Active button in my email using php - php

am trying to put a button in the email created with php so that when the user gets that email, they can click the button to delete a record in the database directly without leaving the email client or email window they are in.
is it possible and how do i achieve that? Thanks.

The closest you can get I think is putting in a hyperlink to a web page which will automatically trigger the deletion when given the correct parameters. But it will still launch a web browser (and then a server-side script must run to do the deletion or whatever). And therefore you'll probably want to provide some feedback to the user on that page as well.

No, this is not possible. At best your email will contain a link that will spawn a new window or tab that will access a page to delete the record.

Related

How to detect uninstallation of an Android app and remove related user's data from the server?

Basically, I want to remove all the web postings that a user has made via my Android application in the event the user uninstalls my app. Is that even possible?
No you cannot do that, as the app cannot understand when the application is being uninstalled.
If the data to be deleted from the server is such that the user will want it removed, you could make a button in the code, for the user to press, which will invoke process of deleted data on the server. Else just in un-installation, you will not be able to do it
I suggest since your talking about server side code write in some logic that checks the last update date/time on the records and then email the user.
Something to the effect that if they do not click on a link within X days their account will be deleted/purged. If they click the link then just update a single records last update date/time.
See http://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_REMOVED
The package does NOT receive the intent that it is being removed.

Auto submit from email

I don't know if there is a easier way to do this, im starting out with php, I am trying to add a link to a email letter so that once the link is pressed it opens a webpage and auto submits a form to my email address with just a reference number that was added to the link.
I have tried a few ways with php but can only get a blank email to arrive.
Use an id(identifier) with the link. Use the id later to track who had opened the link.
When sending email add a parameter to link ("?referer=xyx23") and save the refere in database. When user opens the link you can track using the database the referer
You need add link with the unique get-parameter, like: http://your-site.com?sendemail=9adb879856464.
This parameter saved in the database. If user enters the site using link from email at the server run the script, this script checks, if is the link valid. If link is valid, check is the link in the database. If this link is in the database, then send the mail using php mail-function. If you want user used link once, delete the link in the database.

Detect if a web site is already open and reuse window

I'm trying to find out if there is a way to open a url link in an email and reuse a window if a certain page ( or site ) is already open.
What I have is a 'forgot password' page where the user enters their email address and gets asked a security question, this then sends a plain text email with a url link (so no html link attributes) and reports to the user that it has done a good job . When the user clicks on the link it opens up a shiney new browser window and ignores the old report page leaving it feeling sad and unwanted. I would like to know if there is a way to reuse this window or more specifically the forgot password report page. Perhaps I could name the page with javascript or detect if the url is already open somehow.
Or is it possible if I did decide to use an html email, so most people would get the benefit.
Please help my report page to loved and wanted again.
Thanks
I am using PHP and I could use javascript or jquery browserside, or anything else that might fit in with this
This is completely up to the browser to decide; some browsers might be able to guess what you're trying to do and replace an existing tab with the new page, but on the whole that doesn't make sense.
This is what you could do (though it's not really technical):
after the email is entered and submitted, the form page changes and asks them for the security code that's being sent to them.
inside the email you print the security code in a clear manner for the user to double-click and copy to their clipboard; they would then switch to their browser again (with your page still open) and paste the value. You can still provide the link for ease of the user, of course.
Btw, to make an easily selectable code for the user to copy into their clipboard I found that using base32 encoding is the best; those codes can be selected easily, even with iOS devices.
You could have the page opened by the email send out a postMessage request and have the other page answer that is is still open. If that happened, the new tab could close immediately.
However, switching between tabs/windows is something happens at the OS or browser level, not the page level, and there is no way to switch to the open tab using JavaScript. You could write a browser extension to do it, but that's probably innapropriate for something so trivial, and no one would bother to install it.

How to block an user from faking requests? Or how to detect fake requests?

Let's suppose that you have a website that contains a single button.
When this button is pushed, an ajax request is sent to the server - who receives the request and adds 1 in an internal counter on its database.
An user could copy the entire request (and its headers) and create a script to send infinite requests to overload the server (and mess with the counter).
I'm trying to avoid:
Recording the user IP
Using Captcha
I'm using php in my back-end. Is there any way to prevent this situation? Is there some way to send an "invisible" request?
Your problem is called "cross site request forgery".
A good way to solve this problem is to generate a random string when the page with the button on it is called, write it into the users session and into the generated page, and send it together with your button press (for example in a GET request).
On the backend side you check if the submitted string matches with the string in the users session and then delete the string from the session. Only proceed if both strings matched and weren't empty.
This way every request URL is only valid one time and only valid for the user who initially opened the page with the button on it.
you can create a unique token that is assigned to the button and can only be submitted once with the button press.
this will mean that the user will need to refresh the page to get a new button, if thats a problem, associate the token with the user and not the button
the above method means that you need to add server side code. you might be able to get away with using something like evercookie to log the button press on the clientside and attempt to prevent the user from sending another request and recieving another request from user - i dont recommend doing this in prod, but it might be fun ;)
ill try to be bit more clear:
generate the button so that it submits a form containing a hidden field called 'uuid' that contains a pre-generated uuid for that button. this uuid will need to be kept in the database or in memory. if you use a good uuid lib, the chance of the user generating an existing uuid are infinitesimal.
now, the user clicked the button and the action goes to /my-button/?uuid=3394b0e0-a3bb-11e1-b3dd-0800200c9a66
now the server checks if the uuid is a previously generated one. if it is, it deletes the uuid from where its stored and lets the action do whatever. the uuid does not exist, it returns a 404.
You can't possibly know how a request is initiated, all you can do is make it more difficult to fake. But if this is something to do with security, then it's the people who can successfully fake the request that you need to be most aware of. So it's likely useless (or even misleading) to attempt this as some kind of security measure.
You can try an encrypted key that the server will only accept once within a certain time lmit, but you will still not know how the request was initiated (and you really shouldn't depend on that). Buttons are a UI feature that might be converted into some other UI artifact based on whatever the user agent has been configured to present to the user (if there is a user invovled at all).

PHP register clicks to callto: link

Is there any way of registering clicks to a callto: link with the use of PHP? I've set up a site for a friend of mine and what I would like to do is to create a log of some sort to show who called who eg. if the current user clicks the callto: link I'd like to add a row to the database like "userX called numberY at hh:mm" but I've noticed you cant set variables in the callto: link as you would in ordinary links with just appending $var1=val etc...
I figured you could make use of the onclick()-method of the a-tag but I'd rather skip javascript at the moment and just use PHP. Anyone got any ideas for this? Is it possible to use the header()-function and "redirect" to the callto: link?
callto: is not http:, which means these links are not to be followed by a browser when you click them, but instead trigger activation of some program on the client computer associated with that protocol, right?
Which means no HTTP request is made, so you can't point them to a PHP script.
Which means the only way you're going to intercept these clicks is with JavaScript or by modifying the client software the browser launches itself.
I just did a proof of concept doing a redirect (in .NET), and it seems to work ok in Chrome, but it puts the following in FireFox (might be an artifact of .NET actually):
Object moved to here.
I guess you would do something like this: The user clicks on link to /docall.php?callto=blahblah. The contents of docall.php looks like this:
$callto = $_GET['callto'];
// log the call to $callto in the database
// send back the callto protocol response to the user.
header("location:callto:$callto");

Categories