Server protection in iOS app - php

I am really new to mobile development so something is really unclear for me.
I have iOS app that uses POST requests to my PHP script.
For example: I want to update some data on server. So I make POST request that contains id of record in database and it's new value.
How can I protect my server from unwanted POST requests? I know about sessions in PHP but how it can be implemented in swift and iOS programming.

Maybe you should make a "database" which will contain device ids from your app users (device id will be added to this base on the first time of app running), then you will use this id in each request to your server and by php script you will check if $_POST['id'] contains in your base or not. If not you can make a random answers from script to make a man investigated your app confused. So, ofcourse if id not found in base - any doings with database updates are ignoring so it does not matter what value in other post fields is.
It`s just thinking)

Related

How to migrate Google Analytics client side tracking to server side tracking using PHP

We would like to transfer all e-commerce transactions from our webshop via the server side, instead of using the javascript browser tracking script which is provided by Google.
From what I can see, it is possible to submit events from the server side to GA, but is it also possible to send the entire e-commerce transaction?
There are some options with regards to PHP libaries. Which ones do you currently use with good success?
Hey it's not possible with Tag Manager(not on the easy way), but if you want to send hit via server side application the best way is go via "measurement protocol".
It's no so strange to do on that way, sometimes the transaction other important parameters can be sent on that way to secure the information. You only have to curl to a url.There is the guide of what it is
https://developers.google.com/analytics/devguides/collection/protocol/v1/devguide
But you need some consideration
You have to be able to read the cookie when you send the hit, or store the client id, to attach this information to the current user
If you want to send the information after, you have a max of 4 hours to send and to be attached correctly to the session. (there is parameter to do that)

iOS and PHP: Check if server has updates/ database has changes

Background
I have an iOS app that retrieves data from a server and writes it to a file with NSFileManager, so that the user does not have to retrieve data again from the server every time they want to visit a page. The data that they are retrieving can change from time to time, so I would like to update the data in the app files when it does.
I am using php pages for my backend web services.
Question
What is the technique for checking if the data in my database has changed so that I know that I should update the data in the app? The only way I can think to do this is to create a php page that checks if the data is different from what I have stored, but this kind of defeats the purpose of saving information to files within the app. I want to minimize when the user communicates with the server, because in situations where the user has no service, I would still like there to be valid data that they can see within the app.
Please ask questions if you do not fully understand what I am trying to achieve. Thank you!
If you want to list the most recently added restaurants for example, you could :
Store the ID of the most recent restaurant on IOS and send it to the server when you want to check for updates.
If the ID isn't the same in the DB, then you have to update your client.
If it's the same, you can just send a response with a 304 status (Not modified) so you minimise the amount of data being exchange.
If you want to cache computed data, like top 10 user-rated restaurants, you can :
Store a hash of the 10 restaurant IDs and send it to server when you want to check for updates.
The server redo the request and compute the current hash for the top 10.
If the hash is different, update your client
If the hash is the same, send a response with a 304 status
NB : If the computation is expensive on server side, you might want to think about a more clever way to detect data changes.
In this case you need to define your release ID on server and store somewhere in app as well. For example, when you do some changes in database or there is an update from server side. Just change that release ID from server.
On IOS side you need to check that release ID. If ios release id is lower than server's ID, then update your database in ios local storage.

