Is it possible to post to Google + through PHP using some kind of API? I've read many conflicting statements on various places, including here on SO.
I've read that you need an analytics account, that you need to add a website to your page, that it isn't possible, that it's a closed service and you must apply, that you need your GMail username & password .etc.
Just really looking for a bit of clarity really. Found this, but I'm not sure if it allows this functionality. The lack of documentation really makes it quite daunting looking into this as well, there is literally nothing I can find at all.
Another option I've found appears to work, however it was from a website where you must pay to download the API. I'm genuinely not sure how or if it can be done.
Google restrict this API to whitelisted partners and companies through https://developers.google.com/+/web/api/rest/pages-signup
You could however use a third party script such as https://gist.github.com/zachbrowne/3301749 which handles the posting as if it was a logged in front end user rather than a direct API update flow.
Related
I'm trying to make a website in PHP that uses Google account as their login credentials. I'm planning to assign different roles (teacher/student/principal, etc.) to those accounts so they have different landing pages once they logged in.
My problem is how will I register them in my website and assign those roles in combination with google-authentication?
A simple API for your purpose is on https://developers.google.com/identity/sign-in/web/sign-in, it's just working in JavaScript. About the usability for your purpose it might be a challenge, as you have to save the users with their roles. At least you had additionally to include some requests to the server, at best by AJAX.
Then there exists a server-side API for OAuth-authentication, general deatails about it you can find here: Gmail Add-On: Oauth not being triggered, I answered there on a question but included info and several links.
Your question seems being very general but as there exists several APIs, perhaps additional ones beside my hints, so you should try finding the best solution for you - following the tags where you also get some links to google-authentication, but you should probably additional search by yourself for the different APIs as long as nobody else is giving a comprehensive overview.
Having made a decision for one API you should follow some examples and can ask again at best with some code you tried already to get answers on concrete programming-problems.
Wondering if someone can provide some direction.
I'm creating a Wordpress plugin that will be publicly available (free). The plugin is meant to allow bloggers to include a definition widget using bootstrap's data-toggle.
Since I don't want people stealing the content without attribution, the hyperlink will be pulled out from a private API.
Here's how I think this should flow, but I know that there are things that are inefficient:
Create a private API that houses all of the data. It might be as 3
branches of data:
id -- name -- definition
Have the plugin authenticate somehow with the server
Plugin creates a shortcode in Wordpress ie. [define="term"]anchor[/define]
When the shortcode is called, it pings the server and stores something locally in their sql db.
Additional Notes/Concerns
I understand that there is nothing such as being hack-free or altered free. But I want to get as close as possible.
A couple exploits I can see happening is if people change the cached info in the SQL DB. Is there a way to potentially kill the data-toggle content if this happens?
Also, I don't want people to be able to create their own calls to our API creating their own programs. That's not the intended use of this.
I apologize if my thoughts seem cluttered, but I can't seem to figure out a solid workflow in where I should get started with this.
If anyone can help bring clarity, I would greatly appreciate it.
I would be inclined to do the following:
Give every user a unique API token or other credentials
Link every token to a single IP address and reject any requests where the token doesn't match the IP address.
That way if you become aware of someone misusing the content you need only delete their token to prevent access, and can be reasonably sure that it's not being used on another server. Users can enter the API credentials in the plugin admin.
I think OAuth2 will probably be the way to go to authenticate clients - it's made for granting access to client applications and there are plenty of implementations available. You'd need to add the ability to verify that the user matches the IP, but that shouldn't be difficult.
FB, having updated their API to disallow generic shares (Oct 2012), now require us to utilise built-in actions. Moving on from there, we can use Mention Tagging (https://developers.facebook.com/docs/opengraph/mention_tagging/) to allow messages and mentions be created - this is all fine.
However, on the same page above they say "You must also describe step-by-step how users can add/remove tags in your app." - but they neglect describing what call must be made to the API to do so.
Has anyone else done this successfully?
Say I have a user who's mentioned 5 people in an action post. Then say one of them would like to be untagged. I provide them a link to allow them to untag themselves, but what call should be made to the API.
Has anyone got any experience at this? All help appreciated.
Paul G
Say I have a user who's mentioned 5 people in an action post. Then say one of them would like to be untagged. I provide them a link to allow them to untag themselves
I don’t think you have to offer a link for tag removal to the other users that have been tagged by your user. Standard FB functionality through the facebook.com UI should enable them to do that already.
