Approving information prior to storing in database? - php

I am developing a web-based iPhone app and possibly a PC friendly website version as well. The goal here to to allow users to submit a form where specific input values would be stored into a table in the database.
Mind you this information is being gathered for public display and will be posted onto a calendar or list.
However, to prevent from any trolling or spamming, I'd like to make it where submissions have to be approved prior to being submitted into the table.
I have no problem with creating the table, connecting to the database, storing input values into the corresponding table columns. The only issue is how would I go about setting up an approval system? Can I add information to a table via email? Is there a way to approve admissions in cPanel?
This is something that I would like make as smooth as possible, I am expecting a lot of submissions daily with quite a bit of information.

You can have two approaches for this.
Approach 1
Have two copies of the table (which you want to save information
into). The first one should be named tableName_Input. The second one
should be tableName_Final.
Any Data in '_input' is considered raw and needs approval. Once approved the data will be moved into '_final'. The LIVE list/calendar always read from '_final' data.
Approach 2
Have a column named 'isApproved' with a flag 0/1. If 1 it is approved, else it is not. Only show data that is Approved.
Now, how do you get the data approved ?
You have a hard fast rule like spam filter that tells certain post is valid and approved by default
After every post, you send the user an email or some notification (unique to the user - post) that when answered back, shall mark it as approved.
Optional: You can place a column called as 'approval comments' to fill in something at the time of approval.
Flow chart
Tables
'FirstSubmitContent' - Table to store user submitted information
prior to approval.
'FinalSubmitContent' - Table that stores the final information
Code Pages
Content Page --> Contains the form the user fills the content
ContentActionPage --> Calls the controller --> calls the Model
Controller --> calls the model based on page action
Model --> Interacts with the Database table
I do not have any tools at my disposable now to write more detailed Code or Flowchart. I hope this puts in the right direction.

Validate the form on submission and save info in a temporary table in your DB with a randomly assigned activation code (you could use sha1). Then send an email to user with activation code and a link to verify it, ie. domain.com/activate.php?code=abcde12345.
The activation page can be very simple with just a $_GET['code']. Then check if you find a match in the DB for that code and finally prepare your query with all the info you gathered before to store it permanently.
Then you can make a cron job to delete all records from that table every 24-48 hours so users will have to activate within that time range.

Related

What kind of plugin should I use to make a whole page for one user only?

I try to make a website with multiple users of the same role on Wordpress. That may be "Informational system of hotel rooms". Every user should have an access to login page and the page for registration. But after the process of logging in the user should get own private page. In this page the subscriber should get the opportunity to review and edit the database table. But there's no exception of the fact that despite the whole list of database tables is the same by own quantity and structure of each of them, the data stored in those tables should be unique.
The uniqueness of data witnesses that I need to create a private page for every user, save for administrator. It must be private page, not post, because I'll use php snippet and html code for displaying the table with unique data.
So the question is: What kind of plugin should I use to make a whole page for one user only?

Create a way to "tag" people in PHP messsage system

I'm building a simple web app with PHP and Mysql. One of it's features is a page where all of the users can exchange messages with a textarea inside a form.
On the side of the textarea, i have a div with the pictures of all registed users. When writing a message, you can click on one the users' image and the name of the user will be written in the textarea.
How can i do a "tag" system in PHP so that when a user uses this feature and "tags" someone in a message, it will look for that name in a mySql table and then send a notification for a user?
I'm not asking for an answer with all the specific code to achieve this, just logic guidelines on how to do this.
Thanks in advance!!
I would create a new database table of tags/notifications with at a minimum the User ID of the recipient, message, sent timestamp and read timestamp.
Have your script check this table and show notifications matching that user ID with no read timestamp. Once the user clicks the notification, you can insert the read timestamp in to the row to hide it.
To keep the database tidy, you could create an extra script perhaps a cron to clear all read notifications after a week. :)

Let admin confirm database change

Our Symfony application makes use of Doctrine, in combination with the EntityAuditBundle to keep track of database changes. This works great for past revisions, the bundle almost exactly tells us what changes has been made.
The next problem is future database changes. Our customers are not able to change their user details, because we need to manually confirm those. Think of the following changes:
bank account number
email address
image of passport
Question: What is the best mechanism to let admins first review proposed database changes? The admin should be able to accept or decline the change.
Subquestion: Will this also work on Doctrine OneToMany and ManyToMany relationships?
For an app that I just finished, I had an Audit table set up - then info was sent in an email to a list of 3 admin emails through their outlook server, and I generated a link for a quick review with an "accept" and a "decline" button. The accept triggered a stored procedure with the Audit table's ID, copied the data to the normal table, then emailed the requesting user that the table was updated... Decline - held the data in the audit table, and forced the admin to enter a note which was emailed to the requesting user. There were only 2-5 requests a day and it was from employees (connected internally, so you could trust the requests more than promiscuous app data). There could be a much better way - but this method worked very well for me. Also, the audit table kept ALL data - all requests, regardless of whether or not they were granted. This was used for reports.

How to secure JSON call without using a captcha

So we are building a website and created our basic information to send logins to our database. We have trouble trying to disallow requests that just plug their own data in.
E.g.
http://testing.site.com/php/interfaces/User.php?Action=1&Email=test#gmail.com&FirstName=herp%20derp
By replacing email and firstname, they are able to add multiple users to the database and potentially with a script thousands. Is there any way to prevent this without using a captcha? We are trying to be very minimal and open with the site's design so would love some input if this is possible.
One option we have considered is moving our PHP offline and only allowing our API to access it- however it still presents the problem of users adding in authorised data (and overloading our database with thousands of multiple requests)
Here is a sample option, create a table with 2 fields, one is an Auto Increment id and one is a random code, lets name them ID and CODE
When sending that request, create 1 record in that table and pass the ID and CODE along with request, when receiving the request, check if there is a record in database with that ID and CODE process the request and delete that record from database too and if there isn't that record, just ignore request ...

User Friendly Registration System

I need to build a registration system which requires the collection of large data (many fields) from the user registering which is then inserted into a couple of tables in a database.
I don't really want to display a very long form to the user for the purposes of better UX.
This system will not run online, it is just a web app to run on the desktop.
I need help, pointers, references, etc on how I can better organize the registration process to make it more user friendly.
This How to encourage a user to fill in long application forms? has been helpful so far
As long as you don't mind requiring your user has Javascript, I would use AJAX. Let's say that you have 50 fields that you can logically combine into 4 different sets - the first may be about the person asking for name, email, etc., while the next set asks for historical information or employment information - like on an application.
Make one form for each set, and then present a new user with the first. When he completes the first page, instead of a "Submit" or "Register" button, use an AJAX call and a "Next" button to get the info and switch to the next page of the form with the next set of fields. You could use the AJAX calls to hold the information in a temp table in your database, and then, once the entire process is complete, you can write it to your member/users table.
You could do like other surveys or checkouts do and add a "title" for each page of the form above the form fields so that as a user moves through registration, they can monitor their own progress.
I'd recommend checking out the Amazon checkout, or really any multi-page survey (you may even be able to set one up yourself on Survey Monkey) to see how a large number of form fields can be broken down logically in a user friendly way.
Hope it helps.
Check out this link: http://www.smashingmagazine.com/2011/05/05/innovative-techniques-to-simplify-signups-and-logins/
It's talking about login- and registration-forms and how to make them more user-friendly. A suggestion which is also included in this article is as follows:
At registration don't ask the user to many questions. Only the basic data like their name for example. Then ask him about more detailed data when the user logs in the first time. This way the registration won't take too long.
Maybe this helps you out :)

Categories