paraipan
In memoriam
Legendary
 Offline
Activity: 924
Merit: 1004
Firstbits: 1pirata
|
 |
November 10, 2011, 12:45:29 AM |
|
hey moki thanks for getting the spam issue sorted out, have another one for you though you have this on the "buy credit" page... 1. Enter the bitcoin address you will be sending coins from and press submit: umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount |
BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
|
|
|
|
mokimarket (OP)
|
|
November 10, 2011, 12:52:24 AM |
|
hey moki thanks for getting the spam issue sorted out, have another one for you though you have this on the "buy credit" page... 1. Enter the bitcoin address you will be sending coins from and press submit: umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount Hmmm..I thought that it sent payment from this address listed on the client: Your bitcoin address: 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF I guess I was wrong. Payments can still be processed, but I will change it so that it says enter the amount of coins that will be sent instead. Thanks for pointing that out. |
|
|
|
|
|
mokimarket (OP)
|
|
November 10, 2011, 12:53:49 AM |
|
hey moki thanks for getting the spam issue sorted out, have another one for you though you have this on the "buy credit" page... 1. Enter the bitcoin address you will be sending coins from and press submit: umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount Hmmm..I thought that it sent payment from this address listed on the client: Your bitcoin address: 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF I guess I was wrong. Payments can still be processed, but I will change it so that it says enter the amount of coins that will be sent instead. Thanks for pointing that out. So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"? |
|
|
|
|
Azrael_PT
Full Member
Offline
Activity: 190
Merit: 100
Par Pari Refertur
|
|
November 10, 2011, 12:53:53 AM |
|
Please Enter Right Coupn Code   |
Donations: 16WPtSGFtj7wH2TxQi5tZfdxtAG84zPVwD CEX.IO |
|
|
|
mokimarket (OP)
|
|
November 10, 2011, 12:57:25 AM |
|
Please Enter Right Coupn Code Only 10 slots were available for coupon code...sorry. I will be doing another one soon though, so check back. |
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
November 10, 2011, 01:09:23 AM |
|
bwagner
please use 1Kuktw1ebnL3ySLx3AJK5kEA3xbkibH535
Payment sent! I believe you were lucky number 10 Whew! Just made the cut. Got the payment. Thanks! |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
BTCurious
|
|
November 10, 2011, 01:12:41 AM |
|
I got the coupon code, but haven't bid yet -- the auction ending in one hour is of no interest to me. I'll bid later, when the more interesting auctions are nearer.
In any case:
username: BTCurious
Address: 1NaNoBitU2q8czqE2y5rEQPj4qcW6K3mFp
|
|
|
|
paraipan
In memoriam
Legendary
Offline
Activity: 924
Merit: 1004
Firstbits: 1pirata
|
|
November 10, 2011, 01:12:47 AM |
|
hey moki thanks for getting the spam issue sorted out, have another one for you though you have this on the "buy credit" page... 1. Enter the bitcoin address you will be sending coins from and press submit: umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount Hmmm..I thought that it sent payment from this address listed on the client: Your bitcoin address: 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF I guess I was wrong. Payments can still be processed, but I will change it so that it says enter the amount of coins that will be sent instead. Thanks for pointing that out. So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"? i don't get you very well, in the standard client you can't possibly know what addresses will be used to send a payment before hitting the pay button. Example transactions that have multiple inputs and one output, destination address. You enter destination address and the software combines various inputs to make the sum of bitcoins. Knowing from what address the bitcoins will come it's quite impossible, really  |
BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
November 10, 2011, 01:13:48 AM
Last edit: November 10, 2011, 02:28:51 AM by bwagner |
|
hey moki thanks for getting the spam issue sorted out, have another one for you though you have this on the "buy credit" page... 1. Enter the bitcoin address you will be sending coins from and press submit: umm, how am i supposed to know from what address i will be sending the coins ? clients selects automatically one or more input addresses to sum the total amount I find this very confusing also. No one ever asks the address the Bitcoins are coming FROM. In fact the average user of the standard Bitcoin client has no idea what account the Bitcoins are coming FROM - and really no control as to what address they will come from. I happen to have created my own vanity key pairs using vanitygen and imported them into a StrongCoin account where I can have total control of the from address - but that is not the usual case. You should really not ask for this information. Also I have no idea how many coins to send you in order to buy $1.00 worth of credits. Your site should calculate this for me and then give me an address and an amount to send. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
November 10, 2011, 01:26:23 AM
Last edit: November 10, 2011, 02:02:28 AM by bwagner |
|
So I guess I am waiting to hear from you as to how many BTC you expect me to send in order to get $1.00 worth of credits?
I think it may be simpler to have the following on the credit sale page when buying using BTC:
1) how many credits to you want? (have a numeric entry box here)
2) I enter 100 and submit
3) next/response page: That will cost you 0.33783783 BTC, please send payment to 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF
BUT to easily track your incomming payments you should probably generate a new address for each order instead of using 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF for every order
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
November 10, 2011, 01:48:24 AM |
|
OK, I finally read the fine print: Example: One bitcoin payment is submited at 1:00pm when MtGox is trading at $3, worth 300 credits. If payment is processed at 1:30pm and MtGox is trading at $3.20, your account will receive 320 credits; if payment is processed at 2:30pm and MtGox is trading at $2.90 your account will receive 290 credits.”
So I will send you 1 BTC and see what happens. I think with some work this could be a very fun site. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
mokimarket (OP)
|
|
November 10, 2011, 01:51:47 AM |
|
I got the coupon code, but haven't bid yet -- the auction ending in one hour is of no interest to me. I'll bid later, when the more interesting auctions are nearer.
