whitewhidow (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
December 03, 2014, 08:26:39 PM Last edit: December 03, 2014, 08:46:18 PM by whitewhidow |
|
im not in the office anymore. so in short:
betting at 0 or 100% has been fixed. but not yet deployed
the typos and dutch words will be fixed this evening.
same with the redirect.
same with the email
ill also put an inputmask on the amount input. only allowing correct input.
in the mean time heres a question:
how much would an average user consider a "big enough" signup bonus to convince them to give it a go, where they would just bounce if there was no bonus/small bonus ?
thx again amd keep em coming guys, ill update here when the next version is deployed. hopefully this evening
edit: when i get to implementing the withdrawals. i will actually have a few people from here (like 5) make real withdrawals to test the system. so keep an eye out ..
using btc i will donate to your account obviously
I think a decent amount would be dependent on your funding; there are some sites that offer .0001 - .01 BTC for signing up during the promotional period. Another possibility for the site could be a combination of a faucet, which again is up to you; upon logging in, people could get 500 satoshi, each time once a day or something. It seems like it'd be somewhat easy to abuse the system if the signup bonus is too big though, as there are people with multiple wallets, myself included Hmm, i like the idea of combining the site with a faucet, but should i do it like prime does, allow the user the use tha faucet, every x amount of minutes, IF their balance is at zero.. Or maybe even indeed, give them a bonus, once per day, on the first login of the day, each user, even WITHOUT their balance beeing zero .. or base the amount of daily bonus given, on the total amount wagered by the user so far, something like that ? Thx
|
TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN, FCK OFF PLEASE - The REAL WHITEWHIDOW
|
|
|
whitewhidow (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
December 03, 2014, 08:45:40 PM Last edit: December 03, 2014, 10:33:59 PM by whitewhidow |
|
I'm willing to do testing of withdrawals. I'm familiar with the Bitcoin network, and I'll try to "cheat" the withdrawal system as well. Anything extremely large that I get, I'll return except for a small bit for finding it Very well, fair enough EDIT: just added link to page to verify your own bets (http://phpfiddle.org/main/code/4071-5c2q)
|
TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN, FCK OFF PLEASE - The REAL WHITEWHIDOW
|
|
|
AnonBitCoiner
|
|
December 03, 2014, 11:28:31 PM |
|
im not in the office anymore. so in short:
betting at 0 or 100% has been fixed. but not yet deployed
the typos and dutch words will be fixed this evening.
same with the redirect.
same with the email
ill also put an inputmask on the amount input. only allowing correct input.
in the mean time heres a question:
how much would an average user consider a "big enough" signup bonus to convince them to give it a go, where they would just bounce if there was no bonus/small bonus ?
thx again amd keep em coming guys, ill update here when the next version is deployed. hopefully this evening
edit: when i get to implementing the withdrawals. i will actually have a few people from here (like 5) make real withdrawals to test the system. so keep an eye out ..
using btc i will donate to your account obviously
I think a decent amount would be dependent on your funding; there are some sites that offer .0001 - .01 BTC for signing up during the promotional period. Another possibility for the site could be a combination of a faucet, which again is up to you; upon logging in, people could get 500 satoshi, each time once a day or something. It seems like it'd be somewhat easy to abuse the system if the signup bonus is too big though, as there are people with multiple wallets, myself included Hmm, i like the idea of combining the site with a faucet, but should i do it like prime does, allow the user the use tha faucet, every x amount of minutes, IF their balance is at zero.. Or maybe even indeed, give them a bonus, once per day, on the first login of the day, each user, even WITHOUT their balance beeing zero .. or base the amount of daily bonus given, on the total amount wagered by the user so far, something like that ? Thx I'm also willing to test withdrawals! The concept of only giving them a certain amount if they're at 0 is more cost-effective for you, but it may be counterproductive for business unless it's a decent amount to gamble with. If you did the daily bonus people could abuse it, but it would attract more loyal customers. Ultimately it's up to you to you around with how you'd want to do it
|
▄▄████████▄▄ ▄▄████████████████▄▄ ▄██████████████████████▄ ▄█████████████████████████▄ ▄███████████████████████████▄
| ███████████████████▄████▄ █████████████████▄███████ ████████████████▄███████▀ ██████████▄▄███▄██████▀ ████████▄████▄█████▀▀ ██████▄██████████▀ ███▄▄████████████▄ ██▄███████████████ ░▄██████████████▀ ▄█████████████▀ █████████████ ███████████▀ ███████▀▀ | | | Mars, here we come! | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ▀▀███████▀▀ | ElonCoin.org | │ | | .