It does not make much sense to me to offer such links on your own to people that have been tagged by your app’s user, but might not even be using your app themselves. (To ensure that they are legitimately requesting to be un-tagged, you’d have to identify them first – by having them connect to your app. I don’t think that’s how Facebook want it to be.)
To me, the intention of the guidelines is more to ensure that you are building a clearly understandable UI for your app, for the process of the user entering his message. If they start to type #PaulG, and you want to “translate” that into a tag, f.e. by highlighting it in the text edit box like it happens on facebook.com, then it a) has to be absolutely clear to your user, that they are tagging someone this way, and b) you have to give your user a way of removing that tag right there and then (before posting his message), in case he does not want to tag a user, but just have the characters “#PaulG” stand for themselves in his message.
I've seen there is some other discussion about this, however, none of the other threads I've read have targetted my situation.
For one, I do not need to get any Tweets from Twitter. I only need to send to Twitter.
For another, I don't need to have multiple accounts or different Twitter users. I can already ensure the page will only be seen by the one authorized user, so I can save any necessary login information in one configuration file and be done.
I am only posting occasionally from one web site, to one Twitter feed, and only one user will be logged onto the the web site that will send the tweet.
I am hoping to find a simple tutorial or script that can allow me to cut to the bare bones and just send tweets to my Twitter account.
However, all the tutorials and scripts I've seen so far have been too elaborate, handling logins, sessions, authenticating multiple users, and so on.
Is there any way I can get simple oAuth PHP code to accomplish what I'm describing?
This would help
http://code.google.com/p/dabr/source/browse/trunk/common/twitter.php
http://code.google.com/p/dabr/source/browse/trunk/common/OAuth.php
This should help or at least point you in the right direction.
https://dev.twitter.com/docs/twitter-libraries#php
You can use ZF component
get accessToken only once, keep it as serialized string anywhere
http://framework.zend.com/manual/en/zend.service.twitter.html
Here's the deal:
-Flair pretty much demands a Facebook app
-I'm working on learning the Facebook platform
Therefore, I've written a dinky little Facebook app to embed your Flair into a box on the side of your profile. If you're interested and on Facebook; beware that this is very much a work in progress, prone to change and has a whole bunch of rough edges.
However, I don't have an elegant way to say "this is MY Stackoverflow profile" from this dinky app. My current solution is best demonstrated this image. It is, frankly, idiotic; and there's nothing preventing impersonation.
Having no experience with OpenID, I'm wondering if there's some way (and some example of this way, please) to get a user to provide their Stackoverflow identify to a third party?
Behavior changed to that suggested by Noldorin's answer.
Request for a saner way to do this declined on UserVoice.
There's no way to get a StackOverflow ID from OpenID and to do the opposite would be possible but unnecessarily complicated (compared to your suggested method). Copying and pasting the user ID/profile URL isn't terribly inconvenient, in my mind.
However, I can suggest some sort of solution to the issue of impersonation. This may seem like a slightly silly method, but it's the simplest way of which I can think to insure that only the user themself can display the badge. Again, I don't think it's too inconvenient. (The more traditional method of using an email confirmation isn't possible, given that emails aren't public.)
Have your Facebook app generate a random (alphanumeric?) code. Something in the form A8IO45QW6T should do.
Hold this code on the server side of your Facebook app for a short time period (say, 5 minutes).
Instruct the user to edit their About Me information by adding the given code to the last line, then to return to the Facebook and confirm. Simple inspection of HTML for the profile page of the specified user would verify ownership. The user can then remove the verification code from their About Me text.
Nice idea creating this Facebook app, by the way. I may just give it a try!
Another solution that would allow for instant verification is hashing the email address and checking to see if it matches the user's Gravatar. Granted, not every user has provided an email address, but you can always perform this check first and if it fails you can fall back to the About Me section editing (or simply require that the user have an email address). This idea is not mine, so I'll let null explain:
Do you still have the source available? As I've gotten a solution to prevent other users from messing up your results. You just need to hash the email address used by the viewer and check for the gravatar image link on the page as outlined on the gravatar site. If the user id and image hash match, then record the change to the database, otherwise... just show results. I can make that change, but the source seems lost... :(