I have a couple of questions. I hope people can give me a good view because I am stuck at the moment.
It's a year since I started developing so please bear with me.
How can I get data from a website that I don't own to my application?
I have done some database parsing before but that's all from my own website. I see people use different library's (HPPL for example).
But what if the website requires users to login? And besides does that work on HTML only? What about if it's a PHP based site?
Should I get the external data directly on the iPhone when opening the app or should I use a middle-man approach (server between external website and app that handles the info)?
3) What is the best way to save login information so that a user doesn't have to fill in every time he opens the app?
I am a bit confused about all the stuff so maybe you can clear things up.
The question is extremely broad; so you will get pretty general answers.
Essentially, you are asking how to consume a web service. For that question, I'd recommend one of several tutorials online, like this one. There are others. That should give you a start.
You should understand the Cocoa URL loading system. The documentation is very complete. You can certainly use third-party libraries for this, such as AFNetworking; but I would recommend you understand the Apple -provided frameworks first.
But what If the website has a login ?
Depends on what sort of authentication we're talking about.
And besides does that work on HTML only ? What about if it's a php based site ?
No. Should be no different.
should I get the external data directly on the iPhone when opening the app or should I use a middle-man approach (server between external website and app that handles the info)
In general, a simple design should be favored over a more complex design so long as it meets your specifications. There's probably nothing the intermediate server can do that the iPhone cannot - but we don't really know your specs.
What is the best way to save login information so that a user don't have to fill in every time he opens the app I am a bit confused about all the stuff so maybe you can clear things up...
You will want to investigate the Keychain then. See this SO question for a bunch of tutorial references.
Related
First I'll outline my problem.
What I want to do is create a site. When a client connects, every second or so a number will be broadcast by him.
This is done by everybody on the site.
So every second every client receives every other clients number.
My Solution (that isn't currently making sense)
I thought of using XMPP and an OpenFire server to do this, but I can't seem to make it work with PHP.
Finally the question
Is there a better way to solve my problem than the one I outlined? Another potocol or something?
Is there something that'll play nicely with OpenFire
I already looked at these
http://code.google.com/p/xmpphp/
https://github.com/tong/hxmpp/
and Happy new Year,
XMPP, is the most common way with dealing with notifying problems, but yet you can use a less heavy approach (Technique) to deal with your problem which is Pushlets, and for sure the previous link is not the only one. Pushlets area servlet-based mechanism where data is pushed directly from server-side to (Dynamic) HTML pages within a client-browser. This allows a web page to be periodically updated by the server.
and sure it's much lighter than XMPP.
you can also use it with Java server side like in Here, which will give you some new ideas.
anyways, if you have a web application which has a lot of users you have to think twice then. and make sure that XMPP gives you a lot of controlling features over many requests. When pushlet is good enough to do your broadcasting.
Hope that will help you.
Read this http://belski.net/archives/37-Phurple-for-PHP-5.3-and-up.html
You can make it work with PHP+XMPP using the phurple extension. It works upon libpurple which is the base for Pidgin. That will make you able to work with many other protocols as well, XMPP will already enable Facebook, Google and any other XMPP based.
So I'm trying to make my own mini CMS, and just for my knowledge once I get it good enough, and I know enough, I'd like to sell it. Now for licensing, I know there's tons of licensing scripts you can pay for, but would the following be advisable?
I'd like to plant a script hidden in my CMS where instead of checking for some sort of key, it checks if your domain is allowed to run the CMS by running it past the main CMS database. Now I have two questions.
1.) Could I encrypt the code, so if I wanted it to redirect to a page where it just says "CMS Deactivated" For example, so that people don't go through the code just ctrl-f searching for the key text?
2.) I was going to reach the domain name by doing the following, $_SERVER['SERVER_NAME']. Is that going to be a reliable way of checking the domain? IE. Will IIS pick up on it?
I'm not trying to completely extinguish cracking of the CMS, I know that is impossible.
Maybe you should consider housing the whole thing on your own servers and making the content accessible via a REST API. You can certainly restrict and control that way.
Providing a CMS with source code to any client opens you to evaluation and cleansing. Not saying there's no way, but I am saying it may be easier for you to provide the content via REST than to write perfect security. Especially if you're asking this question.
As I said in my comment, I think worring about money is irrelevant for now, but here's some information for you to learn from.
1.) I haven't found an encryption solution that works. Any will require you to install additional PHP components (and no one wants to deal with that when there are plenty of free CMS's out there). There is code obfuscation, but that's iffy at best.
2.) According to this page, that should work on IIS!
I only began learning about web development 3 weeks ago and have grasped html, css and js quite quickly and have also had some success in using php to draw values from a mySQL database that I have setup however I have a few questions if that is OK?
I am designing a website that essentially allows users to register and then login and add details to a daily log which is stored in the mySQL database. I also want a forum, content section and a shop. Obviously there is no standard open source package for this so I have been investigating how to handcode the PHP to log users in and have them logged in across all parts of the handcoded website. I initially thought I could do this using sessions but I have read that they are bad for SEO? I understand that you can disable them and use cookies but I fear this is all getting a bit over my head? Would it be easier to try and develop this in ASP.NET?