| │ | ████████▄▄███████▄▄ ███████▄████████████▌ ██████▐██▀███████▀▀██ ███████████████████▐█▌ ████▄▄▄▄▄▄▄▄▄▄██▄▄▄▄▄ ███▀░▐███▀▄█▄█▀▀█▄█▄▀ ██████████████▄██████▌ █████▐██▄██████▄████▐ █████████▀░▄▄▄▄▄ ███████▄█▄░▀█▄▄░▀ ███▄██▄▀███▄█████▄▀ ▄██████▄▀███████▀ ████████▄▀████▀█████▄▄ | . "I could either watch it happen or be a part of it" ▬▬▬▬▬ |
|
|
|
SpanishSoldier
|
|
December 03, 2014, 11:43:22 PM |
|
I'm willing to do testing of withdrawals. I'm familiar with the Bitcoin network, and I'll try to "cheat" the withdrawal system as well. Anything extremely large that I get, I'll return except for a small bit for finding it Very well, fair enough EDIT: just added link to page to verify your own bets (http://phpfiddle.org/main/code/4071-5c2q)Do u have a gambling license ?
|
|
|
|
BGkockata
Member
Offline
Activity: 70
Merit: 10
|
|
December 03, 2014, 11:52:03 PM |
|
Make a design with better colors,with the modern ( i call it windows 8 ) style with flat colors,most people play on pd cause its UNIQUE! Im gonna start testing the site,hopefully there arent tons of exploits.
Edit:Refreshing page every bet?Thats bad for people with slow internet.
Edit:I can bet on 100% win chance and earn 1 satoshi everytime.
|
|
|
|
hexafraction
Sr. Member
Offline
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
|
|
December 04, 2014, 12:14:17 AM |
|
Make a design with better colors,with the modern ( i call it windows 8 ) style with flat colors,most people play on pd cause its UNIQUE! Im gonna start testing the site,hopefully there arent tons of exploits.
Edit:Refreshing page every bet?Thats bad for people with slow internet.
Edit:I can bet on 100% win chance and earn 1 satoshi everytime.
Well, 100% doesn't make sense. However, I put in 1 satoshi, set chance to 60% (so payout is 1.64%) and clicked bet a bunch of times. Eventually, I was slowly winning in the long run, due to rounding error. Might be insignificant, until a bot comes along. I do agree on using AJAX instead. There are some technical points of interest: - PHPSESSID (cookie) is accessible to javascript so if an XSS or something does occur, then JS will be able to steal the session.
- hxxp colon slash slash betsomebits.com/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 reveals info about the PHP version (estimated by way of author list) and extensions, which is a risk. Set expose_php = Off in php.ini, or rewrite URLs so this is not accessible.
- Apache 2.2.22 is somewhat out of date. Not sure if there is an issue here yet, though.
- "PHP/5.4.35-1+deb.sury.org~precise+1" is made known to the world through the X-Powered-By header. If there's an exploit in this specific version, that might be an issue.
As I find more, I'll post them.[/list]
|
|
|
|
BGkockata
Member
Offline
Activity: 70
Merit: 10
|
|
December 04, 2014, 12:43:24 AM |
|
I cant get the free satoshi by refreshing the page Make it so it doesnt type 0.0_______ when i dont type all the zero's and make it auto typing the zero's its so annoying.
|
|
|
|
hexafraction
Sr. Member
Offline
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
|
|
December 04, 2014, 12:47:04 AM |
|
Make a design with better colors,with the modern ( i call it windows 8 ) style with flat colors,most people play on pd cause its UNIQUE! Im gonna start testing the site,hopefully there arent tons of exploits.
