --ive created the class and functions. you can find it in funcs.general.php --just need to add them to forms and then validate them in each script. --this should eliminate session jacking/cross site scripting hacks. priority: low
10.Fee shares. --ability to track fee shares in account page. --automate fee shares. priority: low comment: we can work on this after the site launches.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
unfocus
|
|
November 24, 2013, 04:31:27 AM |
|
Updated Work Log.
1. Withdrawals priority: extremely high -withdrawal requests are sent into a queue for admin approval. -once admin approval occurs, withdraw is processed. **ive built a template for you: pages/withdraw.php
I don't know why withdrawal can't be automated. Why would it need any approval??
|
|
|
|
r3wt (OP)
|
|
November 24, 2013, 04:55:58 AM |
|
Updated Work Log.
1. Withdrawals priority: extremely high -withdrawal requests are sent into a queue for admin approval. -once admin approval occurs, withdraw is processed. **ive built a template for you: pages/withdraw.php
I don't know why withdrawal can't be automated. Why would it need any approval?? security measure just in case an exploit occurs, wallets go offline automatically while database is rolledback. if attacker exploits db somehow he won't be able to withdraw unless he can bruteforce the rpcssl connection, which is unlikely. whereas, with automated withdrawal attacker could squeeze the funds out before we'd know what hit us. this is why we are hiring so much staff.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
bob131313
|
|
November 25, 2013, 12:05:08 AM |
|
How about posting some bug bounties. Peeking at the github, this would be fun once it goes live.
Maybe bounties ranging from 0.1 btc to 1 btc.
Hate for you to go live with this one a shiny new server that winds up with a shell the first day.
|
|
|
|
r3wt (OP)
|
|
November 25, 2013, 12:14:31 AM |
|
How about posting some bug bounties. Peeking at the github, this would be fun once it goes live.
Maybe bounties ranging from 0.1 btc to 1 btc.
Hate for you to go live with this one a shiny new server that winds up with a shell the first day.
the github is pretty far behind the current version of the site. we're pretty confident in the live version. we're looing for two penetration/bug/vuln tester for the site. this is a paid staff position. the previous guy we had lined up has went AWOL. see the first post here https://bitcointalk.org/index.php?topic=344084.msg3686527#msg3686527
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
cryptohunter
Legendary
Offline
Activity: 2100
Merit: 1167
MY RED TRUST LEFT BY SCUMBAGS - READ MY SIG
|
|
November 25, 2013, 12:33:09 AM |
|
this is quite awesome
|
|
|
|
r3wt (OP)
|
|
November 26, 2013, 08:44:21 AM |
|
Alot has changed in the past few days. Tasks now complete: Chat backend. -Banned users now may not post.( a message is shown: " system: <user> has been banned from chat." -moderators are orange, admins are blue, and users are black. Mod class: -created the mod users and isUserMod() function. -moderators may hand down chat bans from the mod screen. Chatbanned class -chatbanned user class -isUserCBanned() function; Access Denied: -timestamps are logged along with ip, user account, and browser string. i'll give you a peak at the code this is a very complex script. require_once("models/config.php"); $account = $loggedInUser->display_username; if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE) { $u_agent = mysql_real_escape_string("Internet Explorer"); } elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome') !== FALSE) { $u_agent = mysql_real_escape_string("Google Chrome"); } elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Opera Mini') !== FALSE) { $u_agent = mysql_real_escape_string("Opera Mini"); } elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) { $u_agent = mysql_real_escape_string("Opera"); } elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox/25.0') == TRUE) { $u_agent = mysql_real_escape_string("Mozilla Firefox"); } elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'Safari') !== FALSE) { $u_agent = mysql_real_escape_string("Safari"); } else { $u_agent = mysql_real_escape_string("Unknown"); } $ip = mysql_real_escape_string(getIP()); //get user ip //show the access denied message no matter what echo "<style>html { width:100%; height:100%; background:url(assets/img/access_denied.gif) center center no-repeat; background-color: #00000 !important;}</style>";
//check if user is logged in if(isUserLoggedIn) { //get user info's if ($account != null) { $account = $loggedInUser->display_username; } else { $account = mysql_real_escape_string("Guest/Not Logged In"); } } //log with mysql $date = date("F j, Y, g:i a"); $sql = @mysql_query("INSERT INTO access_violations (username, ip, user_agent, time) VALUES ('$account', '$ip', '$u_agent', '$date');");
//--support system--// last night, i spent time pouring through viewticket.php, the threaded view of a support ticket and all responses. i refactored the code and built a new css layout thats very user friendly and pleasant to look at now. i think you will like it. next i will reflect the changes in new ticket, just so that the theme is nice and consistent within the support system. I'll try and update everyone a bit later on the updated work log. Right now, i'm working on: -mod functions to ban, and adding a table to show who the user was banned by, so mods will be able to see who is banned at anygiven time as well as who the ban was given by. Next I'll be working on: -converting the entire site to mysqli OOP prepared statements for maintainability and peace of mind. Other participants: -Don't know what justin's working on. he's supposed to be helping with sql and such but i find he's doing less and less contributing and more and more talking, which is never good, this is a business, and freeloading is not tolerated, talented programmer or not. last i heard he was going to build a permission system in order to make our functions more flexible and changeable at anytime. -Ivan Peter. I have outsourced some jquery animations for the index, animation and scrolling functions of the chat, and ajax for the trade page to this guy. We'll see what happens with it.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
wtman
Legendary
Offline
Activity: 1030
Merit: 1000
|
|
November 26, 2013, 10:16:29 PM |
|
Pretty good going so far. Can you tell me who among the staff are actual coders? Would you be willing to take any suggestions privately via chat? Good luck!