Apologies if some of this doesn't make sense but as I said I am very new to this but I am eager to learn and really serious about it so I will take any information given to me on board. Thanks for your time
This is all very possible in PHP, but what you are asking is for an explanation that requires a book. Speaking of books, there are tons of great books offering help with exactly what you need:
PHP 5 CMS Framework Development: Would teach you about many of the pieces you are trying to assemble by hand including MVC principles.
"Obviously there is no standard open source package.."
Just to name one, WordPress allows users to log in and add stuff to a daily log (it's called a blog), has content sections, and has forum and commerce plugins. Personally, I've been amazed at how customizable WordPress is!
I don't understand your comment about using cookies instead of sessions. I recommend you use the PHP $_SESSION superglobal to keep users logged in during their session.
If you have super-sensitive data in these logs, one option might be to verify that the user's IP has not changed between requests.
I see no reason why ASP.net would be preferable. Personally, I like to learn programming by opening up vim and going at it.
P.S. Be sure you are escaping data provided to you by users before writing it to your SQL database.
I am defining out specs for a live activity feed on my website. I have the backend of the data model done but the open area is the actual code development where my development team is lost on the best way to make the feeds work. Is this purely done by writing custom code or do we need to use existing frameworks to make the feeds work in real time? Some suggestions thrown to me were to use reverse AJAX for this. Some one mentioned having the client poll the server every x seconds but i dont like this because it is unwanted server traffic if there are no updates. I was also mentioned a push engine like light streamer to push from server to browser.
So in the end: What is the way to go? Is it code related, purely pushing SQL quires, using frameworks, using platforms, etc.
My platform is written in PHP codeignitor and DB is MySQL.
The activity stream will have lots of activities. There are 42 components on the social networking I am developing, each component has approx 30ish unique activities that can be streamed.
Check out http://www.stream-hub.com/
I have been using superfeedr.com with Rails and I can tell you it works really well. Here are a few facts about it:
Pros
Julien, the lead developer is very helpful when you encounter a problem.
Immediate push of new feed entries which support PubSubHubHub.
JSon response which is perfect for parsing whoever you'd like.
Retrieve API in case the update callback fails and you need to retrieve the latest entries for a given feed.
Cons
Documentation is not up to the standards I would like, so you'll likely end up searching the web to find obscure implementation details.
You can't control how often superfeedr fetches each feed, they user a secret algorithm to determine that.
The web interface allows you to manage your feeds but becomes difficult to use when you subscribe to a loot of them
Subscription verification mechanism works synchronous so you need to make sure the object URL is ready for the superfeedr callback to hit it (they do provide an async option which does not seem to work well).
Overall I would recommend superfeedr as a good solution for what you need.
So, it's been about 3 years since I wrote and went live with my company's main internet facing website. Originally written in php, I've since just been making minor changes here and there to progress the site as we've needed to.
I've wanted to rewrite it from the ground up in the last year or so and now, we want to add some major features so this is a perfect time.
The website in question is as close to a banking website as you'd get (without being a bank; sorry for the obscurity, but the less info I can give out, the better).
For the rewrite, I want to separate the presentation layer from the processing layer as much as I can. I want the end user to be stuck in a box and not be able to get out so to speak
(this is all because of PCI complacency, being PEN tested every 3 months, etc...)
So, being probed every 3 months has increasingly made me nervous. We haven't failed yet and there hasen't been a breach yet, but I want to make sure I continue to pass (as much as I can anyways)
So, I'm considering rewriting the presentation layer in Adobe Flex and do all the processing in PHP (effectively IMO, separating presentation from processing) - I would do all my normal form validation in flex (as opposed to javascript or php) and do my reads and writes to the db via php.
My questions are:
I know Flash has something like 99% market penetration - do people find this to be true? Has anyone seen on their own sites being in flash that someone couldn't access it?
Flash in general has come under alot of attacks about security and the like - i know this. I would use a swf encryptor - disable debugging (which i got snagged on once on a different application), continue to use https and any other means i can think of.
At the end of the day, everyone knows if someone wants in to the data bad enough, their going to find a ways in; i just wanna make it as difficult for them as i can.
Any thoughts are appreciated.
-Mario
There are always people who, for one reason or another, don't install the Flash plugin. Bear in mind that these are distinctly in the minority. Realize also that some people still refuse to enable Javascript. The question you have to ask yourself is whether this small group is enough to get you to move off of some newer technologies.
If the answer to that is yes, you will have to resort to vanilla HTML form processing, sending everything to the server for validation, etc.
If the answer is no, don't be afraid to use Flex. It works fine with https protocol, and is as secure as you want. That said, I wouldn't use it for username/password validation on the client; that information should always be encrypted and sent to a secure server. But validation of other types of field (phone number, etc.) shouldn't be a problem.
There are definitely people who don't have Flash installed and yes, there are people who have JavaScript disabled. But no matter whether you develop for the common denominator which is plain HTML forms or if you go high end, e.g. Flex or AJAX, never ever rely on the client to validate the inputs. It's a good first step, but everything that comes from the client, be it Flash or Ajax or Silverlight or whatever, could be forged.