I am developing one application in php zend with sql server 2008, jquery and ajax.
I need to send an email with my webpage link to a specific client and need to get feedback from him.
I can send one email containing that link it it to that client.
But i need to do some security to this :
If the user click on the email link than only he should be able to see the webpage. Means if he copy the link and paste it to the browser than he should not be able to see the webpage.
If the client forward the email to someone else than also the other person should not be able to see the webpage.
Means only the person should be able to see the webpage through the link only.
How can i check the recipient email address in email and send it to the webpage as a query string or something ?
Or is there any way to do this ?
can anyone help me to achieve this ?
not possible, you can force client to log in, but he can also pass his credentials as well. You cannot hide any link in email that cannot be copied.
This is not possible.
If you really need to secure the website from your client you might want to build some kind of token system. The client calls you for a token which is only valid for a limited time and has to enter it to view your site.
Related
I'm doing a soap request to an external API using Laravel & Guzzle. All other calls have succeeded to get the actual response but for the redirecting user to the external page has failed because the external API web service only allows my server IP to access that page.
I have tried:
windows.location (javascript)
location header (PHP)
return redirect URL (PHP)
This is their documentation on how to redirect in VB language :
redirection code in VB
All of these methods only use the browser redirection which is using user IP not the server IP.
Any method that I can use to redirect user using my server IP that you guys can recommend?
Thanks in advance.
Extra context/information:
Example screenshot for the fourth call which include get the quotation number and generate the url parameter
That is the code for VB that they provided in API documentation. So why I want to bring the user to the page? It is because when the GetQuotation (fourth call) is already submitted to their database and it will return QuoNo that will be used in the URL parameter. When the user gets redirected to the external page with parameter QuoNo=12412194149124, their backend will query for the quotation details that the user fills in my side (mydomain.com/form) and auto filled it on their side (otherdomain.com/form).
If you see from the screenshot, the System.Diagnostics.Process.Start will execute the url once the Quotation number (QuoNo) is generated. So once the user click on the 'buy now' button on our end (mydomain.com/form), it will call the fourth call (GetQuotation guzzle function) and generate a Quotation Number (QuoNo) then it will be populated in http://otherdomain.com/main.a5w?tokenid=wm-9Kj-14e-Fa4-I1adlXrQ00weqwe3S&QuoNo=QUO022348921312301623. Based on what my understanding on VB code, System.Diagnostics.Process.Start will force the url to be opened.
I'm sorry if it's still lacked of info given. Feel free to ask more. Thank you
What you want can not be achieved sadly. The only thing you can do with the redirect is tell the browser where to go, you have no control over the IP here since this would pose all kinds of issues regarding security and identification. The only way to achieve what you want is to wrap the html of the resulting webpage in your website or remove the restriction of the ip addresses. Another solution could be to build a simple page which is accessible to everyone and limit the API routes to specific IP addresses. For example:
Let's assume the payment gateway is at: example.com/checkout, this one would be accessible to everyone and would contain a form to which you can perform the redirect and fill this form with the passed data.
This form would then post the information to example.com/api/v1/checkout which will process your form data and return if the transaction was succesful. Based on this return the user will be redirected to another page. This is assuming you have control over the other domain since only with your server IP you can access this site.
If this is not the case there is no other way than to post the data to an endpoint via guzzle and use these return values to provide feedback to the user.
I hope this answers your question, if anything is unclear please let me know.
Heyhou!
I have tried to figure this out long time already, but no luck so far.
I have Wordpress site with mailchimp email form, so users are able to join my email list. The problem is:
-When user join the list, Mailchimp send automatically the confirmation email. I have edited it already to meet my requirements, but I need one more thing. I need to place URL where the joined user can download my free file, that URL needs to be one time url and it would redirect to my site where s/he can download the file.
Soooo, which way would be a best way to do that ? The main point is here that nobody can't start share the download link or page so users could download the file without to join my list. Poor English, hope you got the picture.
