I want to be able to serve up box.com documents to users on my password protected web site. I want to to develop a little php program that will accept a box.com share link, and using the box.com api and a OAUTH 2.0 token, retrieve the file from box.com, and then send it to my users.
Is this the best way to do this? There really isn't the need for an OAuth flow, as I am accessing my own files on box.com, I just want to make sure that my users are logged in.
I also don't want to simply share my box.com files to the whole internet.
My question: Is there a way to access a document on box.com via the api using the box share link. What I mean is that the share link looks like: https:/...domain.box.com/xxxxxxxxxx
Can I someone use the xxxxxxxxx as an ID to get/files/fileid/content api call?
Is there a way to search for a document by its share link?
I want to use the share link, because non-technical people will be generating contact, and I'm concerned that they will have trouble getting the FILEID of the box.com files.
The Box documentation answers your question:
Create a shared link for a file:
https://developers.box.com/docs/#files-create-a-shared-link-for-a-file
Anyway, I'm working on a Box Php Sdk, I hope it helps you: https://github.com/adammbalogh/box-php-sdk
Related
I research about encryption/decryption mechanism & found many solutions like AES Encryption/Decryption. But, I want to secure my video just like videos secured in Hotstar, IMDB, Amazon Prime etc. For this I got a solution related to DRM mechanism. I understood its working process but, how it will be integrated from php side & connect it with mobile apps. Is there any other way to achieve security like apps that are mentioned above.
This is not an encryption question.
It's an authorization question.
I suggest using some login mechanism. like wordpress/drupal have.
The first user will share the video to his friend (his friend email address)
The friend gets an invitation email, to register an account and watch the video.
The friend, register with the account, and logs in.
in the page "Videos shared with me" he can see videos that the original sharer, shared with this particular e-mail address. (this information comes from some database)
Now for the streaming part,
make sure that the folder you hold the videos is not accessible from the internet. (some other folder, higher than public_html or use .htaccess on a private folder to restrict access directly.)
when viewing the page "Videos shared with me" generate a link to the video that goes to your PHP controller. something like www.mywebsite.com/watchvideo/620
when someone asks this video, you check if this person is logged in, and his account has access to this video again. if so, stream the video with the php buffer. learn more about: php output buffering and stream the video using readfile
If you find this answer helpful, consider to accept it.
Okay, So I have a client that wants their wordpress site to only require user to use their email to login. They instead want the site read through a google spreadsheet of all the users. Then if the users email is found in the spreadsheet it allows the user to login.
Before people start screaming, I know its extremely bad from a security stand point, we've told them this. They don't care.
So my question is, has anyone one done this or something similar in the past. How did you do it.
And how would say is the best way to go about doing this. So far I have thought of a few ways to do it.
Secretly embed the doc on a hidden web page then access it.
Some how just access it using APIs
Maybe using google forms as the email entry, and some how use that to search the google docs.
Any ideas or helps, is appreciated greatly. Thank you.
Logging in via an email address is easy, there are already plugins to do it. https://wordpress.org/plugins/wp-email-login/
There is also a plugin for external authentication. Don't know if it does it from a spreadsheet, though you may have a way to sync the spreadsheet to an external DB (via an API perhaps):
https://wordpress.org/plugins/external-db-auth-reloaded/
Would you need the logged in user to have any user-specific account info? Could you get by with allowing each logged in user to essentially be using the same single account in WordPress?
I could see a solution where you hook into wp_authenticate() https://codex.wordpress.org/Plugin_API/Action_Reference/wp_authenticate
And in your hook function call, run out to Google Spreadsheet via their API and see if that email address is found in the list. If so, log them into WP using a preset, single account that's meant to be used for all such users.
Here's some basic info for reading from a Google Sheet via their API:
https://developers.google.com/sheets/samples/reading
.>< as the title
I want to build a application that can let anyone create the album and upload photos in it on my own page.
But I completely seek in the fb's develop document, it doesn't have the api to let anyone create it if you are't the page owner.
so I think maybe I can use php curl auto login my acconunt and then use my account to create and uplaod.
But in this case I use curl login my account ,is it safe?
or who can tell me the best solution?
thank you >M< plz bear me If my description or English grammar is awful.
Technically you can use PHP to authenticate your account and have your web app act as you, but doing this is actually a violation of Facebook's Developer Agreement. If you do this, you will certainly need to be very careful not to let users see your password or user id.
My best advice is to not put them in your PHP scripts. Instead place them in an encrypted file outside of your web directory. The file should be encrypted with one of the symetric encryption methods in the phpseclib. (http://phpseclib.sourceforge.net/)
The key you are using should also be in a file that is stored outside of your web directory.
I am writing a PHP script which is supposed to pull some data from a google drive spreadsheet. Now, important thing here is that we're talking about one specific spreadsheet, which is on one exact google account. This data needs to be displayed on a site. That means that when a user visits this site, he/she should not need to login/authenticate or anything like this, because the spreadsheet being accessed is stored on one specific google drive account.
How do I pull this one? All I see online are examples where users login to their own account, viewing their own files which I don't need.
Thanks!
All Drive access requires authentication. The only way I can think around it is to publish the spreadsheet using File/Publish to the web. You app can access the data using the published URL without authentication.
Hello I am looking to build a basic API and application/apps system on my social network something like Facebook or other sites have, my site is in php/mysql. Here are some questions.
1)
Basically what I want to do is give a user a API key and secret. After I have these how can I use them in my php app to authenticate a user request which would come from there server?
2)
I can basically build an API to send a request to my server with CURL and get the result back to the page in XML or JSON or whatever, the problem is when sending the request the user would have to know the user ID they want to send to lookup data against, this is fine for an API but I am wanting to have an Apps section where the user's app site would be using the API and would be loaded into my site in the app section with an iframe, the problem is, I need to find a good way to make it where a logged in user on my site can go to the app section and go to an app and there username should be available to that page loaded in the iframe. Facebook and myspace do this somehow and many other sites; I am lost how to get around this hurdle.
Any help on any of this is really appreciated, thank you
Update:
I just had an idea, if I require a cookie to be set when a user visit's my site, then they would have a cookie and it could hold there User ID, then my API script could look for that cookie to exist and grab it's value?
If you plane on using an IFRAME, then no, your API hosted on a separate website (the website inside the IFRAME) would not be able to grab the cookie. The cookie is only visible on the website that it was set for.
I have only used Facebook API with the FBML (not the IFRAME,) but all they do their is basically replace what's in the page with the info that the "tag" is calling. I'm not sure if there is a better way, but you could possibly call a page on the app's server (say the app is hosted at http://example.com/app/, and you called http://example.com/app/?id=28318&name=John%20Maguire,) and have your API code handle it and turn it into a variable?
Maybe you should look into the source code of the Facebook API client.