When a user request a password reset, we send an email with a reset link shortened by Google URL Shortener.
Problem is, the link is being visited before / without the user clicking it. How can I prevent this?
// Google Shorten URL code.
$googer = new GoogleURLAPI($key);
$short_url = $googer->shorten($short_url);
return $short_url;`
You can't. Google will fetch the link to get information (such as the title) from it as part of the shortening service.
Just send a regular link like everyone else. You don't need it to be pasted into Twitter (where there is a message length limit) or posted on a billboard (where people have to type it).
I had the same problem and actually checking the HTTP referee doesn't help as in this case it doesn't display GoogleBot. I guess the machine checking the URL is really not the google bot used for crawling.
The only way i found to detect that it is google which is visiting the URL is by checking the IP address hostname and looking for google name in it.
Such as executing host 66.249.88.231 in a shell.
If you really need this solution, you could try to detect the Google Bot visiting your reset page.
It should send a specific user agent.
Related
I'm doing a soap request to an external API using Laravel & Guzzle. All other calls have succeeded to get the actual response but for the redirecting user to the external page has failed because the external API web service only allows my server IP to access that page.
I have tried:
windows.location (javascript)
location header (PHP)
return redirect URL (PHP)
This is their documentation on how to redirect in VB language :
redirection code in VB
All of these methods only use the browser redirection which is using user IP not the server IP.
Any method that I can use to redirect user using my server IP that you guys can recommend?
Thanks in advance.
Extra context/information:
Example screenshot for the fourth call which include get the quotation number and generate the url parameter
That is the code for VB that they provided in API documentation. So why I want to bring the user to the page? It is because when the GetQuotation (fourth call) is already submitted to their database and it will return QuoNo that will be used in the URL parameter. When the user gets redirected to the external page with parameter QuoNo=12412194149124, their backend will query for the quotation details that the user fills in my side (mydomain.com/form) and auto filled it on their side (otherdomain.com/form).
If you see from the screenshot, the System.Diagnostics.Process.Start will execute the url once the Quotation number (QuoNo) is generated. So once the user click on the 'buy now' button on our end (mydomain.com/form), it will call the fourth call (GetQuotation guzzle function) and generate a Quotation Number (QuoNo) then it will be populated in http://otherdomain.com/main.a5w?tokenid=wm-9Kj-14e-Fa4-I1adlXrQ00weqwe3S&QuoNo=QUO022348921312301623. Based on what my understanding on VB code, System.Diagnostics.Process.Start will force the url to be opened.
I'm sorry if it's still lacked of info given. Feel free to ask more. Thank you
What you want can not be achieved sadly. The only thing you can do with the redirect is tell the browser where to go, you have no control over the IP here since this would pose all kinds of issues regarding security and identification. The only way to achieve what you want is to wrap the html of the resulting webpage in your website or remove the restriction of the ip addresses. Another solution could be to build a simple page which is accessible to everyone and limit the API routes to specific IP addresses. For example:
Let's assume the payment gateway is at: example.com/checkout, this one would be accessible to everyone and would contain a form to which you can perform the redirect and fill this form with the passed data.
This form would then post the information to example.com/api/v1/checkout which will process your form data and return if the transaction was succesful. Based on this return the user will be redirected to another page. This is assuming you have control over the other domain since only with your server IP you can access this site.
If this is not the case there is no other way than to post the data to an endpoint via guzzle and use these return values to provide feedback to the user.
I hope this answers your question, if anything is unclear please let me know.
I've seen similar Questions like this before but don't understand the correct way of doing it. Or rather the questions were always a little different.
The scenario: I have a site where the user should log in via twitch.tv
I have a button which refers him to this url
https://api.twitch.tv/kraken/oauth2/authorize?response_type=code
&client_id=exampleclientid
&redirect_uri=http://example.com
&scope=user_read
I have censored redirect_uri and the client_id but basicly on this site the user needs to login into twitch or if he already is he can authorize that my application gets acess to "scope" here in this case "user_read" which is his email adress.
