Pass data from a browser to android - php

I've been trying for days to figure out how can I pass a unique ID from a browser to the android. This is scenario that I'm try to create:
User scans QR code.
QR code directs user an url (php file on server).
The php files does an insert with some info.
User is directed to android marktet
User downloads app and installs it.
Once installed the user is supposed to be matched with the inserted information (at point 3).
My problem is that I can't seem to get anything unique from the user without prompting them to insert something (e.g an email address) first in the URL and later once the app is installed to insert the same thing again (e.g same email address) so that the data can be matched.
I've read something about creating a custom cookie that are stored on the android with a certain unique ID that refers to the inserted information in the database. I've looked into that but couldn't find anything that could get me on my way.
Next to that I thought of letting the php file save an xml or any kind of file where I can store the ID that refers to the inserted data..This too seems to be impossible.
Does any know a way how I can get around this without prompting the user to insert something unique?
Additional information: I'm using a jquery mobile website
Thanks

I can give you a suggestion
If you are trying to send user information without user intraction and which can be unique I suggest you you can use IMEI number of device. Which is unique for each device.

Related

Control (signature) number for data

I have a question, some might have encountered while working with data. Trying to figure out how to implement "signature" for data passed back and forth to SQL Server via PHP.
For example, I have a sales order that contains dates, numbers, other variables (string), etc.
The idea is that when that data is inserted into SQL, a "signature" is created based on all the variables (around 30-40) and stored in that table. That signature will be sent to the user when user pulls the data. Then, when a user updates that data and sends back to SQL along with the current signature, PHP would compare that current data signature with the one stored in the database and update the data if it matches. if not - the user will get a notification saying something like "the state of the order has been changed, new data available".
This will prevent one user from overwriting the data if that data has been changed by another user while the first user worked on it.
I thought to add "user signature" which is comparatively easy. However it does not resolve the situation when the same user has opened multiple windows with that data and then accidentally tries to submit updates from one window after he already submitted some data from another window. (Some users are old folks and not tech savvy and may have open multiple windows in the browser, you know).
Locking records won't work here as the data has to be accessible by multiple users at any time.
Thank you for your help!
NOTE: If someone is using SQL Server Management Studio, seems like you can add this column only via query. At least I coud not find this option in "design" view.
ALTER TABLE table_name ADD Version rowversion;

How to restrict direct file/url download and access?

I have a website eg. subdomain.example.com
The website works as follows
Scenario 1
When visitor logs into website the get a signup form
if they fill the form then a php scripts run
a. http://subdomain.example.com/subscribe.php
if they completed signup successfully then site returns
b. http://subdomain.example.com/success.html
if failed then site returns
c. http://subdomain.example.com/error.html
Scenario 2
There is another form to download a pdf after successful form fillup it executes a email to that user and send download link.
Solution needed :
I want no one can type link a,b,c in the browser and can be able to visit the site , site links can be visible if it is referred by the steps (If any one completes the procedure )
How to stop passing data by writiing values with a link in url. eg.
http://subdomain.example.com/subscribe.php?post[parameters]
How to set the accesskey system to make the download valid for single time and file cannot be accessible for direct link visit without api key.
They are a lot of ways to do this.... One way I do this is by generating an MD5 key and getting Radom strings from the generated key, then I use the super GET global variable to search for it ... Then use password_verify() function to verify the hash is correct ... Next I would do is that when uploading the file I create a column for date and insert the current date using the now() function, so when I verify the md5() code i also immediately verify how long it has taken since link generated.
I am sorry I am on a mobile phone... Would have loved to help you on this one, had done I for a client before..

Qualtrics 3rd Party Add-On Best Practices

I am working with Qualtrics, which is just a web-based survey engine. The request is that, once users finish the survey, they will receive a small prize in the form of a gift code. Since I can't host the prize code data on the Qualtrics platform, my idea was to store the prize codes on a remote server. When the user finishes the survey they will be directed to my server (https), to a PHP script that will give out the prizes. On the surface this is possible, because as one piece of customization they allow to re-direct to a URL upon completion of the survey.
The problems that I am faced with, regarding my PHP script that gives out the prizes are as follows:
1) Make sure visitors have COME FROM the survey and have actually
finished the survey.
2) Only give out 1 prize per participant per survey.
It is difficult to address #1 because it seems like after the survey is complete, you just get a basic re-direct to my site. It would be possible to add GET data to the URL, its very easily readable and doesn't offer security. Even encrypting the GET data doesn't seem feasible because a hacker could just copy the data string once they see it.
The idea I had to address #2 was to check the user's IP address using PHP, and store the address in my DB after a 1-way encryption. This way the IP would be unknown, but I could check for duplicates, only allowing 1 prize per IP.
So the question is, is it even possible to do what I am trying to do with just a simple URL re-direct? Is my idea for addressing #2 acceptable?
Thanks.
There are probably many ways this could be handled. Two that come to mind:
1) At the end of survey, Qualtrics creates an embedded data field called ResponseID which is in the Qualtrics data. You can include the ResponseID in the redirect then have your php script call the Qualtrics REST API, and try to retrieve the response with that ResponseID to make sure it exists.
2) Just before the end of survey, you could do a web service call to a script that creates a unique id, store the id on the server side, and return it to the survey as an embedded data field. Then pass the unique id in your redirect and make sure it matches a unique id you stored.
EDIT based on comment below:
You can add custom parameters to your redirect by piping in parameter values like this:
http://mywebsite.com/myscript.php?rid=${e://Field/ResponseID}
If you are able generate special request parameter for redirect url and make it for every user unique, then you could invent some algorithm, and encrypt user ID with it and pass this ID as parameter in redirect url.

How to detect uninstallation of an Android app and remove related user's data from the server?

Basically, I want to remove all the web postings that a user has made via my Android application in the event the user uninstalls my app. Is that even possible?
No you cannot do that, as the app cannot understand when the application is being uninstalled.
If the data to be deleted from the server is such that the user will want it removed, you could make a button in the code, for the user to press, which will invoke process of deleted data on the server. Else just in un-installation, you will not be able to do it
I suggest since your talking about server side code write in some logic that checks the last update date/time on the records and then email the user.
Something to the effect that if they do not click on a link within X days their account will be deleted/purged. If they click the link then just update a single records last update date/time.
See http://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_REMOVED
The package does NOT receive the intent that it is being removed.

Standard procedure for confirming email for a web app

I have created a web app that is almost finished. I need it to confirm new emails. I just want to know if the these are the right procedures for that, because I'm not familiar with this.
I create a new table called "confirmEmails" with only one column with uniqueId. A unique Id is created with PHP: uniqueid() which is created directly after a user hit the submit button. And the php script stores it on the table. An email is sent together with a link www.domain.com/confirmEmail.php?uniqueId=kushfpuhrufhufhfhuhfheriufhehu. I have an another php script called confirmEmail.php that gets the value if uniqueId through the link with $_GET['uniqueId'];(maybe I shall use post instead her). And now it stores the new email in table called user
Is it right procedures? Pls give me some feedback!
Your description says that you have only one column in your unique table. You need to associate the unique Id (token) with the specific user you validate. Otherwise a user could confirm a fake address using another user's unique id.
You could put the unique id in a column of the user table to make sure the right unique id used for activating an account.
Note: Another way would be to create a activation token from the user id and some secret in your configuration, such as sha1($userid . 'yourSecret'). With that you would not need to store additional data, but it is not possible to guess this token without knowing your secret.
That sounds like it would work fine. Seems like the standard now a days.

Categories