Comunicate NodeJs with PHP and viceversa

I put in situation:
I have a website entire make in PHP 5.3 and MYSQL, the site need to user to login for get access, the login "simply" check user/password and create a $_SESSION in the domain with the user ID and other user non-personal data.
In PHP i need to read this $_SESSION to detect if user is logued.
Now, i think in create a NodeJS real-time chat with websockets (only work in last browsers obiously, but i looking for pure HTML5 site, not external client-js like socketio.js), but here is my problems:
First problem I need to get the $_SESSION['user'] in the NodeJS, for make this i need to "pull" from PHP TO NodeJS, send a message like "update-this-user-auth" with the $_SESSION['user'] data, but the problem is, first HOW is the best way to pull from PHP Server to NodeJS Server runing in the same (or not..) machine.
And second problem HOW identify the user in NodeJS, because the user have $_SESSSIOn in PHP but i dont know if the request is from user nº1, nº32 or nº 999999.
For the problem of the comunicate from PHP to NodeJS I read some posts, and get 2 ways:
CURL User, usin PHP Curl to "call" a NodeJS service, and send-read data from PHP to NodeJS
Sending messages from PHP to Node.js
DNODE, i found this googling, have good look, but require some extra librarys, and i like to make the code clear and preferably simple.
http://bergie.iki.fi/blog/dnode-make_php_and_node-js_talk_to_each_other/
I thanks to all ideas and comments for the best solution to this two problem.
With PHP:
You can save a random generated key in the database, associated with user's ip, user id and any other session information (time created, last active, expiration date...). Also, save that key in a cookie too.
With Node.js:
Read the cookie, find the key in the DB and check if the session is valid or not.
So, basically, instead of storing all info in PHP, use a shared storage like for example a DB.

Can i pass a session data from a aspx page to a php page?

I need to add in a survey form to an old asp.net application. I tried using creating another asp.net application but the server doesn't allow.
the survey form will get the user's particulars from a database, after everything is filled up and validation is done, a submit will create an excel spreadsheet, send a email to the user and update the database.
However the web server is not running the page of the new application, error says that a virtual directory is not created for the application and i do not have the access to the IIS manager, i only have the ftp access.
I am thinking of using php to do the job instead. My plan is to pass the session("userid") of the apsx page and call a response.redirect(survey.php). From there the php must know which user had done the survey, so i need to pass a session variable from aspx to php so that i only who is doing the survey.
Is this method possible? If so, how can i pass that session variable?
This seems like a hacky solution. If you are modifying the ASPX to do the response.Redirect, surely you and put your logic there instead of creating a PHP solution alongside?
If you really want to do this (which I don't recommend), just pass it in the QueryString.
response.redirect("survey.php?userid=" + Session["UserId"]).
You could store the session information in the database, to be shared, which would avoid showing the values in the querystring (unless you encrypted it). ASP.Net has a SQLServer mode for session which you might be able to use by querying the DB from PHP. Otherwise just a custom table with the usual expiry date, user id etc. could work.

How do I save specific responses from webservers in my local computer

I have been asked to write to save the data in some secure place after certain task is completed by a client.
Here my client has alot of staffs who makes data entry in online forms provided by some different vendors. After some steps the entered data generates some results. i.e after submitting the web form. Now he wants the generated results to be saved either in local computer or in some online server.
Can it be done by:
1.) Creating a local web server which sits in between the users and the online main third party server and record all the generated results?
2.) Creating a browser extension [m thinking about firefox] and forcing users to navigate via the specific browser and record all the generated results?
**I am pretty sure that second method can work as firebug is doing that only need to add some functionality to save the data.
any idea will be appreciated.
Sorry for mis-leading guys. To make more clear here are some more explanation.
a.) I am writing application to one of my client who has many staffs who enters data in abc.com website.
b.) User submits the data to abc.com.
c.) the website abc.com produces or generates some result as per input data and sends back to user.
d.) Now I need a system which will be inbetween the staffs/user and abc.com website and track the responses of abc.com and save it to some location automatically.
e.) Currently the data entry user will manually save the result to his local computer and if he/she forgets to save then we miss the result so want to do it automatically so that we wont be missing any single result.
A local webserver wouldn't really help so much because of crossdomain issues, unless you wanna go with something as JSONP. In that case, you might wanna use a signed java applet, which (assuming the user accepts the certificate) has any access an installed Java app would have, so it could potentially bind a port and server as HTTP server (I'm not sure how well this works on linux or unix).
Another idea would be to use Flash's local shared objects. Depends on how much data you want to save. You may need to make the Flash visible, so the user can see the dialog for allowing the data to be saved. You can communicate from JavaScript to Flash using ExternalInterface.
Yet the most simple thing is to give the user a permanent cookie, and save the data associated with that cookie on a web server.
greetz
back2dos
Take a look at HTML5 local storage if you don't need a lot of data to be stored or you can use local databases, see http://blog.darkcrimson.com/2010/05/local-databases/ .
You can also sync it with a server once the client is online again..

Categories