Edit:Refreshing page every bet?Thats bad for people with slow internet.
Edit:I can bet on 100% win chance and earn 1 satoshi everytime.
Well, 100% doesn't make sense. However, I put in 1 satoshi, set chance to 60% (so payout is 1.64%) and clicked bet a bunch of times. Eventually, I was slowly winning in the long run, due to rounding error. Might be insignificant, until a bot comes along. I do agree on using AJAX instead. There are some technical points of interest: - PHPSESSID (cookie) is accessible to javascript so if an XSS or something does occur, then JS will be able to steal the session.
- hxxp colon slash slash betsomebits.com/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 reveals info about the PHP version (estimated by way of author list) and extensions, which is a risk. Set expose_php = Off in php.ini, or rewrite URLs so this is not accessible.
- Apache 2.2.22 is somewhat out of date. Not sure if there is an issue here yet, though.
- "PHP/5.4.35-1+deb.sury.org~precise+1" is made known to the world through the X-Powered-By header. If there's an exploit in this specific version, that might be an issue.
As I find more, I'll post them.[/list] Also, I found phpmyadmin. No vulnerabilities as far as I know, though I'm not familiar with it. May I have permission to run a quick portscan from my personal IP?
|
|
|
|
BGkockata
Member
Offline
Activity: 70
Merit: 10
|
|
December 04, 2014, 12:49:02 AM |
|
There is a typo - fixes to fait play algorithm.
It must be:
Fixes to fair play algorithm.
In here u typed it right,but on the site it has a typo.
|
|
|
|
AnonBitCoiner
|
|
December 04, 2014, 03:04:32 AM |
|
There is a typo - fixes to fait play algorithm.
It must be:
Fixes to fair play algorithm.
In here u typed it right,but on the site it has a typo.
If you wanna go all Grammar Nazi, it's "Fixed with a fairplay algorithm", or something along those lines.
|
▄▄████████▄▄ ▄▄████████████████▄▄ ▄██████████████████████▄ ▄█████████████████████████▄ ▄███████████████████████████▄
| ███████████████████▄████▄ █████████████████▄███████ ████████████████▄███████▀ ██████████▄▄███▄██████▀ ████████▄████▄█████▀▀ ██████▄██████████▀ ███▄▄████████████▄ ██▄███████████████ ░▄██████████████▀ ▄█████████████▀ █████████████ ███████████▀ ███████▀▀ | | | Mars, here we come! | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ▀▀███████▀▀ | ElonCoin.org | │ | | .
| │ | ████████▄▄███████▄▄ ███████▄████████████▌ ██████▐██▀███████▀▀██ ███████████████████▐█▌ ████▄▄▄▄▄▄▄▄▄▄██▄▄▄▄▄ ███▀░▐███▀▄█▄█▀▀█▄█▄▀ ██████████████▄██████▌ █████▐██▄██████▄████▐ █████████▀░▄▄▄▄▄ ███████▄█▄░▀█▄▄░▀ ███▄██▄▀███▄█████▄▀ ▄██████▄▀███████▀ ████████▄▀████▀█████▄▄ | . "I could either watch it happen or be a part of it" ▬▬▬▬▬ |
|
|
|
whitewhidow (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
December 04, 2014, 09:06:29 AM Last edit: December 04, 2014, 09:29:41 AM by whitewhidow |
|
on mobile again: so in short again: sorrt for the typo. will be fixed. db is on a diff server. the phpmyadmin you found does not hold the betting data server setting will be fixed, bet regarding the php session id in the cookie, thats normal ? same with fb, prime, etc ? i really dislike the win8 metro look actually and regarding the 60% chance and winning 1 satoshi. is this not the same at prime? it seems im getting the same results there? thx i guess the question is: is 0.00000001 X 1.7. 0.00000001 or 0.00000002 will post more elaborate response when im in the office edit: looking at previous rolls: lol @ user "test41241' OR 1=1; --". edit: how many ti.es the signup bonus, should be required to withdraw ( to prevent abusing the bonus). at primt its like x200 or something i believe
|
TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN, FCK OFF PLEASE - The REAL WHITEWHIDOW
|
|
|
whitewhidow (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
December 04, 2014, 11:16:55 AM |
|
Make a design with better colors,with the modern ( i call it windows 8 ) style with flat colors,most people play on pd cause its UNIQUE! Im gonna start testing the site,hopefully there arent tons of exploits.
