I am looking for a solution for my project but I don't know if I chose a correct title for my question, so I should apologise everybody if it doesn't seem relevant somehow.
I have an application written by PHP which is like this: http://app.mysite.com.
What is happening in this app is that customers come and open an account for themselves. They will use this application to get in touch with their own clients in this way that they register their clients in this application and they can communicate with them. So it is somehow important that after their signup for the service, their company's name be shown in the address bar like this: http://TheirFrimName.mysite.com so their clients can identify that they are connecting to the correct path.
What I am looking for is to find a solution that I have only my application under app.mysite.com and when a client signs up, it creates a subdomain with their firm's name and then it redirects to my application path, but the address in address bar should remain with their subdomain address like TheirFirmName.mysite.com.
I don't want to stick to this idea, so if somebody has a better solution I appreciate if they want to share with me, otherwise, I humbly ask people who know how to perform what is in my mind.
Related
I'm currently working on ways to restrict access to the company's website. Depending on the user that is logging in, and where the user is trying to login, the site should not open. For example, there is a user-role here that should only access the site from within the company.
The method I'm using to validate the user is check the his/hers public IP address against a table of previously allowed IP adressess, but since this IP address is dynamic, every single time it changes I have to manually allow it again. I'm looking for other ways to detect if the user is within the company, so I can allow it to proceed with the login, but I'm out of ideas.
I've thought about checking if the user is within the company's network, but I don't know if I can do that in PHP. I've also thought about looking for the IP range, but my knowledge about it is quite limited, so I don't believe I can come
with a reliable solution based on this.
What else can I do about this?
The site is currently running Symfony 4 and is hosted on Azure, if that matters.
As it turns out, most of options that I've found where either out of question because of some requirements that I can't meet of beacuse they don't apply to my situation here.
We did found one solution here: since we have two dedicated internet links, we've routed all outgoing traffic to our website to one of those links. Since they're dedicated and have static IP addresses, all we had to do was add a rule to allow the link's IP.
Problem solved.
Wondering if someone can provide some direction.
I'm creating a Wordpress plugin that will be publicly available (free). The plugin is meant to allow bloggers to include a definition widget using bootstrap's data-toggle.
Since I don't want people stealing the content without attribution, the hyperlink will be pulled out from a private API.
Here's how I think this should flow, but I know that there are things that are inefficient:
Create a private API that houses all of the data. It might be as 3
branches of data:
id -- name -- definition
Have the plugin authenticate somehow with the server
Plugin creates a shortcode in Wordpress ie. [define="term"]anchor[/define]
When the shortcode is called, it pings the server and stores something locally in their sql db.
Additional Notes/Concerns
I understand that there is nothing such as being hack-free or altered free. But I want to get as close as possible.
A couple exploits I can see happening is if people change the cached info in the SQL DB. Is there a way to potentially kill the data-toggle content if this happens?
Also, I don't want people to be able to create their own calls to our API creating their own programs. That's not the intended use of this.
I apologize if my thoughts seem cluttered, but I can't seem to figure out a solid workflow in where I should get started with this.
If anyone can help bring clarity, I would greatly appreciate it.
I would be inclined to do the following:
Give every user a unique API token or other credentials
Link every token to a single IP address and reject any requests where the token doesn't match the IP address.
That way if you become aware of someone misusing the content you need only delete their token to prevent access, and can be reasonably sure that it's not being used on another server. Users can enter the API credentials in the plugin admin.
I think OAuth2 will probably be the way to go to authenticate clients - it's made for granting access to client applications and there are plenty of implementations available. You'd need to add the ability to verify that the user matches the IP, but that shouldn't be difficult.
Sorry if the question will seem little fuzzy and you will be tempted to down-vote it as soon as you read it. I am far from being an expert in system administration but I will try to explain the problem as clearly as I can.
I need to create a website where users can have profiles and attach an external domain to their profile page on this site. Let's say we have a site:
myresume.com
User will register and create a profile and his url will look like:
myresume.com/username
The feature I need to add should enable user to point his domain to his profile url.
Is it possible via php as my whole application will be written in laravel 5.2?
I will probably need to have my nameservers or just give user the IP address which he needs to point his domain to but then I will need to fetch the domain from my side somehow and point it to the url (myresume.com/username). How can it be done?
If someone could give an explanation how it is done or at least point where to search for an answer it would be amazing. Thanks.
You need to know how Apache NGINX works.
You need to know what $_SERVER['HOST'] is.
Logic to implement this.
This is how you will do it:
Host your app on a VPS / dedicated where your app is the 'default' with no other VirtualHost.
On your index.php file, define URL. If URL is set, let your Laravel's route choose which profile_id is matched with URL and then redirect the user to that URL or render the output.
Simple?
I have a hybrid WordPress plugin that fetches all data using curl from the main server. Let's call it A.
B is the client that requests for data and also can send data to A.
Now every request is encrypted and authenticated using a API access keys.
But the problem here is if I copy the plugin from B to a new client site C, the moment I use the same access keys etc. the plugin starts working.
I want to be able to restrict the access of one API access key to one domain name. How can I attain that?
I'd say to include the allowed host's IP address (B) in your access key administration.
So: when B does a call, you can validate the key and the IP it's calling from.
On A, you can use something like $_SERVER['REMOTE_ADDR'] to test the IP calling the script.
Two downsides: when sites move servers, the plugin will stop working. And of course, people can still spoof their IP, so there is a way to get around this, but at least you make it a lot more complicated and probably not worth the hassle for most cases.
A suggestion by TJHX
Make it part of the license you give your customers. The honest ones will follow it, the dishonest ones will find a way to break your DRM. This is a problem technology can't really solve confidently, especially when with things like wordpress people can just see your code - By TJHX
I have also looked into a lot of options but the mere fact is that the user always has access to the code in the wordpress plugin and can easily make amendments to the CURL request Headers even if you encrypt it.
All we can do it add it in our Licenses.
In my plugin, there are iframes that will be loading the data on the frontend so I am going to accept the domain name when the user buys the plugin and will check the referrers to my iframe to sort this issue out.
Thanks a lot guys for your help.
I'm designing a simple web app for some elderly family members, 1 of whom has Alzheimer's. The end goal is to provide them each with a tablet (probably Android but irrelevant for this problem) that would be stripped down to ideally 1 bookmark on the home screen which opens my web app.
What I am looking for are ideas on how to identify the user without the conventional username/password methods. With their condition I know that remembering an username is going to be almost impossible, let alone a password. Ideally I would recognize the device and relate that to a specific user.
There will be other users on the app that access it through normal methods (username+password on PC/mobile/tablet), which I'm handling with Zend_Auth. It's just these 2 users who I am concerned about identifying.
Security isn't a huge concern as the data will not be sensitive in any way, but I still need to differentiate between users.
I am building this in php with Zend Framework. I'm really looking for more ideas than specific code, although anything based in php or javascript would be great. Any ideas or suggestions would be greatly appreciated. Thanks for your help
These advice are only valuable if security is not an issue :
On the bookmarks page, insert a token in the link, which you will use to authenticate the users.
if you can, check in the background for IP/user agent (if there is only one device that needs this simplified auth process, and assuming it's connection uses a fixed IP address)
And a simple idea if you have multiple users using the same device :
on your bookmark page, put a picture of each user
make it clickable, with the token discussed above in the href of the link.
That's simple to implement and easy to remember.
Hope that helps !