I'm web developer / PHP programmer, so plug in is not a must, (of course if you know one, let me know) I can make this by myself, but I need your help to solve the logic, how this would be done.
If I just place my website's download link in the Mailchimp confirmation email, there isn't anything which protect file. I need to somehow to crush the link after user is downloaded the file. BUT no manual changes in Mailchimp confirmation email.
There might be some super easy solution for this or not, anyway I'm stuck.
Thank ya!
I have used mailchimp previously and found the only way to push some data into an email, for this example a dynamic URL with a special access code is to set it as an extra bit of data on the users profile via the API.
http://developer.mailchimp.com/documentation/mailchimp/guides/manage-subscribers-with-the-mailchimp-api/
From when I last used Mailchimp you get 30 fields of custom data you can set on each user.
Hope that helps.
When a user request a password reset, we send an email with a reset link shortened by Google URL Shortener.
Problem is, the link is being visited before / without the user clicking it. How can I prevent this?
// Google Shorten URL code.
$googer = new GoogleURLAPI($key);
$short_url = $googer->shorten($short_url);
return $short_url;`
You can't. Google will fetch the link to get information (such as the title) from it as part of the shortening service.
Just send a regular link like everyone else. You don't need it to be pasted into Twitter (where there is a message length limit) or posted on a billboard (where people have to type it).
I had the same problem and actually checking the HTTP referee doesn't help as in this case it doesn't display GoogleBot. I guess the machine checking the URL is really not the google bot used for crawling.
The only way i found to detect that it is google which is visiting the URL is by checking the IP address hostname and looking for google name in it.
Such as executing host 66.249.88.231 in a shell.
If you really need this solution, you could try to detect the Google Bot visiting your reset page.
It should send a specific user agent.
I have the gmail login credintals. Is it possible to login automatically to Gmail if we pass the username and password through url or by CURL.
I need to be login into gmail account before run my some php code.
Is there any php function or script that run first by passing gmail username and password and make login into browser.
can you provide a complete php code for login into gmail account just by passing username and password.
I am working on google trends. I need to be get csv file of google trends.
I have function that generate the google trend url for particular key word.
when I manually login into gmail account below link allow me to download csv file.
http://www.google.com/trends/trendsReport?hl=en-US&q=search,&geo=US&date=today 7-d&gprop=&cmpt=q&content=1&export=1
If your login into gmail account and click on above link, will allow you to download report.csv file.
I need this csv file to be download into my project directory, say into upload folder.
So, basically I need, one script that login me into gmail account and one script that allow to download report.csv file into upload directory.
If any one has solution for above problem, please provide a solution here.
I don't know about schemas as linked by Dainis; however, briefly looking through the website I don't know that I would be confident that would work.
I' feel you might be looking in the wrong direction. If all you are trying to do is automate something from the browser side, use JavaScript. You can create a bookmarklet that will fill out a Google login form and then automatically go to a URL to download a CSV. I'd imagine most if not all of what you are trying to do can be done using JavaScript and if not, you can use JavaScript to automate authentication and then load a PHP page with the rest of the code.
If you insist on using PHP Try checking this question out and good luck:
PHP script to automate login and form submit
I want to build a PHP page and ask people to share my link through WhatsApp.
If user clicks my link through whatsapp, they will be able to see the page content.
If user clicks my link through LINE or Facebook Messenger or something else, they won't be able to see the page content.
Is it possible to do that?
It's quite tricky ! I did in my whatsapp bot application. ! It's quite tough but still one hope ! You can find whatsapp server ip from the android application code. 1st off all decode the whatsapp android application (current version) using dex2jar and apktool. (apktool is not necessary). dex2jar will produce the .jar file of application. Open jar file by any jar-viewers and find server details in the code. (Lengthy Process)
After knowing that just create a function in your php script to get redirected URL details. either using curl or header.
Note: I didn't test it on iPhone / BB / Symbian devices. I am not sure about the efficiency of this trick ! You can give a try !