Upload
mark-smalley
View
104
Download
0
Tags:
Embed Size (px)
DESCRIPTION
A getting started guide to life without email based authentication
Citation preview
LOGGING-IN with BITCOIN( a guide to life without email based registrations and paywalls )
A DEVELOPER WITHOUT CHOICE IS AN UNHAPPY DEVELOPER
WHY SHOULD WEB DEVELOPERS CAREABOUT BITCOIN…?
BITCOIN SUCKS914,000 RESULTS
https://www.google.com/search?q=bitcoin+sucks
BITCOIN ROCKS58,800,000 RESULTS
https://www.google.com/search?q=bitcoin+rocks
64 TIMES AS GOOD AS ITS NOT( according to Google – Nov 2013 )
WHO AM I TO TELL YOU…?Mark Smalley – http://twitter.com/m_smalley
R1 DOT MY Sdn Bhd – http://r1.my
Been Living in Malaysia for 16 Years
Developing Web-Applications for 15 Years
MongoDB Master / NoSQL Specialist
Passion for Community Management
Family Involved with Equity Fund Management
WE ALREADY HAVE CHOICE – WE EVEN HAVE PAYPAL
• Square, Stripe, V.me, Simple, etc …
• Only available to developers in States / Europe
• Local alternatives are complicated, costly & useless
• No options for instant starts …
• No options for anonymity or the billions of us unbanked
• In Malaysia we only have PayPal and iPay88
BITCOIN THE TECHNOLOGY STACK
• Uses LevelDB to access (via JSON) a globally distributed public ledger of all transactions
• Send and receive payments instantly and directly via JSON-RPC calls from any server-side language …
• Existing wrappers, frameworks, documentation, libraries and support for PHP, Ruby, NodeJS
• Still in Beta (0.8) with Market Cap of US$12.8 Billion (Nov 2013)
• Version 0.9 to bring payment requests and receipts!
THE POWER OF DISTRIBUTED LEDGERS
• Removes central point of control (and failure)
– For developers this means an ALWAYS on API
• Can be used for things other than transactions
– For developers this means timestamps and cookies
• Provides a public record and optional anonymity
– For developers this means instant sign-up without verification
LET’S BUILD SOMETHING – LOGIN WITHOUT EMAIL
Before we begin, let’s ask why do such a crazy thing…?
• We do not need to manage our own database!
• We can integrate sign-up and payment as one process
• We do not force our users to provide their identity
• Nobody needs to sign-up or apply for accounts
• We can do business globally with anyone who has internet
JUMPING INTO CODE :: TABLE OF CONTENTShttps://github.com/msmalley/BCE/tree/master/php-login
// Include BTC login class
$login = new mongobase_btc_login();
// Get user information
$user = $login->user();
// Check if user is logged-in or not...?
$logged_in = $login->logged_in($user['uid']);
// Create and display relevant HTML
$html = $login->html($logged_in, $user['address']);
echo $html;
PART ONE – GET USER INFO$user = $login->user();
// Check if got existing UID cookie if(isset($_COOKIE[$cookie_name]))
{
$uid = $_COOKIE[$cookie_name];
// Get existing BTC address
$addresses = $this::$btc->query(array(
'function‘ => 'getaddressesbyaccount',
'options‘ => $cookie_name.'_'.$uid
));
$address = $addresses[0];
}
PART ONE – GET USER INFO (continued)$user = $login->user();
// Else create a new UID cookie
}else{
// Gather server settings
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_time = $_SERVER['REQUEST_TIME'];
// Generate unique ID
$uid = hash('sha256',$user_salt.$user_agent.$user_time);
// Set UID cookie
setcookie($cookie_name, $uid, time() + $cookie_life);
// Create new BTC address
$address = $this::$btc->query(array(
'function‘ => 'getnewaddress',
'options‘ => $cookie_name.'_'.$uid
));
}
PART TWO – CHECK IF LOGGED-IN$logged_in = $login->logged_in($user['uid']);
// Not by default
$logged_in = false;
// Check if got balance
$uid_balance = $this::$btc->query(array(
'function’ => 'getbalance',
'options’ => $cookie_name.'_'.$uid
));
// Check if logged-in
$details = $this->timed_cookies();
$logged_in = $details['logged_in'];
if(!$logged_in && $uid_balance > 0)
{
// Not logged-in but got transactions
$logged_in = $this->set_cookies();
}
return $logged_in;
PART TWO – CHECK IF LOGGED-IN (continued)$details = $this->timed_cookies(); // excluding sanity checks
foreach($_COOKIE as $key => $value){ $key_array = explode('_', $key); if(count($key_array) == 2 && $key_array[0] == $cookie_name) { $temp_uid = $key_array[1]; $txid = $_COOKIE[$cookie_name.'_'.$temp_uid]; $transactions = $this::$btc->query(array( 'function'=>'listtransactions', 'options'=>$cookie_name.'_'.$temp_uid )); foreach($transactions as $transaction) { $hashed_id = hash('sha256', $txid_salt.$transaction['txid']); if($hashed_id == $txid) { $uid = $temp_uid; $address = $this::$btc->query(array( 'function'=>'getaddressesbyaccount', 'options'=>$cookie_name.'_'.$uid )); $logged_in = true; } } }}
PART TWO – CHECK IF LOGGED-IN (continued)$logged_in = $this->set_cookies(); // excluding sanity checks
$logged_in = false;
$recent_transactions = $this::$btc->query(array(
'function'=>'listtransactions',
'options'=>$cookie_name.'_'.$uid
));
$txid = $recent_transactions[0]['txid'];
$amount = $recent_transactions[0]['amount'];
if($amount > 0)
{
$logged_in = true;
$number_of_days_bought = $amount / $btc_per_day;
$new_cookie_life = 86400 * $number_of_days_bought;
// Manage Cookies
$id = hash('sha256',$txid_salt.$txid),;
setcookie($cookie_name.'_'.$uid, $id, time() + $new_cookie_life);
setcookie($this::$cookie_name, false, time() - 1);
}
return $logged_in;
Source Code: https://github.com/msmalley/BCE/tree/master/php-login