|
|
|
|
r3wt (OP)
|
|
November 26, 2013, 10:21:54 PM |
|
Pretty good going so far. Can you tell me who among the staff are actual coders? Would you be willing to take any suggestions privately via chat? Good luck! justin and i do all of the coding. and yes, i know we need to stop concatenating strings together and switch to PDO. this is like the roughdraft.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
r3wt (OP)
|
|
November 27, 2013, 08:24:50 AM |
|
the exchange is 95% complete!
new features:
view server load.
view all servers.
ping servers, restart servers, restart coin clients.
user agreement added to registration page.
index.php trimmed of fat, all procedural code converted into functions and moved to funcs.general.php
change passwords.
send activation emails.
reset passwords by mail.
jquery loading animations complete(update spinner, slide up slide down)
chat scrolling animations fixed. works great now.
json wallet class complete and ready for beta testing.
withdrawal page completed with password confirmation. justin is working on email confirmations.
sitebanning. sitebanned users may no longer log in
lowered fee's: trade fee is .5%, withdrawal fee .1%
Tasks remaining:
click to ban users from mod page
Ajax handling of trade page, so tables are updated in real time.
order stacking(order, combine)
comprehensive vulnerability testing
beta test rpc
beta test trade engine(again)
MISC low priority tasks(either before or after launch depends on how much time we have.
API
General site improvements
Responsive layout.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
muddafudda
Legendary
Offline
Activity: 1008
Merit: 1022
|
|
November 27, 2013, 11:11:57 AM |
|
Considering the team consists of two devs which coins have failed what reassurance when shit for wrong that the team will not bail on their responsibilities like they did with their alts?
|
|
|
|
r3wt (OP)
|
|
November 29, 2013, 03:26:27 AM |
|
I started building a new gui this morning for launch. i was supposed to be taking a break for thanksgiving, but i just couldn't help myself. i ended up doing something no one has ever accomplished before, utilizing jquery to style the viewport with css3 animations. i think you're gonna like it, it looks pretty sick. think windows metro 8 start screen ;P
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
muddafudda
Legendary
Offline
Activity: 1008
Merit: 1022
|
|
November 29, 2013, 03:37:55 AM |
|
Withdrawals are not automated because no one knows how
|
|
|
|
r3wt (OP)
|
|
November 29, 2013, 03:52:29 AM |
|
Withdrawals are not automated because no one knows how
you're so right muddafudda. we built a trade engine that handles 900,000 queries per second and we can't figure out for the life of us how to handle withdrawals with jsonRPCphp... <?php ... $id = mysql_real_escape_string($_GET["id"]);
$sql = mysql_query("SELECT * FROM Wallets WHERE `id`='$id'");
$coin = mysql_result($sql,0,"Acronymn");
$ip = mysql_result($sql,0,"ip");
$port = mysql_result($sql,0,"port");
$bitcoin = establishRPCConnection($ip,$port); $bitcoin->sendfromaccount($loggedInUser->display_username);
?>
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
muddafudda
Legendary
Offline
Activity: 1008
Merit: 1022
|
|
November 29, 2013, 04:52:25 AM |
|
Did someone say mcx now?
|
|
|
|
|