Edit:Refreshing page every bet?Thats bad for people with slow internet.
Edit:I can bet on 100% win chance and earn 1 satoshi everytime.
Yep, ajax will be implemented soon, to prevent the refreshing Regarding the 100% win bet, how did you accomplish this, as it should refuse rolls at 0% or 100% change.. Thx
|
TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN, FCK OFF PLEASE - The REAL WHITEWHIDOW
|
|
|
hexafraction
Sr. Member
Offline
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
|
|
December 04, 2014, 11:23:24 AM |
|
server setting will be fixed, bet regarding the php session id in the cookie, thats normal ? same with fb, prime, etc ?
No, there's a flag (httponly) that can be set on a cookie that tells the browser to make it available to the server, but not to any Javascript running on a page. Also, it appears that PHP's version is no longer being exposed through that long URL.
|
|
|
|
whitewhidow (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
December 04, 2014, 11:29:40 AM Last edit: December 04, 2014, 01:30:11 PM by whitewhidow |
|
server setting will be fixed, bet regarding the php session id in the cookie, thats normal ? same with fb, prime, etc ?
No, there's a flag (httponly) that can be set on a cookie that tells the browser to make it available to the server, but not to any Javascript running on a page. Also, it appears that PHP's version is no longer being exposed through that long URL. httponly should be set now, and i fixed the php_expose settings aswell. also, more changelog: -Inputmask placeholder on bet amount input changed from "_" to "0". (BGkockata asked for this) -Inputmask on bet amount now using overwrite mode instead of Insert mode. (toggle using insert) -Fixed rounding issue on 8th decimal (no BTC values are rounded, except when displaying, this fixes the 60% single satoshi bug). -Added statistics displayed in top navbar as always, keep em coming !!
|
TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN, FCK OFF PLEASE - The REAL WHITEWHIDOW
|
|
|
SpreadBit
Full Member
Offline
Activity: 154
Merit: 100
SatoshiBet.com ✯ Bitcoin Casino Games
|
|
December 04, 2014, 02:57:37 PM |
|
Hope my signature may help you!
|
|
|
|
BGkockata
Member
Offline
Activity: 70
Merit: 10
|
|
December 04, 2014, 03:21:43 PM |
|
on mobile again: so in short again: sorrt for the typo. will be fixed. db is on a diff server. the phpmyadmin you found does not hold the betting data server setting will be fixed, bet regarding the php session id in the cookie, thats normal ? same with fb, prime, etc ? i really dislike the win8 metro look actually and regarding the 60% chance and winning 1 satoshi. is this not the same at prime? it seems im getting the same results there? thx i guess the question is: is 0.00000001 X 1.7. 0.00000001 or 0.00000002 will post more elaborate response when im in the office edit: looking at previous rolls: lol @ user "test41241' OR 1=1; --". edit: how many ti.es the signup bonus, should be required to withdraw ( to prevent abusing the bonus). at primt its like x200 or something i believe Okay,but,make any design thats better than this xD.Make the minimum withdraw like 50k if the signup bonus is 500 satoshi,100k if its 1000 satoshi to 5000 like primedice.And what about the refreshing page while rolling thing?
|
|
|
|
whitewhidow (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
December 04, 2014, 03:35:24 PM |
|
Yep rolling without refreshing is certainly on the menu, but im working on the internals mostly, before the design and "fancyness"
But ajax is defenantly coming soon, ill simply make the roll via ajax, and change only the "previous roll", "current roll" panels, and refresh all balances., but like i said, internals first.
