I am working on an educational website in PHP Condeigniter. The project includes an option where students can sent private messages to tutors and vice versa but they are not allowed to share their contact details with each other, like phone number, skype id, home address, email etc. Is there any way in which I can control this? For example, if a user writes his phone number like 12345677, the algorithm should automatically replace it with xxxxxxxx so that the other user should not be able to view the number..
You can attempt to censor some of the text patterns with regular expressions but don't expect to get 100% of them. I don't think you can reliably censor things like skype IDs and addresses.
Also note that if they'll really want to share contact information they are going to find a way to get around your filters.
Related
I'm implementing a mobile registration system in PHP where by the user can register with their mobile number. They can also log in with that number and receive SMS notices/verification etc.
Let me explain the system before moving onto the problem as its easier to explain that way.
My current system works like this:
User signs up with 07733333333
Phone number is converted to E164 format and stored as +44773333333
SMS validation is sent
This works great and ensures the user can't sign up twice with the same number. It's also the format our SMS service provider requires.
The way I convert to E164 is using Google's LibPhoneNumber library. It requires a country code to convert the number so I take that from the IP address. The user is able to change the country code if our guess is wrong. On the page after registration they will see a page that says "We've sent an SMS to this number: +44773333333". The user can change this number/country code at this point.
The problem arises when logging in.
If a user logs in with +44773333333 it's easy to grab this from the database. It's already stored in this format.
But, if they log in with 0773333333 I need to make a guess at what region that mobile number is to convert it to E164 format to run the query. There is no way I can query this number in the database because it doesn't exist in that form. I can guess that it's +44 from the IP address but this is unreliable. What if the user is on holiday? Or using a VPN? That guess can't be made.
What is the best way to handle this?
My only thought is to have two fields in the database. One is national_mobile_number and the other is e164_mobile_number. That way I can query either fields to see if the numbers match. I don't know what impact this would have on performance with many users (500,000+).
My problem is this:
I have a survey that is taken by people that they're paid for. I want to avoid the same person submitting the form multiple times. It is a web application.
What I have tried:
I have tried recognizing the IP address from which they try to submit the survey but it hasn't worked.(They could just change devices and so, IP changes) I could try 2FA (where I authenticate using SMS/Voice to phone numbers) but free phone services like Google Voice/Twilio will render that useless. Using a SHA/MD5 hash on a combined key such as phone number and email address still faces the same multiple emails/phone numbers problem. Uber has recently covered up its tracks and devised a way (or a partnership) to recognize Google Voice Numbers. I have gone through the Google Voice API and haven't found a way to find the actual phone number linked to the Voice number.
Is there any full-proof way of doing this?
PS: I am NOT talking about multiple form submissions on a form (say a ecommerce website) which causes multiple charges to a credit card. Please do NOT suggest CAPTCHA.
I have a few little questions concerning contacts from Android.
I have a MySQL databases with users and their phone numbers and I want to retrieve the contacts from the contact list of the user phone which are matching with phone numbers in the database (-> users using the app in other words, a bit like whatsapp is doing when you see the contacts which are using the app..)
I was wondering how I could achieve that in an easy and rapid way.. I was guessing I could do as follow:
asynctask class which is retrieving all the contact list with a cursor
get the phone number of the current item in the cursor
execute a sql query to see if contact exist .. with LIKE %phonenumber% (through php script)
if exist, add the contact name to a list view
But this means that every times the user wants to see the list, there are a lot of requests that need to be done.
Does anyone have an idea of a better way to do it? An easier way ?
Before you start flaming or anything at all, READ THIS!
I have a regular expression verifying the format of a phone number entered in a form is correct.
NOW what I am hoping to find is IF someone knows a way to verify if that number exists...so if the number doesnt exist and the user enters it, user will get an error message phone number does not exist and they will be prompted to enter a WORKINg phone number....
I have looked ALL over the seas of google but could not find a phone number validator not a format checker like regex...
This is my last hope..
In order to check if a phone number really exists (and belongs to the user who's filling your form), I see only one solution : try to communicate with that phone.
What's generally done is sending an SMS with a validation code to the phone number -- and ask the user to type that code once he has received the SMS.
This way, you'll be sure that :
The phone number exists,
And belongs to the current user.
Of course, make sure you put some security measure in place, to prevent anyone from using your form to spam some number :
Make sure one user cannot send more than X SMS per hour/day,
Make sure no more than 2 or 3 SMS can be sent to the same number per day/week
The short answer is no. You would need access to a database containing all the world's phone numbers - a sort of combined affair from the big providers. Having said that you could set up a system whereby you actually phone the number automatically and ask the user to enter a code. This would require a lot of set-up and would cost a fair bit. That is the only way you could do such a thing.
For mobile numbers you could also use SMS and require a reply.
Maybe MaxMind can help you : http://www.maxmind.com/app/telephone_overview
It provides a nice API, but its not free.
Twitter and Facebook invite new users to send an invitation to everyone in their Gmail, Hotmail, or Yahoo Mail accounts.
Is it easy to add this functionality to a website?
Thanks,
John
Last I checked you basically have to pretend to be a web browser then programatically log in to the site, scrape the contacts, then compose/send the message. It isn't difficult, but it is time consuming as each of these services works differently.
I does, however, look like people have written script for some of this though: example.
Yes!
What they generally do is to send in the email a special URL that contain a code, for example:
www.mysite.com?UserCode=ABC
That code (ABC) is associated to the email of the user so the application undestand which user is trying to subscribe. You must keep in a database the pair: email, code.
HTH
All of the above answers are correct, here is a summary and some more explanation:
You first need to get the user's login for each service you want to get contacts from (I personally don't understand why people would do that - I would never give my GMail password to Facebook, let along some little known web site).
Then you can simulate a login to the said website and grab their contact list as an export (all serious email services allow you to export the contact list as CSV or something). You can implement this yourself or use some external library such as contactgrabber mentioned by Haim.
You then go over their list of contacts and for each contact you generate a key (you want to generate a unique key for each email you send so you'd know who responded to you). Generating the keys is easy - take some info like the current user's email plus the target email address, add the current time and pass everything to a hashing function like SHA1 - should do the trick.
Now store in a database table for each contact you got: the inviting user's ID, the email address being invited and the key you generated.
Lastly send a nice email to each contact with a URL to your website's "invitation activation page" with the correct key applied - like so: http://www.somesite.com/invited?key=123456780abcdefgh
when that page is accessed, get the key from the URL and find it in the table - that would give you the email address that activated the invite and the user that invited them. From here you can take it to where ever you want.