[UPDATE] - BetSomeBits is ALMOST LAUNCHING !

[whitewhidow]

quick update. on mobile. not much time

implemented withdrawls and deposits. havent deployed yet. i will this evening or tommorow.

thx

s

[1713910790]

1713910790

[1713910790]

1713910790

[Decksperiment]

on mobile again: so in short again:

sorrt for the typo. will be fixed.
db is on a diff server. the phpmyadmin you found does not hold the betting data

server setting will be fixed, bet regarding the php session id in the cookie, thats normal ?  same with fb, prime, etc ?

i really dislike the win8 metro look actually


and regarding the 60% chance and winning 1 satoshi.   is this not the same at prime?  it seems im getting the same results there?  thx
i guess the question is: is 0.00000001 X 1.7.    0.00000001 or 0.00000002


will post more elaborate response when im in the office


edit: looking at previous rolls: lol @ user "test41241' OR 1=1; --".

edit: how many ti.es the signup bonus, should be required to withdraw ( to prevent abusing the bonus).   at primt its like x200 or something i believe

The guy who pointed out the myAdminphp link should be payed attention to, as a bruteforce of password using pyrit/cuda would reveal more than you think.. in fact, all that you see..?

Edit, sorry, was focusing on news, The guy who pointed out the phpMYadmin is correct, as I can rip anyones password using cowpatty piped through my cuda based pyrit (no passwords list) in around a day..

A password to myadmin gives complete opportunity to change anything at will.. you do like your site, no?

[hexafraction]

Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.

[BGkockata]

Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.

also add 2fa verify

[whitewhidow]

Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.

the phpmyadmin will be hidden soon, but like i said. its the phpmyadmin for a different server..

2way auth will be added aswell

and regarding the email adress, ill make it so its optional, so you can set one, IF you want. in case of pass resets if forgotten
and the ability to change your pass when logged in.


just woke up. will be starting work in a few hours. will deploy asap

[whitewhidow]

Update

deposit and withdrawal are finished, but disabled atm (you wont see the buttons, only specific users will...)

profile page is done, will let you change your password, email adres and bitcoin payout wallet.


113ef50 layout and type fixes + missing url
1f854b8 fixes
7755abe more withdraw stuff
aa3d268 change wallet id via profile
a34j268 change email via profile
8f0d478 change password via profile
0322c64 more on withdraw
d4ba0af more on withdrawls
7e61540 link to has info page, on transactions page
7998ff3 deposit fix
589b719 many changes + more deposit stuff
2277e2c many changes + more deposit stuff
ed3aaff many changes + start deposit stuff

[Decksperiment]

change the name of you phpMyAdmin, and the index.php within said folder to secure it.. Oh, and remove it from your root directory, it does'nt need to be in the root to work

[whitewhidow]

change the name of you phpMyAdmin, and the index.php within said folder to secure it.. Oh, and remove it from your root directory, it does'nt need to be in the root to work

phpmyadmin has been secured.

Ive also added google authenticator!

[whitewhidow]

Also, hexa, can you pm me the name of one of your test accounts on the site, so i can start making preperations for the testing of the transactions, i will disable them for all users except the ones i choose

EDIT: just deployed some significant design changes,    working on ajax now

EDIT: just added an ajax implenetation, check it out and see if you guys like it ..

also, i know that error reporting is broken atm, due to the ajax, so i'll get to that very soon   (bet too small or big will not give a visual error atm)

[whitewhidow]

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

[whitewhidow]

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

[BGkockata]

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

Will i be rewarded for giving my opinions&helping u?

[whitewhidow]

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

Will i be rewarded for giving my opinions&helping u?

for opinions, no, because everyone has them

For helping ? Well like a stated in my first post, anyone who finds a bug gets rewarded,

other then that, any info provided to me, that i feel is substantial, gets a reward.

[BGkockata]

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

Will i be rewarded for giving my opinions&helping u?

for opinions, no, because everyone has them

For helping ? Well like a stated in my first post, anyone who finds a bug gets rewarded,

other then that, any info provided to me, that i feel is substantial, gets a reward.

okay

[whitewhidow]

im liking the new design, really starting to look nice he

[BGkockata]

im liking the new design, really starting to look nice he

told you to do it!also told u the 2fa thing,is it going to be ready sooN?

[PotatoPie]

Vulnerabilities ^_^:
XSS (Cross site scripting) in the change seed thingie.

Code:

"><script>alert(document.cookie)</script>

There is also no CSRF protection on this either.
Video: http://gyazo.com/9eaa38097d913eb8b78cd957a94e607e

Possible places for vulnerabilities:
->On the withdraw page, you've got 2 post variables userAmount and realAmount. It seems that you validate userAmount but not realAmount. I cant test it as I cbf depositing $3 into your site but just make sure that the user cant put userAmount = 0.01 and realAmount = 5 and it will send them 5BTC sort of thing. I doubt you can, but just a heads up.
-> You're able to do negative numbers on roll amounts. Although this probably wouldn't change anything, there isn't any validation for this.

Silly errors:
0.00000100 BTC divide by 2 doesn't equal 5.70000000 .
Video: http://gyazo.com/323eeb6bcc6deef1035005d2ea9b2300

Suggestions:
-> Require a minimum password length. I could have one character and it would accept it. This is just in case of a DB leak, although it's not going to really help that much.
-> Cloudflare would probably be good.

[whitewhidow]

Vulnerabilities ^_^:
XSS (Cross site scripting) in the change seed thingie.

Code:

"><script>alert(document.cookie)</script>

There is also no CSRF protection on this either.
Video: http://gyazo.com/9eaa38097d913eb8b78cd957a94e607e

Possible places for vulnerabilities:
->On the withdraw page, you've got 2 post variables userAmount and realAmount. It seems that you validate userAmount but not realAmount. I cant test it as I cbf depositing $3 into your site but just make sure that the user cant put userAmount = 0.01 and realAmount = 5 and it will send them 5BTC sort of thing. I doubt you can, but just a heads up.
-> You're able to do negative numbers on roll amounts. Although this probably wouldn't change anything, there isn't any validation for this.

Silly errors:
0.00000100 BTC divide by 2 doesn't equal 5.70000000 .
Video: http://gyazo.com/323eeb6bcc6deef1035005d2ea9b2300

Suggestions:
-> Require a minimum password length. I could have one character and it would accept it. This is just in case of a DB leak, although it's not going to really help that much.
-> Cloudflare would probably be good.

ill add a token and a sanitiser to the clientseed form today.

regarding the useramount. all calculations and processes are based on useramount. so if useramount is messed with. it doesnt really matter. it gets displayed. and is an inpit yes. but does not get processed

(havent watched videos yet, im on mobile atm) so ill adress those as soon as i can

pass length: your 100% right

ill add you to the list of rewards and ill reply regarding the videos when i gwt to the office.

thx

[whitewhidow]

changes:

    -seedForm is sanitised upon submit
    -hide seedform between roll nand next roll (did not make sence changing seed when looking at result)
    -username minimum 6 chars
    -passwords minimum 8 chars
    -added captcha to faucet


i think we are going to be ready pretty soon ...

[whitewhidow]

UPDATE: all accounts, rolls and stats have been cleared, will now start testing the withdrawals with hexafraction

If all goes well we will be live before the end of this week !