Now to my problem. When returning to my site my url will look like this
example.com/#access_token=exampleacesstoken&scope=user_read
example acess token is just a combination of numbers and letters which I need to acess private information like his email even his username.
Over this url
https://api.twitch.tv/kraken?oauth_token=exampletoken
I get acess to my needed information, but how do I grab the token from my url via php and delete everything after http://example.com to make it look good again.
The offical API documentation might be helpful and talks about CURL but I don't understand how it works and the PHP manual is very indepth.
https://github.com/justintv/Twitch-API
Sorry if I'm taking the lazy way here, but I think I'm missunderstanding something big because I just have to make a simple grab of the URL
From the Twitch documentation:
https://github.com/justintv/Twitch-API/blob/master/authentication.md#implicit-grant-flow
If the user authorizes your application, they will be redirected to
the following URL:
https://[your registered redirect URI]/#access_token=[an access
token]&scope=[authorized scopes]
Note that the access token is in the
URL fragment, not the query string, so it won't show up in HTTP
requests to your server. URL fragments can be accessed from JavaScript
with document.location.hash.
How do i detect a user visiting from the google ad link. And if the user is from google url i need to perform some php function.
function google_ad(){
blahblah
}
One option is to try to check $_SERVER['HTTP_REFERER']. But some browsers may not send it.
Another option is just to add some GET param to your URL when you register it at Google (http://yourdomain.com?ga=1).
can you please used this code :
<?php
if($_SERVER["HTTP_REFERER"]=="url") {
// Some Code
}
?>
$_SERVER["HTTP_REFERER"]
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Check On PHP Website
If it's for analysis purposes, you can use Goole Analytics and Google Webmaster Tools.
They both complement each other, and do pretty much want you want to accomplish with your script
I am developing one application in php zend with sql server 2008, jquery and ajax.
I need to send an email with my webpage link to a specific client and need to get feedback from him.
I can send one email containing that link it it to that client.
But i need to do some security to this :
If the user click on the email link than only he should be able to see the webpage. Means if he copy the link and paste it to the browser than he should not be able to see the webpage.
If the client forward the email to someone else than also the other person should not be able to see the webpage.
Means only the person should be able to see the webpage through the link only.
How can i check the recipient email address in email and send it to the webpage as a query string or something ?
Or is there any way to do this ?
can anyone help me to achieve this ?
not possible, you can force client to log in, but he can also pass his credentials as well. You cannot hide any link in email that cannot be copied.
This is not possible.
If you really need to secure the website from your client you might want to build some kind of token system. The client calls you for a token which is only valid for a limited time and has to enter it to view your site.
I am trying to implement a website which among other things, let users invite other users to specific pages. Unfortunately the link address of those pages are fairly long, and often cross the 70 characters limit. SO when I add them to the mail, even if I start a new line before the link, still the link address is cut halfway, and then the email client (gmail, for example) assumes the link ends at the end of the line. SO when the user clicks on the link, they experience it as broken.
I am coding all this in PHP, but the problem seem to be general.
What is the standard solution to this problem?
Place the URL in <> brackets. Most mail clients will parse the URL correctly and make it clickable, even when wrapped.
<http://www.somereallylongdomain.com/somereallylongdirectory/somereallylongfilename.html>
You could use a URL shortener to redirect to the longer links. Bit.ly has an API with which your code can interface for this purpose.
I don't know if there are better solutions, but you can implement a url shortener with http://yourls.org/ or with other tools...
Create your own URL shortening solution. There are several ways you can go, depending on the complexity of your requirements:
if you're using only a few selected urls which are always repeating, use apache rewrite
if the url is user specific or changes in other ways from case to case, use a database table that stores a short url and the original url
if you don't want or can't implement your own solution, use an existing url shortening service via an API, but make sure not to expose security relevant information