In any case:
username: BTCurious
Address: 1NaNoBitU2q8czqE2y5rEQPj4qcW6K3mFp
Payment sent! |
|
|
|
|
|
mokimarket (OP)
|
|
November 10, 2011, 01:55:56 AM |
|
So I guess I am waiting to hear from you as to how many BTC you expect me to send in order to get $1.00 worth of credits?
I think it may be simpler to have the following on the credit sale page when buying using BTC:
1) how many credits to you want? (have a numeric entry box here)
2) I enter 100 and submit
3) next/response page: That will cost you 0.33783783 BTC, please send payment to 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF
That's a good idea. See this is why I need the bitcoin community to help me out with these issues. I'm just trying to create what I think would be a really cool service and am open to any help i can get! |
|
|
|
|
|
mokimarket (OP)
|
|
November 10, 2011, 02:11:08 AM |
|
OK, I finally read the fine print: Example: One bitcoin payment is submited at 1:00pm when MtGox is trading at $3, worth 300 credits. If payment is processed at 1:30pm and MtGox is trading at $3.20, your account will receive 320 credits; if payment is processed at 2:30pm and MtGox is trading at $2.90 your account will receive 290 credits.”
So I will send you 1 BTC and see what happens. I think with some work this could be a very fun site. I just processed your payment, sorry for the confusion. I will fix this issue to make it more user friendly. |
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
November 10, 2011, 02:15:46 AM
Last edit: November 10, 2011, 02:25:49 AM by bwagner |
|
I am glad to help in any way I can. I love to see businesses join the Bitcoin community. I see why you want the "from" address - so you can see who sent the BTC so you can credit their account. The way this is usually done is to generate a new TO address for each order, then when you get the BTC you know who it was from since you see where they sent it to. If you look at the standard client - at least the version I am using - and click on a transaction the from field is often (always?) blank. So if you have everyone send BTC to your single address of 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF then it is a pain to figure out who sent it (look in the block explorer and look at all the transaction to 14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF), like this: http://blockexplorer.com/address/14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLFIf you do that you will notice that I sent you 1 BTC. You know this because I am in the minority in that I can send from a known vanity address of http://firstbits.com/1burtw. Most payments from most users will appear to just come from random addresses, many times from multiple addresses for a single transaction. So it would be best if your site just generated a different payment address every time someone sends you coins, then when you get coins at that address you know you can credit that person's account with the proper number of credits. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
November 10, 2011, 02:39:32 AM |
|
So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"?
My fiinal post on this point, I hope I am being helpful and educational here - that is my intent. Just as an example the 0.10 BTC you sent to me can be seen here: http://blockexplorer.com/address/1Kuktw1ebnL3ySLx3AJK5kEA3xbkibH535Notice they were sent from and address you probably didn't even know you had  |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
mokimarket (OP)
|
|
November 10, 2011, 02:56:48 AM |
|
So the coins I sent dont say: received from: "14ofhkLgaUzY1z2Zg7jM5Q4BTm1vszpBLF"?
My fiinal post on this point, I hope I am being helpful and educational here - that is my intent. Just as an example the 0.10 BTC you sent to me can be seen here: http://blockexplorer.com/address/1Kuktw1ebnL3ySLx3AJK5kEA3xbkibH535Notice they were sent from and address you probably didn't even know you had Thanks for your help. I think I will take your idea and make process something like this: 1. Enter the number of credits you wish to purchase and press submit: [#number of credits] 2. Send [# number of credits submitted]/[100*(Mt Gox buy price at the time they press submit)] bitcoins to the following address [MokiMarket bitcoin address] What do you think of that? |
|
|
|
|
btc_artist
Full Member
Offline
Activity: 154
Merit: 102
Bitcoin!
|
|
November 10, 2011, 03:47:25 PM
Last edit: November 10, 2011, 08:12:04 PM by btc_novice |
|
Please, please, please, please, please, please, please, please, please, please, please, please, please, please do not store passwords as plain text. It is a huge breach of user trust. You should immediately change it to store passwords as a salted hash. If you don't know how to do this, ask me and I will give you details. As a start, you can read this: http://codahale.com/how-to-safely-store-a-password/Like bwagner, I hope I am being helpful and educational with this, as that is my intent. Passwords being stored as plain text really is a Big Deal. I love to see new Bitcoin-related business start up, and I am all for them. But when a website is negligent in terms of security issues, I cringe. For minimum levels of security do this: 1. When user registers, generate a random salt for the user (say 20 random characters) 2. Take the user's password and hash it with the salt in a loop (pseudocode): salt = "9sOqlp09Juy336Fvz,)jk@kxccq1>Mf"; // different for every user
password = "blahblah";
hash = password;
for (i = 0; i < 10000; ++i)
{
hash = sha256(sha256(hash) + salt);
}
3. Save hash and salt in your users table. When a user logs in, run the password through the same process as above (using the salt stored for that user), and if the resultant hash is the same as the one stored in the database for that user, log them in. EDIT: OP had PMed me before I wrote this, bit I didn't see the PM. Oops. Replied to PM as well. |
BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
|
|
|
|
Retired
|
|
November 11, 2011, 07:30:29 PM |
|
Also, make sure the salt is included in both of the hash calculations. That will make the process safer. If you do not include a salt, and just hash the password several times, you won't be making it harder, but easier, for an attacker to get the password. And make sure the hash includes special characters, not just alphanumeric ones. Just my 2 cents  |
|
|
|
|
|