Im working on the deposits atm.
also, regarding the bonusses
How about this, if i instead of a "username", ask for a wallet address instead, and have cachouts go only trough THAT wallet, that would alteast make it so that people can only make as many accounts as the have wallets, instead of just unlimited accounts, HOWEVER, as i would also have to mention this on the registration page, im afraid this might alienate certain people ( for only beeing able to cachout to a single specific wallet) ..
any thoughts ?
Thx
|
TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN, FCK OFF PLEASE - The REAL WHITEWHIDOW
|
|
|
BGkockata
Member
Offline
Activity: 70
Merit: 10
|
|
December 04, 2014, 03:40:37 PM |
|
Yep rolling without refreshing is certainly on the menu, but im working on the internals mostly, before the design and "fancyness"
But ajax is defenantly coming soon, ill simply make the roll via ajax, and change only the "previous roll", "current roll" panels, and refresh all balances., but like i said, internals first.
Im working on the deposits atm.
What about the withdraw?How much is the max payout u can have?Like pd has 20 btc,some sites have 2,some sites have .2 btc max u can earn by rollin at ONCE a.k.a for pd it is 20 btc profit 20 btc bet 20 btc wagered max
|
|
|
|
whitewhidow (OP)
Member
Offline
Activity: 112
Merit: 10
|
|
December 04, 2014, 03:50:40 PM |
|
Yep rolling without refreshing is certainly on the menu, but im working on the internals mostly, before the design and "fancyness"
But ajax is defenantly coming soon, ill simply make the roll via ajax, and change only the "previous roll", "current roll" panels, and refresh all balances., but like i said, internals first.
Im working on the deposits atm.
What about the withdraw?How much is the max payout u can have?Like pd has 20 btc,some sites have 2,some sites have .2 btc max u can earn by rollin at ONCE a.k.a for pd it is 20 btc profit 20 btc bet 20 btc wagered max Minimim withdraw, my processer takes 0.0001 mining fee, the player will pay this fee upon withdraw, and anything above that can be withdrawn (does it make sense how i explain it ? ) Hmm, im thinking, once i go live, in production, i will start of with lower maximum bet amount & lower max payout, and slowly raise them, as i get a feel for the volume and number of bets, so that i can calculate how much i can allow in max bets, confidently knowing that i could pay all bets (i dont want the max too high, to early, without knowing for sure that our budget can handle it)
|
TO WHOEVER STOL MY ACCOUNT AND WAS NOW USING IT AS HIS OWN, FCK OFF PLEASE - The REAL WHITEWHIDOW
|
|
|
BGkockata
Member
Offline
Activity: 70
Merit: 10
|
|
December 04, 2014, 05:01:45 PM |
|
Yep rolling without refreshing is certainly on the menu, but im working on the internals mostly, before the design and "fancyness"
But ajax is defenantly coming soon, ill simply make the roll via ajax, and change only the "previous roll", "current roll" panels, and refresh all balances., but like i said, internals first.
Im working on the deposits atm.
What about the withdraw?How much is the max payout u can have?Like pd has 20 btc,some sites have 2,some sites have .2 btc max u can earn by rollin at ONCE a.k.a for pd it is 20 btc profit 20 btc bet 20 btc wagered max Minimim withdraw, my processer takes 0.0001 mining fee, the player will pay this fee upon withdraw, and anything above that can be withdrawn (does it make sense how i explain it ? ) Hmm, im thinking, once i go live, in production, i will start of with lower maximum bet amount & lower max payout, and slowly raise them, as i get a feel for the volume and number of bets, so that i can calculate how much i can allow in max bets, confidently knowing that i could pay all bets (i dont want the max too high, to early, without knowing for sure that our budget can handle it) Be sure to make the max payout like 1% of your bankroll.Thats what most sites do when they start. Also if i can be rewarded for non-coding help,but help with normal things here is my addy 1QGChLzdZQreNF1k6M3Mrz82cBDsMRzYsW Make the min withdraw 500 satoshi x the max payout u can get with 500 satoshi to prevent bots creating new accs with different ip adresses all inning at the min win chance and max payout to make profit and withdraw.This is also called as faucet abusing in pd.
|
|
|
|
|