I am trying to develop a php web application (a game, and not a gambling site) where users can make in-game purchases. Now if I am understanding it right, The architecture (using bitcoind and Json-rpc api) should be:
1. When a new user registers - generate a new address for the new user: $bitcoin->getnewaddress("username");
2. Store that wallet address for later use in my DB.
3. Display that address and let a user send bitcoins to that address.
3. Check the balance of that address using the $bitcoin->getbalance($username,0) for unonfirmed balance and getbalance($username,6) confirmed balance.
4. Now I can let the user buy my in-game items and use $bitcoin->move($useraddress, $myaddress, $amount) to debit his account and give him the stuff he needs.
Questions:
1. Does this sound about right? Or am I completely off here!
2. How long does it take for the unconfirmed balance to show up? [$bitcoin->getbalance($username,0)]
3. $bitcoin->move($useraddress, $myaddress, $amount) is a change of bitcoins between addresses within my wallet, so this should be offchain and instantaneous, right?
4. How can some gambling dice sites like coinroll.it (
https://bitcointalk.org/index.php?topic=191176.0) accept unconfirmed transactions and lets people play instantly? are they just taking the risk or there is something that I am not aware of.
5. How can I test out my bitcoind/php application with testnet? Anyone has any experience of this?
6. Suggestions on Security are welcome...
I am going to make parts of my code open source when I figure this shit out.
